Hello all, i just had a few questions about Geofiltering on an ASA 5512-X with FirePOWER services managed through ASDM. I believe that I have the  rules setup correctly as everything is functioning as it should. I have the rules setup so that any packet with a source or destination address that is not from the US will be blocked. Obviously there are a few cases where I will need to exempt IPs outside of the US. What is the best way to accomplish this? Currently I have added two rules, one for inbound and one for outbound, that are linked to a network objecting containing the addresses I want to whitelist. The point of this rule is to catch the traffic before it hits the block rule and specifically allow it. I also enabled the IPS filtering and file policy on this rule. If my understanding is correct the traffic I exempt should be matching this rule (which it is) and then be filtered through IPS and file policy and then not be processed by any further rules. I will post a screenshot of my rules below. Everything is functional I just want to make sure that there is not a better perhaps more elegant way to accomplish the same thing. I also don't want to have anything processing multiple times and causing unnecessary hardware utilization. 

Rules 1 and 2 are the geofilter bypass rules (the names are cut off) and also IPS and file policy filtering for matching traffic, 3 and 4 are the inbound or outbound match rules and 5 is the IPS and file policy filtering for any traffic that makes it that far. I matched rule number 5 to the inside and outside zone to avoid filtering on an specific interface that I cannot have filtered. Is it okay that I have the source and destination zones as the same zone for both?

Any feedback would be greatly appreciated! :)