Hi all
I am using the generic recommendation in the wiki to allow rdp only.
Trying to add icmp ping as well for troubleshooting.
How do I allow pings as well please?
I’ve had a good hard look and can’t work it out.
++++++++++
accept ethertype arp; # so nodes can find each other
drop not ipprotocol tcp;
accept dport 3389; # Destination is RDP
drop chr tcp_syn and not chr tcp_ack; # No new TCP connections (except RDP)
accept; # Accept what’s left, returning RDP traffic
++++++++++
You need to enable icmp and not limit yourself with ipprotocol tcp.
See this example for ideas: An example of what an advanced ZeroTier network rule set might look like · GitHub
Thanks for the reply.
I have added icmp protocol and it is now working.
Is this example still recommended as the example you pointed me to doesn’t use drop not ipprotocol.
++++++++++
accept ethertype arp; # so nodes can find each other
drop
not ipprotocol tcp
not ipprotocol 1
;
accept dport 3389; # Destination is RDP
drop chr tcp_syn and not chr tcp_ack; # No new TCP connections (except RDP)
accept; # Accept what’s left, returning RDP traffic
++++++++++
From ZeroTier Central Flow Rules Help:
If nothing matches, the default action is drop. A network with no rules allows nothing.
This topic was automatically closed after 30 days. New replies are no longer allowed.