Can you create rule to limit which servers certain users can access?

I am brand new to ZeroTier, so please be gentle. Right now everything is working great. My question is focused on once we move past testing, and roll it into an active state with users working from home across multiple states. I have a test environment setup with 5 laptops connecting in to 7 servers (server1 thru server7). If management wanted to bring in a temp/freelance employee that only had access server 2 and 3, while everyone else had access to all 7. Is there a rule I could create to do this?

Hello, thanks for asking.
You can do that with the rules. I’ll have to find an example.
You could also just use 2 different zerotier networks.

One of our classic examples:

Maybe a little more complicated than you want.

Try this?

accept ethertype arp;

tag role id 101 
  flag 0 red
  flag 1 yellow

accept not tand role 0; 


On a test network, replace all of default rules with that. After you save the rules, there will be a “tags matrix” section below the rules where you can set tags on members.

tags/flags use bitwise/binary math under the hood. sorry!

we labelled the bit furthest to the right “red” and second from the right “yellow”. Think them them as groups/roles.

Some examples:

0011 employee1
0011 server1
---- and
0011 = not 0 -> accepted

0001 freelance1
0010 server2
---- and
0000 = 0 -> not accepted

0001 freelance1
0011 server1
---- and
0001 = not 0 -> accepted

In this setup, end users with overlapping tags would be able to see each other, not just the servers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.