Hey, guys, I’m hoping I’m just being a total newbie and missing something here but whenever I try and add the ‘drop not chr ipauth’ rule to my flow rules, it starts dropping everything. I have 2 members on the network - both Ubuntu 20.04 machines - with 1 having a fixed managed IP and the other getting a managed IP from the pool. I’m not manipulating any IPs on either host. My understanding was that I don’t need to do anything special here. Any help would be appreciated!
Here are my flow rules:
# Member tags tag vpc_gateway id 100 enum 0 No enum 1 Yes default No ; # Copy all traffic to another member # tee -1 some_member_id # ; # Whitelist only ARP and IPv4 traffic (since we don't use IPv6) drop # drop cannot be overridden by capabilities not ethertype ipv4 # frame is not ipv4 and not ethertype arp # AND is not ARP #and not ethertype ipv6 # AND is not ipv6 ; # Allow only ZeroTier-assigned IP addresses #drop # not chr ipauth #; # Drop any traffic that's not between a member and a VPC gateway or between VPC gateways break not txor vpc_gateway 1 and not teq vpc_gateway 1 ; # Allow all ICMPv4 traffic accept ipprotocol icmpv4 ; # Allow UDP traffic accept ipprotocol udp #and dport 53 ; # Allow TCP traffic accept ipprotocol tcp #and dport 22 or dport 3389 or dport 2049 ; # Drop TCP SYN,!ACK packets (new connections) not explicitly whitelisted above break # break can be overridden by a capability chr tcp_syn # TCP SYN (TCP flags will never match non-TCP packets) and not chr tcp_ack # AND not TCP ACK ; # Accept anything else. This is required since default is 'drop'. accept;