# nodeadmin - xxxyyyzzz
# noderaspberry - aaabbbccc
cap dns
id 10
accept ipprotocol udp and dport 53;
accept ipprotocol tcp and dport 53;
;
cap ssh_raspberry
id 11
accept dport 22 and ipprotocol tcp and ztdest aaabbbccc;
;
cap rdp_raspberry
id 12
accept dport 3389 and ipprotocol tcp and ztdest aaabbbccc;
;
cap admin
id 99
accept;
;
accept ethertype arp or ipprotocol icmp4;
accept dport 53;
The goal here is to allow nodeadmin the capability to ssh and rdp into the noderaspberry but do not want the noderaspberry to be able to ssh or rdp back to nodeadmin.
I’ve selected the following capabilities foreach
noderaspberrry = selected 1) ssh_raspberry and 2) rdp_raspberry
nodeadmin = selected 1) admin
But nodeadmin is not able to do either unless i select the admin capability for noderaspberry which is not what I want.
Any help would be much appreciated.
Hosted on paid ZeroTier Central with version running on both devices
ZeroTier One version 1.12.2 build 0