Hi
I’m trying to set flow rules, but the moment I de-comment the block chr ip auth, I can’t access anything. Why is that ? according to docuemtnation and recommendation, this line prohibit access from non-authorized IPs.
Also, If I don’t have it, it means that someone can just put my network ID and even without me authorizing him, he can access the resources ?
# Whitelist only IPv4 (/ARP) and IPv6 traffic and allow only ZeroTier-assigned IP addresses
drop # drop cannot be overridden by capabilities
not ethertype ipv4 # frame is not ipv4
and not ethertype arp # AND is not ARP
and not ethertype ipv6 # AND is not ipv6
or not chr ipauth # OR IP addresses are not authenticated (1.2.0+ only!)
;
accept
dport 1880 or dport 8443 or dport 8123-8124
and ipdest x.x.x.x/32
and ipprotocol tcp
;
# Drop TCP SYN,!ACK packets (new connections) not explicitly whitelisted above
break # break can be overridden by a capability
chr tcp_syn # TCP SYN (TCP flags will never match non-TCP packets)
and not chr tcp_ack # AND not TCP ACK
;
# Accept other packets
accept;