I’m trying to set flow rules, but the moment I de-comment the block chr ip auth, I can’t access anything. Why is that ? according to docuemtnation and recommendation, this line prohibit access from non-authorized IPs.
Also, If I don’t have it, it means that someone can just put my network ID and even without me authorizing him, he can access the resources ?
# Whitelist only IPv4 (/ARP) and IPv6 traffic and allow only ZeroTier-assigned IP addresses drop # drop cannot be overridden by capabilities not ethertype ipv4 # frame is not ipv4 and not ethertype arp # AND is not ARP and not ethertype ipv6 # AND is not ipv6 or not chr ipauth # OR IP addresses are not authenticated (1.2.0+ only!) ; accept dport 1880 or dport 8443 or dport 8123-8124 and ipdest x.x.x.x/32 and ipprotocol tcp ; # Drop TCP SYN,!ACK packets (new connections) not explicitly whitelisted above break # break can be overridden by a capability chr tcp_syn # TCP SYN (TCP flags will never match non-TCP packets) and not chr tcp_ack # AND not TCP ACK ; # Accept other packets accept;