What will the following code do in flow rules?
drop
ztsrc 3c9f595cdf and ztdest d43ccb2613
ztsrc d43ccb2613 and ztdest 3c9f595cdf
;
That will do nothing because it’s not possible for a single packet to be sent from 4 instances of ZeroTier.
ok… but you can tell what I’m trying to do, right? this is just an issue of syntax.
I want to drop traffic between two devices. How would that look?
You’d have to split it into 2 rules. and is implicit between match conditions and there’s no precedence operators in the rule definition language.
drop
ztsrc 3c9f595cdf
ztdest d43ccb2613
;
drop
ztsrc d43ccb2613
ztdest 3c9f595cdf
;
1 Like
What if I want to use an or rule? Like this:
drop
ztsrc 03c084de28
and not ztdest 5da036ac11 or not ztdest 1c357e83ab
You’ll probably still need to split it into two rules. As I said previously, there are no precedence operators in the rules language.
…but wouldn’t the first rule
drop
ztsrc 03c084de28
and not ztdest 5da036ac11
drop
ztsrc 03c084de28
and not ztdest 1c357e83ab
drop all ztsrc 03c084de28 to ztdest 1c357e83ab traffic?
well drop is the default mode of operation. Perhaps think of it in terms of that. Specify what you want to accept instead of drop
ok so…
accept
ztsrc 03c084de28
and ztdest 5da036ac11
accept
ztsrc 03c084de28
and ztdest 1c357e83ab
… and traffic from ztsrc 03c084de28 won’t be able to reach any other ztdest except 5da036ac11 and 1c357e83ab?
That should work if these are your only rules. Just don’t forget the ; after each accept clause.
accept
ztsrc 03c084de28
and ztdest 5da036ac11
;
I can’t say it will work in conjunction with every other rule in your ruleset though.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.