i just want a simple GUI to create rules as any cheap router can do.
i am finding that the creation of rules is very complicated for a few reasons.
no GUI, forced to edit a json file on a webpage. that webpage is so primitive and complex. feels like i am being punished every time i fight with it, a battle i seem to be losing.
the concept of the rules are very different from a typical firewall on a router.
to create a high level overlay to the low level rules… i am a python programmer but zerotier rules are like programming in the C language, almost assembly language. really, what the heck is chr and why must i deal with it? just hide it in some kind of abstraction layer.
to have the client app to be able to create rules, so no need to login to the zerotier website.
the manual page is way to complicated. so please create an additional manual page for normal users without all the scary parts. also to include many real-world use-cases.
Sorry you’re having issues with the rules language. It is different from other things you may be familiar with, but it’s quite powerful, too. A GUI something we’ve been been mulling about, but it’s a tough nut to crack. As you said yourself
“the concept of the rules are very different from a typical firewall on a router.”
That’s for a good reason. ZeroTier isn’t a firewall or router! There’s no one place on a ZeroTier network for rules to be enforced. Thus, rules must be enforced bidirectionally on each peer of the network. As such we have a stateless packet filtering system in ZeroTier. Not a stateful firewall like you may be used to. This means you have to think about things differently.
So for your typical stateful firewall you can say, “I want to open port X on machine Y”. In a stateless default drop packet filter like ZeroTier’s rules engine, simply allowing traffic to a port isn’t enough as only allowing packets to port X on machine Y don’t take into account the send port of the send machine, nor the return traffic. Yes, you also have to account for the return traffic because it’s a stateless system. It doesn’t know or track anything.
Anyhow, hope this helps you understand the rationale behind the rules language. It’s not likely changing drastically anytime soon, and a GUI for it isn’t on the top of our priority list at this time.
still do not understand why you cannot create a high-level rule system like much like python instead of the equivalent of C and assembly language.
and just handle "account for the return traffic:
Because low level concepts like a packet filter require a low level language to work with. Explicitly defined behavior is required. Implicitly doing things like automatically defining return traffic leads to unexpected and perhaps incorrect results with no explanation as to why.
i guess we are going in circles but still not understanding about not creating a high-level GUI to create rules and some kind of compiler to translate that into your assembly language json.
for me and my company which i was testing for, just not worth $50.00 per month to fight your website and assembly language.
A GUI can take all the flow rules into account and allow the user to make rules based on the nature of the underlying technology by providing a translation layer that does most of the heavy lifting.
If fact this isn’t something that zerotier proper need get involved in.
If a well versed network engineer who understands the the zerotier flow rules has the time and inclination, it could be hosted anywhere for anyone to use.
IMHO, this is the single biggest issue holding back many users from adopting Zerotier is more serious corporate network environments