i’ve been using zerotier with the default flow rules for some time. now i’ve been looking at the tips section and a bunch of posts to try to achieve a configuration on my own but with no luck.
i’m trying to configure the flow rules in a way such that any peer can only communicate to and from a single designated peer. this way peers cannot reach or see each other, only the designated peer.
thanks in advance for any help.
# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames.
drop
not ethertype ipv4
and not ethertype arp
#and not ethertype ipv6
;
# This prevents IP spoofing but also
# blocks manual IP management at the OS level and
# bridging unless special rules to exempt
# certain hosts or traffic are added before
# this rule.
drop
not chr ipauth
;
accept
ztdest abcdef123 # designated peer
;
accept
ztsrc abcdef123 # designated peer
;