How to prevent zt over other p2p vpn?

I have a Windows machine, has both Zerotier and Tailscale

When I connect to this machine from remote via zerotier, it tends to establish an tunnel over tailscale,
which is zerotier client → tailscale client → tailscale server → zerotier server,

But wireguard’s performance is been downgrade in my networking, So I’d like to prevent zerotier establish tunnel over other vpns.

I try to use rules like
drop ipdest 100.64.0.0/10 or ipsrc 100.64.0.0/10;

But when I use iperf3 to measure the speed, the speed is always 0, and I can see load on tailscale device. It seems that the tunnel is still build on tailscale successfully, but drop all the packets so I got 0 speed.

Is there any way to prevent this tunnel to establish?

Hello.
You can try to blacklist that 10.64.0.0/10 range, or any “utun” interfaces.