Loading rules engine compiler

nethopper · December 10, 2021, 3:02pm

I am having trouble loading/running the ZeroTier rules-ending-compiler.js. I’ve downloaded the file from GitHub and attempt to run it using jq but get the following errors:

jq: error: rule/0 is not defined at , line 1: rule-compiler.js jq: error: compiler/0 is not defined at , line 1: rule-compiler.js jq: 2 compile errors

I’ve gone through the manual but can’t find anything specific on loading the rules-engine script. I’m not a java script person, so I’m sure the answer is basic and I’m just missing it. Any help is appreciated. Thanks !

zt-travis · December 10, 2021, 5:09pm

Hello,
thanks for asking. What are you trying to do?

Here’s how to test it

clone zerotierone
cd ZeroTierOne/rule-compiler
echo "accept;" > my-rules
node cli.js my-rules

→

{
 "config": {
  "rules": [
   {
    "type": "ACTION_ACCEPT"
   }
  ],
  "capabilities": [],
  "tags": []
 },
 "capabilitiesByName": {},
 "tagsByName": {}
}

nethopper · December 10, 2021, 6:20pm

Thank you travis, I am trying to create a tee rule. Following your guidance I installed the node command and was able to run the rules-engine. I then created a macro (see below) and added the line just before the very last line of the rules-engine and then used the node command to launch the new rules engine with the include line.

Macro TeeToFirewall
tee -1 10.23.49.16
ipdest 10.23.49.17
dport 502
;
;

The macro is named TeeToFireWall.ztrd
The node command appears to run clean and start the rules engine. However I am not seeing the packets being forwarded to the 10.23.49.16 address (a zt address). Any ideas?

zt-travis · December 10, 2021, 6:24pm

I see. If this is for one of your networks on my.zerotier.com, you should use the UI there. At the bottom of the network below the members list.

The node script only compiles the rules. It doesn’t insert them into your network(s). You’d only need to use it if self-hosting the opensource network controller.

nethopper · December 10, 2021, 6:27pm

Sorry should have specified. This is for a closed network with its own controller. I am running the rule on the target node (10.23.49.17). Do I need to be running it on the controller instead? We are running our own Moons. How do I insert the compiled rule?

zt-travis · December 10, 2021, 6:34pm

Ok cool! Just making sure. You’d include the output from the script in the network config that you post to the controller.

https://docs.zerotier.com/service/v1#operation/setControllerNetwork see the rules, capabilities, and tags keys.

I haven’t done this in a long time. There might be a little re-arranging of the json data needed.

It’s going to be harder to edit rules in plain text like this. You could use my.zerotier.com at first to come up with the ruleset. There’s syntax highlighting and error messages there.

nethopper · December 10, 2021, 7:00pm

I don’t see an output from the compiler in the current folder. Does it place it somewhere else?

zt-travis · December 10, 2021, 7:10pm

It just outputs to stdout. You can save it like this

node cli.js my-rules > my-compiled-rules

nethopper · December 10, 2021, 7:16pm

there’s no output. I’ve entered the node command just as you suggested using the macro file as input and there is no output.

system · January 9, 2022, 7:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.