Locking Down the Network with Flow Rules

Hi there, I hope you guys are well. I have been reading through the rules documentation. It’s quite detailed mostly. However my background is not exactly in networking hence I can’t make much sense of it.

What I am hopping to achieve is CLIENT isolation:

  • Create two Tags; One named(?) “Master” and the other “Slave”.
  • Nodes in SLAVE cannot access or even PING each other or the master(s).
  • Master(s) on the other hand can ping/access other MASTER(s), and SLAVE(s).
  • And by default, newely authenticated nodes should be assigned to SLAVE category or if not possible, put in a completely locked in condition.

take a look: https://www.zerotier.com/blog/using-flow-rules-to-direct-users-to-services/

1 Like

Thanks for the response. The write-up you menitoned just limits the access to “servers”. I am looking for complete isolation, i.e. nodes should not be able to connect to or even ping specefic node. So far I have tried client-isolation technique with tags. it limits the communication between clients and also the server. However the server is still pingable.