Locking Down the Network with Flow Rules

Metador · June 12, 2023, 4:07pm

Hi there, I hope you guys are well. I have been reading through the rules documentation. It’s quite detailed mostly. However my background is not exactly in networking hence I can’t make much sense of it.

What I am hopping to achieve is CLIENT isolation:

Create two Tags; One named(?) “Master” and the other “Slave”.
Nodes in SLAVE cannot access or even PING each other or the master(s).
Master(s) on the other hand can ping/access other MASTER(s), and SLAVE(s).
And by default, newely authenticated nodes should be assigned to SLAVE category or if not possible, put in a completely locked in condition.

AndrewZ · June 12, 2023, 10:08pm

take a look: https://www.zerotier.com/blog/using-flow-rules-to-direct-users-to-services/

Metador · June 19, 2023, 4:28pm

Thanks for the response. The write-up you menitoned just limits the access to “servers”. I am looking for complete isolation, i.e. nodes should not be able to connect to or even ping specefic node. So far I have tried client-isolation technique with tags. it limits the communication between clients and also the server. However the server is still pingable.