Only allow access to a specific port and only see access one device?


I’m very new to Zerotier and I’m hoping the following is possible.
I have tried to read through their guide for rules, but I’m still pretty lost.

To the point, I have a server which are running multiple dockers. The server is a Asustor, running Zerotier 1.10.2.
From the server I only want one docker to be accessible. Meaning, if you connect to the server it should always forward you to the port of that docker or as a minimum only allow access to that port.

And all devices should only be able to see and access this docker. They shouldn’t be able to see other devices on the Zerotier network or communicate with them.

Is that possible?

Instead of using ZeroTier rules, try setting these three firewall rules on the docker host (approximately):

  • deny from all
  • allow from all LAN address
  • allow from all to just-that-one-port on just-that-one-docker instance

Whether you are using docker host networking will affect the kind of rules you need.