Hello,
In a network I allow certain protocols :
accept
ipprotocol tcp
and dport 139 or dport 445 or dport 80 or dport 22 or dport 3306 or dport 3389
but I would like to go further and only allow port 3389:
10.147.1.1 RDP (3389) to 10.147.1.11 and 10.147.1.2 RDP (3389) to 10.147.1.12
Thank you for your help
here was the minimum RDP setup we could find
https://zerotier.atlassian.net/wiki/spaces/SD/pages/222035983/Remote+Desktop+Only
accept ethertype arp; # so nodes can find each other
drop not ipprotocol tcp;
accept dport 3389; # Destination is RDP
drop chr tcp_syn and not chr tcp_ack; # No new TCP connections (except RDP)
accept; # Accept what's left, returning RDP traffic
Yes, that I know how to do, thank you!
But that’s not what I want.
I want only IP1 to have access to IP2 in RDP.
Merci 
Make another network for just those two nodes
I’d maybe use tags instead of IP addresses?
https://www.zerotier.com/manual/#3_4_1
But I guess you could add lines like:
accept ethertype arp; # so nodes can find each other
drop not ipprotocol tcp;
accept dport 3389 and ipsrc 10.147.1.1 and ipdest 10.147.1.11
accept dport 3389 and ipsrc 10.147.1.2 and ipdest 10.147.1.12
drop chr tcp_syn and not chr tcp_ack; # No new TCP connections (except RDP)
accept; # Accept what's left, returning RDP traffic
(not tested)
Thanks @zt-travis, it’s work fine adding netmask and ‘;’
accept ethertype arp; # so nodes can find each other
drop not ipprotocol tcp;
accept dport 3389 and ipsrc 10.147.1.1/32 and ipdest 10.147.1.11/32;
accept dport 3389 and ipsrc 10.147.1.2/32 and ipdest 10.147.1.12/32;
drop chr tcp_syn and not chr tcp_ack; # No new TCP connections (except RDP)
accept; # Accept what's left, returning RDP trafficThis topic was automatically closed 7 days after the last reply. New replies are no longer allowed.