Route between ZeroTier and Physical Networks but Restrict Access

Is there any way to set up routing like in the linked tutorial, but restrict access to a select number of devices? I imagine you could do something in the flow rules but I’m no expert.

Hi thanks for writing.

This should work

You’d mark the router device as “classified”
You could rename “staging, production, etc” to whatever fits your use.

accept ethertype arp;

# Is this member classified?
tag classified
  id 2
  enum 0 no
  enum 1 secret
  default no

# Clearance flags (a bit like groups)
tag clearance
  id 1
  default 0
  flag 0 staging
  flag 1 production
  flag 2 financial
  flag 3 security
  flag 4 executive

# If one party is classified, require at least one overlapping clearance bit
  not tor classified 0
  and tand clearance 0


I’m testing this out, and sometimes it takes many minutes for tag changes on a member to take effect, so be aware of that. Try leaving and rejoining the network.
Trying to figure out why.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.