I am having great difficulty getting flow to work the way I wish.
I have several devices place remotely. They should NOT have access to the zerotier network at all, until a master device needs to reach those remote devices, at which point, both send and receive to the master device is allowed to occur. I can do this in tailscale using tags and ACLs, but I cannot figure out how to do it in Zerotier. All the rules I have tried block both the master node and the remote units.
I am trying to secure the remote units so that if the remote devices become compromised, the whole network is not at risk. But I do want the “master” device to be able to communicate without restrictions with those remote units.