Tag Flow ACL help - how to secure remote devices

kmc · January 19, 2024, 4:37pm

I am having great difficulty getting flow to work the way I wish.

I have several devices place remotely. They should NOT have access to the zerotier network at all, until a master device needs to reach those remote devices, at which point, both send and receive to the master device is allowed to occur. I can do this in tailscale using tags and ACLs, but I cannot figure out how to do it in Zerotier. All the rules I have tried block both the master node and the remote units.

I am trying to secure the remote units so that if the remote devices become compromised, the whole network is not at risk. But I do want the “master” device to be able to communicate without restrictions with those remote units.

Thanks.

l0crian · January 19, 2024, 11:12pm

What is the process you’re looking for to enable the remote devices to be able to communicate with the Master? Do you just intend to manually allow that traffic when it’s needed by disabling a rule?

AndrewZ · January 20, 2024, 10:44am

See https://zerotier.atlassian.net/wiki/spaces/SD/pages/222330881/Client+Isolation
and https://www.zerotier.com/blog/using-flow-rules-to-direct-users-to-services/
Search for admin there.

system · February 19, 2024, 10:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.