Hi!
I want to use flow rules to control the zerotier network, but i dont understand them. I have following script
macro tcp_whitelist_dest_port($addr,$port)
# Accept SYN from any port to this destination port
#drop not ipdest $addr;
accept
ipprotocol 6
ipdest 192.168.128.33/32
chr tcp_syn
not chr tcp_ack
dport $port # ports are ranges, in this case it's a range of size 1
ipdest $addr
;
# Accept SYN+ACK from this destination port back to any source port
accept
ipprotocol 6
ipdest 192.168.128.33/32
and chr tcp_syn
and chr tcp_ack
and sport $port
ipdest $addr
;
;
macro tcp_whitelist_end
accept
ipprotocol 6
not chr tcp_syn
;
;
Allow only IPv4 (and ARP) and IPv6. Drop other traffic.
accept ethertype arp;
cap rdp_33_client_1
id 1000;
include tcp_whitelist_dest_port(192.168.128.33/32,3389)
;
now i have access to all my remote desktop on my home network. But i want to allow the client to access only one. So if you commant out the ipdest line in the macro, i should controll it. But then i don’t have any remote desktops.
Also the capabilities matrix don’t work. I can check or uncheck the device. It does not made a difference.
Can someone help me how it works?
Peter