I want to use flow rules to control the zerotier network, but i dont understand them. I have following script
# Accept SYN from any port to this destination port
#drop not ipdest $addr;
chr tcp_syn not chr tcp_ack dport $port # ports are ranges, in this case it's a range of size 1
; # Accept SYN+ACK from this destination port back to any source port accept ipprotocol 6
and chr tcp_syn and chr tcp_ack and sport $port
not chr tcp_syn
accept ethertype arp;
now i have access to all my remote desktop on my home network. But i want to allow the client to access only one. So if you commant out the ipdest line in the macro, i should controll it. But then i don’t have any remote desktops.
Also the capabilities matrix don’t work. I can check or uncheck the device. It does not made a difference.
Can someone help me how it works?