Using Capability Rule

I’m trying to figure out how to use the capability rules. From read docs and looking at examples I would have expected the following would allow clients with capability intraweb assigned to access server X, where X is the ZT address for a server. Below is the entire set of rules I was using.

not ethertype ipv4
and not ethertype arp
or not chr ipauth

accept ethertype arp;

cap intraweb
id 1000
accept ztdest X and dport 443 and ipprotocol tcp;

accept ztsrc X;



Use break instead of drop
They do the same thing, but break can be overridden by capabilities.

Some similar examples here:

Thanks, that did the trick.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.