I am using ZeroTier to create a VPN. Remote mobile clients connect back out of a single node’s internet connection. This is achieved in the network config with a managed route 0.0.0.0/0 via 10.x.x.x (my gateway node IP), and also some Bridging on the gateway node. Currently ZT clients can all ping each other. I have the following tag rule that I had hoped would put an end to that.
###### MY Rules
# Define a tag to identify client nodes
tag client
id 1
default 1; # Assign the client tag to nodes by default
# Drop packets between clients with client ID = 1
drop
tseq client 1
and treq client 1;
###### /MY Rules
These are before the default rules. Here are my tag matrices…
This kills pinging between clients, but also the internet.