This is just a bit of feedback from an enthusiastic ZT user, me.
A year ago I now see, I made my first attempts with ZT firewall. User Michal was brilliant in trying to help me. Regrettably I gave up as it seems beyond me and yet the general view is all the docs explain everything. Ok they do, but . . .
I read everything with interest and enthusiasm, but failed. Absolutely NOT an experience to which I am accustomed, so a bit embarrassed I gave up.
My i.q, is 130 (so not a genius by any stretch) and I am NOT programmer trained, though I do know a tiny bit. Think spreadsheet macros in the 1980s. NOT VBA. I did once write an app in LOTUS 123 (1989).
All that simply means I am not daft, but deffo just a « user ».
ZT firewall defeated me.I dare to suggest this is why it’s not getting so much love. It’s just opaque to ordinary folk like me.
A stateless firewall is harder to come up with rules for. The docs give examples of how you would accomplish things that might be simple with a stateful firewall, and they are clever solutions, but it’s harder to wrap your head around.
You have to come up with your own way of testing your rules. There is no framework in place to see if the rules behave the way you expect them to. Given that ZeroTier is like a virtual switch coming up with a way to test rules that can do literally anything would be really hard, but it would sure be nice. I posted about this on reddit but no one replied.
The experience of rule drafting is really bad. You edit the rules in a webpage and save, but you don’t know when they get pushed down to the relevant clients. It is not always instant. So you edit the rules, test them, and then if it doesn’t work you hope that it’s because your rules are wrong and not because the update didn’t get pushed out yet. Or you wait 5 minutes to see if it still doesn’t work. I don’t know of a better way.
In short, if there was a way to edit the rules, know that the update propagated, and then test them, the rule language would be WAY more accessible.