You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Non-servers can talk to servers, but not each other
Kind of like Client Isolation on some WiFi controllers
Rules
# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames. Typical default
drop
not ethertype ipv4
and not ethertype arp
and not ethertype ipv6
;
# Is this member a server?
tag server
id 2
enum 0 No
enum 1 Yes
default Yes
;
# if both members are not servers
break
not tor server 1
;
# Accept anything else. This is required since default is 'drop'.
accept;
After saving the rules, you'll see a Tags Matrix at the bottom of the Flow Rules section
How about making one directional traffic from server to non server - so that only server can open connection to non-server?
Can tdiff be used for detecting direction together with chr tcp_syn?
As far as I know, gists don't send notifications to anyone unfortunately. Maybe someone should make a question on superuser.com or something like that. There's an example of blocking syn in the manual, if anyone wants to try to make it with with tags/caps.
How about making one directional traffic from server to non server - so that only server can open connection to non-server?
Can
tdiffbe used for detecting direction together withchr tcp_syn?