Skip to content

Instantly share code, notes, and snippets.

@sbilly

sbilly/zerotier - client isolation.md

Forked from laduke/zerotier - client isolation.md
Created December 22, 2018 09:56
Show Gist options
  • Save sbilly/c8ff9d6a0126fad362872980861fb59e to your computer and use it in GitHub Desktop.
Save sbilly/c8ff9d6a0126fad362872980861fb59e to your computer and use it in GitHub Desktop.
Download ZIP
ZeroTier Rules Engine - Hub and Spoke - Client Isolation
Raw
zerotier - client isolation.md

Common ZeroTier Rules Engine question

  • Non-servers can talk to servers, but not each other
  • Kind of like Client Isolation on some WiFi controllers

Rules

# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames. Typical default
drop
not ethertype ipv4
and not ethertype arp
and not ethertype ipv6
;

# Is this member a server?
tag server
id 2
enum 0 No
enum 1 Yes
default Yes
;

# if both members are not servers
break
not tor server 1
;

# Accept anything else. This is required since default is 'drop'.
accept;
  • After saving the rules, you'll see a Tags Matrix at the bottom of the Flow Rules section
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment