请教一个 zerotier flow rules 的问题

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

For Existing Member Sign In

This topic created in 935 days ago, the information mentioned may be changed or developed.

我有一台安全性不是很足够但是性能比较强的服务器（多人共享），我想让 zerotier 建立的 VPN 中所有其他 members 可以访问这台 member ，但是这台 member 不能访问其它 members ，应该是一个很简单的问题，但是始终没搞好，麻烦大家帮忙看一下。我的 flow rules 如下：

# Whitelist only IPv4 (/ARP) and IPv6 traffic and allow only ZeroTier-assigned IP addresses
drop                      # drop cannot be overridden by capabilities
  not ethertype ipv4      # frame is not ipv4
  and not ethertype arp   # AND is not ARP
  and not ethertype ipv6  # AND is not ipv6
  or not chr ipauth       # OR IP addresses are not authenticated (1.2.0+ only!)
;

drop
  ztsrc $SERVER
;


# Accept anything else. This is required since default is 'drop'.
accept;

应用规则之后，那台服务器是无法访问其他 members 了，但是其他 members 也无法访问这台服务器，但是我只是当服务器为 src 时才 drop 啊，搞了快一天，麻烦大家指教，谢谢！

No Comments Yet

not members drop arp