Sorry about dragging this old topic back but, it is probably the most relevant to what I'm looking for.

I have been trying to get the ZeroTier FlowRules to work but must be doing something wrong. My ruleset is very close to what @JaredBusch has but, the ZeroTier nodes don't work as expected.

When I leave the final accept statement, ZeroTier passes all traffic. When I comment out that last accept all traffic stops.

# Allow only IPv4, IPv4 ARP # drop not ethertype ipv4 and not ethertype arp # Drop IPv6 Ethernet frames. # and not ethertype ipv6 ; # # # Uncomment to drop non-ZeroTier issued and managed IP addresses. # # This prevents IP spoofing but also blocks manual IP management at the OS level and # bridging unless special rules to exempt certain hosts or traffic are added before # this rule. # #drop # not chr ipauth #; accept ipprotocol tcp and dport 80 ; # Accept anything else. This is required since default is 'drop'. accept;

Any help on what I'm doing wrong will be greatly appreciated.