Sorry about dragging this old topic back but, it is probably the most relevant to what I'm looking for.
I have been trying to get the ZeroTier FlowRules to work but must be doing something wrong. My ruleset is very close to what @JaredBusch has but, the ZeroTier nodes don't work as expected.
When I leave the final accept statement, ZeroTier passes all traffic. When I comment out that last accept all traffic stops.
# Allow only IPv4, IPv4 ARP
#
drop
not ethertype ipv4
and not ethertype arp
# Drop IPv6 Ethernet frames.
# and not ethertype ipv6
;
#
#
# Uncomment to drop non-ZeroTier issued and managed IP addresses.
#
# This prevents IP spoofing but also blocks manual IP management at the OS level and
# bridging unless special rules to exempt certain hosts or traffic are added before
# this rule.
#
#drop
# not chr ipauth
#;
accept
ipprotocol tcp
and dport 80
;
# Accept anything else. This is required since default is 'drop'.
accept;
Any help on what I'm doing wrong will be greatly appreciated.