I have configured ZT according to this: https://wcollins.io/post/2022/exploring-zerotier-for-remote-access/
All is working just fine. But the wide open fw rule is of course an issue.
Any ideas on how I should close down this rule a bit? I have tried to make an alias and put the ZT client IP's in there and then use this as the source in the fw rule to only allow the defined clients access but this does not work as clients which are not mentioned in the alias can connect.
What I want to do is only allow specific nodes to connect to OPNsense (i.e. my internal network), even if they are connected to the ZT network...
As the fw rule I created as specified above doesn't work I don't have a clue and really appreciate help.
I had lots of traffic being blocked on the FW level regarding ZT.
One has to add a few FW rules in addition to the description in the blog above. Didn't know which ones...
Also the speed was 25-30% of what I get with working Wireguard.
So in the end no advantage and I uninstalled it.