ACL that only allow autogroup:shared to use the nodes as exit?

StepBroBD · July 7, 2022, 6:44am

I have tailscale installed on some servers and they are running some services I don’t want to expose to shared node users.

But I do want those shared node users to use those servers as exit node (deny every ports except ports used for exit node connection).

I didn’t find anything relate to ports used for exit node internet access and I tried to use

		{
			"action": "accept",
			"src":    ["autogroup:shared"],
			"dst":    ["server1:*", "server2:*", "server3:*"],
		},

but this is not want I want.

It would be really helpful if anyone with experience of how to configure ACL to only allow connection initiated from “src”: [“autogroup:shared”] to my tailnet to use the node as exit for internet access but not anything else?

Thanks in advance!

StepBroBD · July 11, 2022, 2:42am

actually never mind, please see following documentation and search for autogroup:internet

Topic		Replies	Views
Exit Node help with acls Windows	0	546	July 13, 2022
ACLs recommendations exit nodes? ACL (Access Control Lists)	5	1066	March 17, 2022
User can't use exit node, but it works in admin account ACL (Access Control Lists)	5	2248	August 10, 2021
Allow only certain users to use a certain exit node ACL (Access Control Lists)	2	1269	February 9, 2023
Remote Management Policy	1	325	December 13, 2022

ACL that only allow autogroup:shared to use the nodes as exit?

Related Topics