ACL that only allow autogroup:shared to use the nodes as exit?

StepBroBD · July 7, 2022, 6:44am

I have tailscale installed on some servers and they are running some services I don’t want to expose to shared node users.

But I do want those shared node users to use those servers as exit node (deny every ports except ports used for exit node connection).

I didn’t find anything relate to ports used for exit node internet access and I tried to use

		{
			"action": "accept",
			"src":    ["autogroup:shared"],
			"dst":    ["server1:*", "server2:*", "server3:*"],
		},

but this is not want I want.

It would be really helpful if anyone with experience of how to configure ACL to only allow connection initiated from “src”: [“autogroup:shared”] to my tailnet to use the node as exit for internet access but not anything else?

Thanks in advance!

StepBroBD · July 11, 2022, 2:42am

actually never mind, please see following documentation and search for autogroup:internet

Topic		Replies	Views
Exit Node help with acls Windows	0	693	July 13, 2022
How can I use an exit node and still connect to other machines? ACL (Access Control Lists)	1	1275	August 18, 2022
ACLs recommendations exit nodes? ACL (Access Control Lists)	5	1571	March 17, 2022
User can't use exit node, but it works in admin account ACL (Access Control Lists)	5	2656	August 10, 2021
Can I restrict device to only use exit node but not have access to other network devices? SUPPORT QUESTIONS	3	553	March 16, 2022

ACL that only allow autogroup:shared to use the nodes as exit?

Related topics