Can Tailscale ACL also act as my Firewall?

I will be putting Windows/Linux clients on multiple remote LAN networks and are evaluating Tailscale.

However, I don’t want anything else on the remote LANs to be able to communicate with the client where Tailscale is installed, just like acting as a “firewall” and o my Tailscale client.

I’m unsure if the ACL function will allow me to do such a “isolation” of the machine? Otherwise I guess I simply do that with the normal OS Firewall/iptables?

Tailscale mostly doesn’t affect your firewall settings on non-Tailscale interfaces. The best thing to do is to block incoming requests on non-Tailscale ports.

Here’s one example with ufw:

1 Like

Thank tylu for this clarification!