i have a node out on the open internet, have acl rules in place so it’s restricted from contacting other tailscale nodes. if this node gets comprised and the attacker uses “tailscale status” especially “tailscale status --json”, the owner’s full name, email, and ProfilePicURL are accessible. how do we restrict this functionality on nodes that aren’t fully trusted? can it be implemented in the acl’s with tags? thanks
For nodes which are prevented from communicating at all, a feature called netmap trimming will remove the nodes from each other’s view altogether. They won’t be told about each other’s existence.
If communication is allowed at all, then the nodes have to be told about each other (and the User) in order to be able to establish a Wireguard connection).
One could add ACLs to only allow communication from the not-fully-trusted devices with a small subset of nodes on the Tailnet, and either make those nodes be owned by a Tag or make a service account to own them so that information about real people wouldn’t be present.
The rest of the nodes on the tailnet which are owned by real people would not appear in the netmap sent to the not-fully-trusted node.