Tailscale user: Is it possible to limit the network interfaces that are sent as endpoints for a device? I happened on this by a bit of an accident, but noticed that my Windows devices have their internal Docker IPs published as endpoints.
Longer story is that I’m working on a new network setup with segregated VLANs. My plan is to have a Linux VM with multiple interfaces running tailscale and exposing the subnets I’d like to access externally. I need to dig a bit more, but I noticed 172.16.0.0/16 IPs getting blocked in the firewall logs once my Windows machine running Docker was connected to the same tailscale network. It looks like tailscaled started pinging these addresses and since I’m blocking RFC1918 address outside the VLAN they are getting denied and logged. Eventually tailscaled reports the pong’s timing out. It doesn’t seem to impact functionality, but my initial ideal approach would be keeping my Windows machine from announcing the internal Docker interface addresses to the tailscale network as I don’t see it being necessary… but I might be missing something.
-C