Prevent all users from seeing a certain device

akash-enervee · September 20, 2022, 4:45pm

Hello,

I have a firewall which I do not want users to be able to or connect.

I’ve done the following:

Added a tag to the device:

"acls": [
	//allow admins to access pfsense
	{
		"action": "accept",
		"src":    ["someuser@org.com"],
		"dst":    ["tag:pfsense:*"],
	},
"hosts": {
	"pfsense": "x.x.x.x",
},

“tagOwners”: {
“tag:pfsense”: [“someuser@org.com”],
},

But all users still see the device in the Network Device section. Is there a way to prevent it from even being listed?

Thanks,
Akash

adrian · September 21, 2022, 3:32pm

Users other than those allowed by the ACL should not be able to see the device. It seems likely that there is another ACL that grants the ability to access the device in some way (e.g. if it is a subnet router or exit node, then users with access to use those portions of the device will still see it).

After taking another look at the ACLs, if you can’t find why the device is being revealed to users, I recommend one of:

Share your complete ACL file
Share your tailnet name
Contact support@tailscale.com and someone can take a look

Topic		Replies	Views
ACL File for hiding devices from eachother on tailnet ACL (Access Control Lists)	5	1176	June 6, 2023
How do I hide devices on my tailnet? Tailscale About articles (troubleshooting, info)	4	2328	May 20, 2023
Access Control Help ACL (Access Control Lists)	1	558	September 13, 2022
ACLs recommendations exit nodes? ACL (Access Control Lists)	5	1547	March 17, 2022
ACL - allow everything except for "untrusted" tags ACL (Access Control Lists)	4	2175	January 4, 2023

Prevent all users from seeing a certain device

Related topics