I set a route subnet, so it happens that I can get access to a few device either via their Tailscale network IPs or their real LAN IPs,
So, I was wondering if I can set two IPS for the same host in my ACL file. Something like this:
"pc" : "192.168.20.100, 18.104.22.168",
My purpose would be that of denying access to “pc” from a few devices via the two IPs
I don’t know if just by setting only its Tailscale IP is going to work with its LAN IP as well. I hope I was clear. Thanks
Any chance to get an answer here sooner or later?
According to the docs, each host entry can only map to an IP or an IP range:
Since your two IPs are in completely different ranges, your only resort is to give each IP its own name:
Alternatively you could assign a tag to that PC and then refer to that instead.
From the docs:
Once a device has been tagged, it loses the access permissions of the human user who tagged it, and acquires any access permissions granted to its tags. In other words, if you log into a device as
firstname.lastname@example.org and then tag it with
tag:server , the device no longer has any of the network permissions granted to
email@example.com , and instead is subject to the access rules for
And here it’s described how to set access controls for tagged devices: