-
Notifications
You must be signed in to change notification settings - Fork 0
/
.sample.yaml
72 lines (69 loc) · 1.99 KB
/
.sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
port: 9994
secondary_port: 29995
identity_path: /tmp/rztc/identity.secret
networks:
# Network with all fields
- name: test-network1
# Network IDs are generated by sha-256 hashing the name and only taking the
# first 3 bytes of the hash to form the ID.
# The full network ID is the combination of the node's (this controller) address
# and the 3 byte ID.
#
# Example:
# Node address: ba7a59abb0
# Network ID: 6f066b
# Full network ID: ba7a59abb06f066b <- Used by nodes joining the network.
#
# For that reason I think the risk of collision by only taking 3 bytes of
# the hash are very low as a network ID only needs to be unique per controller,
# not globally.
#
# More info:
# https://docs.zerotier.com/zerotier/manual/#221networkidentifiersandcontrollersaname2_2_1a
#
# If you must, you can also set the id manually like so.
id: 6f066b
revision: 0 # default: 0
public: false # default: false
cidr: 100.100.0.0/24 # required
routes:
- destination: 10.10.10.0/24
via: 100.100.0.50
broadcast: true # default: true
multicast_recipient_limit: 32 # default: 32
mtu: 2800 # default: 2800
dns:
search_domain: home.arpa
server_address: 100.100.0.50
# Everyone else will be unauthorized
members:
- address: 99e5a948c2
ip: 100.100.0.50
- address: 8ebd81345e
ip: 100.100.0.100
# drop
# not ethertype ipv4
# and not ethertype arp
# and not ethertype ipv6
# ;
# accept;
rules:
- type: MATCH_ETHERTYPE
not: true
ether_type: IPV4
- type: MATCH_ETHERTYPE
not: true
ether_type: ARP
- type: MATCH_ETHERTYPE
not: true
ether_type: IPV6
- type: ACTION_DROP
- type: ACTION_ACCEPT
# Minimal config
- name: test-network2
cidr: 100.100.1.0/24
members:
- address: 99e5a948c2
- address: 8ebd81345e
rules:
- type: ACTION_ACCEPT