Today I had the problem to restrict my ZeroTier network down to the device administering and the device providing.
What does that mean ?
I wanted to restrict my ZeroTier networks so potentially compromised devices do not get to connect to other devices, like network isolation rules. For instance I have a ZeroTier Network to connect to SMB Shares on my NAS, previously everyone connected could connect to all devices, this isn't helpful if grandmas notebook with potentially acting ransomware can connect to all other devices. (We ignore the fact of encrypting the NAS itself atm.)
To now lock down the zerotier connection to only allow connecting to the "device providing" and allow the "device administering" (me) connect to all systems regardless of the other rule.
You have to place the following rules above the default accept line.