Seperate user traffic from firezone admin traffic on docker host (docker compose installation)


is it somehow possible to separate the user traffic from the firezone admin traffic?

  • user traffic means the traffic from wireguard (user A B C connect to Server A B C)
  • admin traffic means the traffic from firezone telemetry and OIDC

The reason of the question is, we would filter the user traffic to only allow users reache the allowed IPs. If we don’t block the traffic the user can add routes and reache other hosts over firezone/wireguard. We would use ansible for the deployment and setup iptables on the docker host. To use the REST API of firezone we need a state, to delete rules by using them within the rule ID (ansible is staeless).

We open for other solutions to restrict the traffic we are open :slight_smile: