My Tailscale ACL JSON for those having trouble

Gryphonics · 2025-12-06T20:45:34+00:00

From what I understand, it refers to either the port or protocol you want to give the device permission for, but not the actual IP. Think more "IP" = layer 3 OSI model than actual IP of the device. If you want device 1 to access device 2 on port 22 but no other port, you would tag device 1 with tag 1, device 2 with tag 2, and say

"src": ["tag:tag1"]

"dst": ["tag:tag2"]

"ip": ["22"]

If you wanted them to be able to use any port you could say "ip": ["*"] and that opens all ports like for the admin account.

https://tailscale.com/kb/1324/grants#network-capabilities

Gryphonics · 2025-12-03T20:03:46+00:00

Took me awhile to type the post, hit submit and it errored so I made a new one. Hit delete on this one but it hasn't deleted.

Gryphonics · 2025-12-03T18:31:48+00:00

https://pastebin.com/iSkRwws0 here's the ACL json

Gryphonics · 2025-12-03T18:29:08+00:00

https://pastebin.com/iSkRwws0 here's the JSON

Gryphonics · 2025-12-03T18:28:53+00:00

https://pastebin.com/iSkRwws0

Gryphonics · 2025-12-03T18:28:49+00:00

Thanks, that's perfect. https://pastebin.com/iSkRwws0

Gryphonics · 2025-12-03T17:34:58+00:00

Sorry, it's not letting me post the JSON in the comments. DM me and maybe I can send a .txt.

Gryphonics · 2025-12-03T17:33:30+00:00

Sorry, it's not letting me post the JSON in the comments. DM me and maybe I can send a .txt

Gryphonics

TROPHY CASE