I have been running my small group of devices with the "Everything, everywhere, all at once" default rule: {"action": "accept", "users": ["*"], "ports": ["*:*"]},. I'm starting to add the occasional server for which I want to allow connections in but not out. The challenge is that I would ideally like to do this without disturbing the default behaviour of "attach something to network and it can immediately connect to all other devices" without touching my ACL rules.
The documentation is very clear that you can only write rules with "action": "accept". Given this, my best idea is to write a rule that references a list of devices that means "all devices, except the ones with this tag". I can then tag my servers as the "exceptions" and everything else remains with the fully connected behaviour. Is this possible?
Or in fact, is there a better way of doing it?
