Alright, so I created some ACL rules to separate traffics from my hosts, and there is a specific host that I want to access a subnet. Let me write them down here.

host1 is the client that needs to access the subnet

host-subnet is the client that is advertising said subnet.

Right now the only ACL rule that works for host1 to access the subnet is:

{ "Action": "accept", 
      "Users": ["host1"], 
      "Ports": ["*:*"]
    
    },

I'd like to do only allow host1 to access the host with the subnet instead, which per my understanding I was supposed to achieve using this:

{ "Action": "accept", 
      "Users": ["host1"], 
      "Ports": ["host-subnet:*"]
    
    },

I can ping from host1 to host-subnet using their Tailscale IP addresses, but I'd like to be able to access the subnet being advertised only with that rule. Is that not possible?

Thank you.

EDIT: I got this work simply creating a rule to the subnet itself, I don't even need to allow host1 to communicate with the host-subnet, I can just allow the subnet itself:

{ "Action": "accept", 
      "Users": ["host1"], 
      "Ports": ["192.168.0.0/24:*"]
    
    },