When you want to fine-tune the rules of who has access to what inside your Tailscale network, the solution is our Access Control Lists, or ACLs. ACLs are a powerful way to manage access to the resources on your tailnet (our term for a Tailscale network of devices). They’re capable of managing user groups, regulating connectivity between devices by protocol, port, and so much more.
This is a quick getting started guide for those of you who have heard about our ACLs but have been intimidated by their perceived complexity. Making changes to your ACLs doesn’t have to be complicated!
In today’s video I’ll walk you through the basics of writing your very first ACL rule. I’ll also show you how to write an ACL test so that you don’t inadvertently break connectivity for something important by mistake. Then we’ll cover how to use ACLs to manage SSH connections with group memberships and node tagging.
By the end of this video, you’ll have the confidence to write your own ACLs and start taking advantage of one of the most sophisticated benefits that a mesh network of all your devices can offer.
We made today’s video in response to popular demand for more resources on ACLs, coming from lots of people in the Tailscale community — in our YouTube comments, on the bustling subreddit, and in replies on X and Mastodon. We love getting that kind of feedback on what parts of Tailscale could use a little additional explanation. Thanks again, and please keep it coming!