Is there any solution to this older GitHub issue yet?
In summary, is there a way to set a "dial only" setting on the tunneler side to ensure that an OpenZiti administrator cannot successfully use that identity as a bind target? This is a security issue from the perspective of someone joining a network where they may not fully trust the administrators, or even where the tunneler is on a secured machine that needs to reach out to things but should never have inbound access in any situation.