diff --git a/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/Api/NetworkController.php b/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/Api/NetworkController.php
index 72c0550496..c36ca6d90a 100644
--- a/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/Api/NetworkController.php
+++ b/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/Api/NetworkController.php
@@ -105,6 +105,10 @@ public function setAction($uuid = null)
                         $mdlZerotier->serializeToConfig();
                         Config::getInstance()->save();
                         $result["result"] = "saved";
+                        $this->setZerotierNetwork($network->networkId, 'allowManaged', $network->allowManaged);
+                        $this->setZerotierNetwork($network->networkId, 'allowGlobal', $network->allowGlobal);
+                        $this->setZerotierNetwork($network->networkId, 'allowDefault', $network->allowDefault);
+                        $this->setZerotierNetwork($network->networkId, 'allowDNS', $network->allowDNS);
                     }
                 }
             }
@@ -192,8 +196,10 @@ public function toggleAction($uuid = null)
 
     private function toggleZerotierNetwork($networkId, $enabled)
     {
+        $backend = new Backend();
+        $backend->configdRun("template reload OPNsense/zerotier");
         $action = $enabled ? 'join' : 'leave';
-        return trim((new Backend())->configdRun("zerotier $action $networkId"));
+        return trim($backend->configdRun("zerotier $action $networkId"));
     }
 
     private function listZerotierNetwork($networkId)
@@ -207,4 +213,9 @@ private function listZerotierNetwork($networkId)
         }
         return gettext("Unable to obtain Zerotier information for network") . " " . $networkId . "! " . gettext("Is the network enabled?");
     }
+
+    private function setZerotierNetwork($networkId, $setting, $value)
+    {
+        return trim((new Backend())->configdRun("zerotier set $networkId $setting $value"));
+    }
 }
diff --git a/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/forms/dialogNetwork.xml b/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/forms/dialogNetwork.xml
index c8789ac0d7..5ea9c87813 100644
--- a/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/forms/dialogNetwork.xml
+++ b/net/zerotier/src/opnsense/mvc/app/controllers/OPNsense/Zerotier/forms/dialogNetwork.xml
@@ -11,4 +11,48 @@
         <type>text</type>
         <help>Local Description to help identify this network</help>
     </field>
+    <field>
+        <id>network.allowManaged</id>
+        <label>Allow Managed</label>
+        <type>checkbox</type>
+        <help>Allow ZeroTier to set IP Addresses and Routes (local/private ranges only)</help>
+        <grid_view>
+            <visible>false</visible>
+            <type>boolean</type>
+            <formatter>boolean</formatter>
+        </grid_view>
+    </field>
+    <field>
+        <id>network.allowGlobal</id>
+        <label>Allow Global</label>
+        <type>checkbox</type>
+        <help>Allow ZeroTier to set Global/Public/Not-Private range IPs and Routes</help>
+        <grid_view>
+            <visible>false</visible>
+            <type>boolean</type>
+            <formatter>boolean</formatter>
+        </grid_view>
+    </field>
+    <field>
+        <id>network.allowDefault</id>
+        <label>Allow Default</label>
+        <type>checkbox</type>
+        <help>Allow ZeroTier to set the Default Route on the system</help>
+        <grid_view>
+            <visible>false</visible>
+            <type>boolean</type>
+            <formatter>boolean</formatter>
+        </grid_view>
+    </field>
+    <field>
+        <id>network.allowDNS</id>
+        <label>Allow DNS</label>
+        <type>checkbox</type>
+        <help>Allow ZeroTier to set DNS servers</help>
+        <grid_view>
+            <visible>false</visible>
+            <type>boolean</type>
+            <formatter>boolean</formatter>
+        </grid_view>
+    </field>
 </form>
diff --git a/net/zerotier/src/opnsense/mvc/app/models/OPNsense/Zerotier/Zerotier.xml b/net/zerotier/src/opnsense/mvc/app/models/OPNsense/Zerotier/Zerotier.xml
index d081852fbb..2313b42680 100644
--- a/net/zerotier/src/opnsense/mvc/app/models/OPNsense/Zerotier/Zerotier.xml
+++ b/net/zerotier/src/opnsense/mvc/app/models/OPNsense/Zerotier/Zerotier.xml
@@ -30,6 +30,22 @@
                     <default></default>
                     <Required>N</Required>
                 </description>
+                <allowManaged type="BooleanField">
+                    <default>1</default>
+                    <Required>Y</Required>
+                </allowManaged>
+                <allowGlobal type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </allowGlobal>
+                <allowDefault type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </allowDefault>
+                <allowDNS type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </allowDNS>
             </network>
         </networks>
     </items>
diff --git a/net/zerotier/src/opnsense/service/conf/actions.d/actions_zerotier.conf b/net/zerotier/src/opnsense/service/conf/actions.d/actions_zerotier.conf
index 5df6767c1a..1fb93b8cec 100644
--- a/net/zerotier/src/opnsense/service/conf/actions.d/actions_zerotier.conf
+++ b/net/zerotier/src/opnsense/service/conf/actions.d/actions_zerotier.conf
@@ -34,6 +34,12 @@ parameters: leave %s
 type:script_output
 message:Leaving Zerotier Network
 
+[set]
+command:/usr/local/bin/zerotier-cli
+parameters: set %s %s=%s
+type:script_output
+message:Setting Zerotier Network
+
 [info]
 command:/usr/local/bin/zerotier-cli info
 parameters:
diff --git a/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/+TARGETS b/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/+TARGETS
index 2e49b12516..4a87c683fc 100644
--- a/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/+TARGETS
+++ b/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/+TARGETS
@@ -1,2 +1,3 @@
 zerotier:/etc/rc.conf.d/zerotier
 local.conf:/var/db/zerotier-one/local.conf
+networks-local.conf:/var/db/zerotier-one/networks.d/[OPNsense.zerotier.networks.network.%.networkId].local.conf
diff --git a/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/networks-local.conf b/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/networks-local.conf
new file mode 100644
index 0000000000..a754e54cfe
--- /dev/null
+++ b/net/zerotier/src/opnsense/service/templates/OPNsense/zerotier/networks-local.conf
@@ -0,0 +1,10 @@
+{% if helpers.exists('OPNsense.zerotier.networks') %}
+{%   for network in helpers.toList('OPNsense.zerotier.networks.network') %}
+{%     if TARGET_FILTERS['OPNsense.zerotier.networks.network.' ~ loop.index0] or TARGET_FILTERS['OPNsense.zerotier.networks.network'] %}
+allowManaged={{ network.allowManaged }}
+allowGlobal={{ network.allowGlobal }}
+allowDefault={{ network.allowDefault }}
+allowDNS={{ network.allowDNS }}
+{%     endif %}
+{%   endfor %}
+{% endif %}