I have a laptop I take with me that has UFW. I want to allow Syncthing from my home subnet and another place. Is there a way I can do that without allow from anywhere?
Additionally, is the default ufw allow service-name/port, where it allows from anywhere, insecure? Like, does it open the port to the internet, for anyone to see or connect to?
Maybe: https://xyproblem.info/ ?
If you want to use syncthing remotely tha the answer is probably wireguard/other vpn.
Should be able to create 2 rules, 1 for each subnet.
Maybe use something like netbird instead?
Either use bare wireguard or netbird/zerotier/tailscale.
does it open the port to the internet, for anyone to see or connect to?
Yes, it will be accessible on the local network if incoming connections to your port are not blocked by a local AP or switch, and from the internet if incoming connections to you are also not blocked at the router.
It’s generally a bad practice to expose apps (syncthing, etc) directly to the internet with
allow from anywhererules, but it’s not an issue for services like wireguard and ssh when used properly.
