this post was submitted on 29 Mar 2026
14 points (100.0% liked)

Linux

16884 readers
133 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
14
UFW: Allow from multiple subnets? (lemmy.world)
submitted 2 days ago by AstroLightz@lemmy.world to c/linux@lemmy.world
4 comments fedilink hide all child comments
 

I have a laptop I take with me that has UFW. I want to allow Syncthing from my home subnet and another place. Is there a way I can do that without allow from anywhere?

Additionally, is the default ufw allow service-name/port, where it allows from anywhere, insecure? Like, does it open the port to the internet, for anyone to see or connect to?

top 4 comments
sorted by: hot top controversial new old
[–] moonpiedumplings@programming.dev 4 points 2 days ago

Maybe: https://xyproblem.info/ ?

If you want to use syncthing remotely tha the answer is probably wireguard/other vpn.

[–] 0x0@lemmy.zip 1 points 2 days ago

Maybe use something like netbird instead?

[–] MangoPenguin@lemmy.blahaj.zone 4 points 2 days ago

Should be able to create 2 rules, 1 for each subnet.

[–] berg@lemmy.zip 2 points 2 days ago

Either use bare wireguard or netbird/zerotier/tailscale.

does it open the port to the internet, for anyone to see or connect to?

Yes, it will be accessible on the local network if incoming connections to your port are not blocked by a local AP or switch, and from the internet if incoming connections to you are also not blocked at the router.

It's generally a bad practice to expose apps (syncthing, etc) directly to the internet with

allow from anywhere

rules, but it's not an issue for services like wireguard and ssh when used properly.