Ability to specify interface for local discovery packets?

There doesn’t seem to be a way to specify which interface local discovery packets should be sent on. I’m running a Syncthing instance on my home LAN server, which doubles as the edge router.

In addition to local discovery broadcasts being sent on my LAN interface, they are also sent on my two WAN interfaces (ISP IPv4 and tunneled IPv6). This is undesirable for me.

My workaround is an iptables/ip6tables rule, which disallows locally-generated Syncthing local discovery packets from leaving through any interface except the LAN:

-A OUTPUT ! -o br0 -p udp --dport 21027 -j DROP

A proper feature where we can specify a list of LAN interfaces would help avoid this hack.

You might also want to kill SSDP discovery if you have UPnP enabled.

I feel that your situation is niche enough that having an iptables hack is perfectly acceptable. If we do go the interface route we’d have to add a separate section for listen addresses, local discovery, and UPnP discovery, which is a lot of exta knobs I’d be happy to avoid.

Never the less, it’s a valid request, and I somewhat recall there is already a ticket for this in the tracker.

UPnP is disabled on this particular Syncthing instance since it sits on the router itself; there’s a rule in the INPUT chain for it specifically, where other Syncthing nodes inside the LAN will use the UPnP server on the router to establish an incoming DNAT rule.

It might make sense for this to follow the listen address. But that is specified by address, while multicast/broadcast is done per physical interface… So it would need to be two separate mechanisms. We could potentially have a list of allowed interfaces or so. But as Audrius says, it’s fairly niche. Clean PRs may be accepted. :slight_smile:

I think there already exists listen on an interface rather than address in the tracker, which is also a valid request.

It might make sense for this to follow the listen address.

Disagree. I want to be listening on my WAN interfaces, but I do not want to send local discovery broadcasts to them.