Simplewall or Windows Firewall Rules for Syncthing to connect only on Private Network

Using syncthing on windows with local discovery for my android phone. Everything works fine but I want to block sycthing when I am on public/campus wifi. What rules should I set to achieve this?

The Android app has an option to run on selected Wi-Fi networks only. Is this what you’re looking for?

Please keep in mind that location services need to be turned on in the Android settings for the condition the work. Also, you’ve mentioned local discovery, so I’d just like to point out that currently only global discovery works on newer versions of Android (see https://github.com/syncthing/syncthing-android/issues/1628).

I use android as hotspot to connect to internet and also to sync my files from laptop to mobile. I simply just don’t run syncthing while connected to wifi on Android. Local discovery seems to work fine for me on Android 11. Thanks for the input but I need rules for windows firewall or if there is any advanced setting which prevents running syncthing on public networks?

I don’t think I really understand the question. If you enable hotspot on Android, this normally means that you use your mobile data connection to share it through Wi-Fi, unless you’re talking about connecting the phone to Wi-Fi, and then sharing the Internet through a USB connection, which is very different.

The Android app has multiple conditions that can be set, which include running on Wi-Fi, running on mobile data, etc. Is this not what you’re looking for?

On the other hand, if you’re asking about having such options in the Windows release of Syncthing, then no, there’s nothing like it there. SyncTrayzor, however, does offer an option not to run on metered networks.

Here is my setup.

  • I use android hotspot as priavte wifi for my laptop.
  • Android Syncthing is set to run on mobile data, data can be on or off doesn’t matter for local discovery.
  • Now on windows I have enabled only local discovery. Which means when I connect my laptop to mobile hotspot it doesn’t need any mobile data to sync you can have mobile data on or off in android settings.
  • I want to set my windows Syncthing so that it runs only when I connect to my mobile hotspot.

Now What rules should I set for this. Not run conditions but simply which connections to block in firewall when I connect my laptop to any wifi(public) other than my mobile one (private)?

I don’t think there’s any simple way to do it. I’d probably use the Task Scheduler to set up two separate tasks. The first one would start/unpause Syncthing upon connecting to the hotspot, and the second would exit/pause it upon disconnecting from it.

This would require some custom scripting skills (e.g. to check for specific network names/SSIDs), as the Task Scheduler doesn’t really offer such gradual control by itself (e.g. you can allow a task to start upon connecting to a specific network, but there’s no built-in way to stop the task automatically upon disconnecting from it).

One tip I can provide is that the condition to detect network connection change in Task Scheduler is as follows.

Also, instead of starting and exiting Syncthing itself, as an alternative you can manipulate the Windows Firewall to block its connectivity using the command line. You will probably need to find the specific commands how to block a program from Internet access yourself though.

A simpler solution would be use the Windows Firewall to allow Syncthing to run only on private networks, and disallow it from running on public networks, as long as you designate your hotspot as a private one. The limitation here is the rule will cover all private networks, and not just the hotspot specifically.