Syncthing on Android running with root rights has connection problems when also AFWall+ is used in whitelist mode. In internet postings one finds a solution that has quite some security implications: Allow ‘(Root) - Apps with Root rights’
There is the possibility to allow instead only very limited access for root apps using a custom script in AFWall+. I added following lines:
IPTABLES=/system/bin/iptables
# Syncthing
$IPTABLES -A "afwall-wifi-wan" -m owner --uid-owner 0 -p tcp --dport 22000 -j ACCEPT
$IPTABLES -A "afwall-wifi-wan" -m owner --uid-owner 0 -p tcp --dport 22067 -j ACCEPT
$IPTABLES -A "afwall-wifi-wan" -m owner --uid-owner 0 -p udp --dport 21027 -j ACCEPT
# web.syncthing.net:
$IPTABLES -A "afwall-wifi-wan" -m owner --uid-owner 0 -d 82.196.13.137 -p tcp --dport 443 -j ACCEPT
# discovery.syncthing.net
$IPTABLES -A "afwall-wifi-wan" -m owner --uid-owner 0 -d 139.59.84.212,198.211.120.59 -p tcp --dport 443 -j ACCEPT
# relays.syncthing.net
$IPTABLES -A "afwall-wifi-wan" -m owner --uid-owner 0 -d 82.196.13.137 -p tcp --dport 443 -j ACCEPT
The chain afwall-wifi-wan limits the access to WiFi and LAN and blocks access on mobile internet. The syncthing documentation for firewall configuration does not mention that port 443 needs to be open to the three servers.
Many Greetings Michael