I was trying to setup the UFW firewall to allow my smartphone connecting my Ubuntu with KDE-connect and I saw this recommended configuration for UFW in KDE community (https://community.kde.org/KDEConnect):
sudo ufw allow 1714:1764/udp
sudo ufw allow 1714:1764/tcp
But this raise me some question around this... Can this configuration be considered a vulnerability? Can someone outside my local network use these ports to get access to my data?
So I thouhgt to use this configuration instead:
sudo ufw allow proto tcp from 192.168.0.0/24 to any port 1714:1764
sudo ufw allow proto udp from 192.168.0.0/24 to any port 1714:1764
Is this a better practice to avoid a vulnerability and force UFW to accept only connections within my local network?
Hardly, but it depends how your environment is set up. user535733 already gave a nice example.
Better practice - it can be if you like or need strict approach.
You can also look at your Ethernet interface:
Let’s say it is eth0.
So then you can do something like this:
You can also check a range of given IP addresses to see if they do fit your needs: