From f5864ebca644f6fd6627f5038e2b011ca2251b7f Mon Sep 17 00:00:00 2001
From: Hugo Osvaldo Barrera <hugo@whynothugo.nl>
Date: Thu, 15 Feb 2024 22:23:11 +0100
Subject: [PATCH] Add sample for configuring nftables

---
 users/firewall.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/users/firewall.rst b/users/firewall.rst
index 0936f842f..6dcea6cc7 100644
--- a/users/firewall.rst
+++ b/users/firewall.rst
@@ -85,6 +85,18 @@ it with::
 
 Similarly there is also a ``syncthing-gui`` service.
 
+nftables
+~~~~~~~~
+For hosts using a somewhat standard setup of ``nftables``, placing the
+following content in ``/etc/nftables.d/syncthing.nft`` should allow syncthing
+to be discovered via local discovery and receive direct connections.
+
+    table inet filter {
+    	chain input {
+    		udp dport 21027 accept comment "Allow syncthing discovery"
+    		udp dport 22000 accept comment "Allow syncthing peers"
+    	}
+    }
 
 Remote Web GUI
 --------------