{
  config,
  lib,
  pkgs,
  ...
}: {
  networking.firewall = {
    enable = true;
    # https://docs.syncthing.net/users/firewall.html
    allowedTCPPorts = [
      # Syncthing
      8384
      22000
    ];
    allowedUDPPorts = [
      # Syncthing
      22000
      21027
    ];
    allowedTCPPortRanges = [
      # KDE Connect
      {
        from = 1714;
        to = 1764;
      }
    ];
    allowedUDPPortRanges = [
      # KDE Connect
      {
        from = 1714;
        to = 1764;
      }
      # Mosh
      {
        from = 60000;
        to = 61000;
      }
    ];
  };
}