While you are protected by the firewall it still doesn't harm to limit Luci just to listen on the LAN IP instead of 0.0.0.0