I think having both rules is redundant, I think 0.0.0.0/0 allows anything including your 172.1.0.x addresses.
I also found that if you explicitly allow only connections from your local network, and then something else on the same machine that Tvheadend runs on (such as an instance of ffmpeg) produces a stream that you want Tvheadend to use, you also need to allow 127.0.0.1 (the local loopback address). So using a specific network range can cause some unanticipated problems.