You are not logged in.
- Topics: Active | Unanswered
#1 2013-11-22 18:36:53
- Nattgew
- Member
- Registered: 2013-10-09
- Posts: 30
Worth it? Auto start/stop services and change iptables rules
I have recently set up a crontab to start/stop services based on my schedule, such as when I'll be home or away. I intend to only have a service running when I'll probably use it.
I also integrated rules for iptables into the start/stop of the services (systemd), so they automatically modify rules to accept/reject on their ports when the services start/stop.
I am behind a router, so I only forward outside ports I use like ssh (which is not on port 22). I manually forward ports, but am looking at UPnP. This is my home network so I should be able to trust the devices on it.
Now, to my question. Is it worth the time and effort to set this up? Would it be fine to just enable the services I use, let them run and always have firewall ports open for them? I feel like it's good to limit the time that ssh is running, but what about services not open to the Internet? Resources aren't really an issue. What do you guys think?
I enjoyed learning about systemd, iptables, and cron in the process of setting it up. I'd just like to also learn about how much benefit there actually is, or if anyone has other ideas. Or if it's something that could go on the wiki (not really cron, but maybe the iptables/systemd stuff).
Offline
#2 2013-11-22 20:04:48
- drcouzelis
- Member
- From: Connecticut, USA
- Registered: 2009-11-09
- Posts: 4,092
- Website
Re: Worth it? Auto start/stop services and change iptables rules
I think one way to decide if it's worth it or not is to look at your network logs. I host a website and found out I was getting pinged a lot by computers from all over the world, so I setup iptables to only allow the places I want. I don't know if it actually helps but it makes me feel better. 
Offline
#3 2013-11-23 12:23:37
- Spider.007
- Member
- Registered: 2004-06-20
- Posts: 1,175
Re: Worth it? Auto start/stop services and change iptables rules
I'd say, if resources aren't an issue; why limit the time ssh is reachable from the outside? You should have PasswordAuthentication and RootLogin disabled anyway 
so your vulnerability doesn't really decrease by updating iptables? This script probably works fine until you forget about it and it makes a boo-boo; making your machine unreachable.
Offline