You are not logged in.

Pages: 1

#1 2016-01-30 13:30:51

jryan
Member
From: Philadelphia USA
Registered: 2011-03-16
Posts: 29
Website

Getting ports in firewall to close when service is stopped

Anyone know an easy way to get a systemd service to open/close a port on a firewall when it's started/stopped?

Offline

#2 2016-01-30 18:11:43

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Getting ports in firewall to close when service is stopped

Why would you want to?

If the service isn't running then there is nothing listening on the port, having it firewalled doesn't increase security

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#3 2016-01-31 03:41:46

jryan
Member
From: Philadelphia USA
Registered: 2011-03-16
Posts: 29
Website

Re: Getting ports in firewall to close when service is stopped

slithery wrote:

Why would you want to?

If the service isn't running then there is nothing listening on the port, having it firewalled doesn't increase security

I guess it makes me feel safer there is one less port open that another possible program could use it for.

Offline

#4 2016-01-31 16:56:28

Stebalien
Member
Registered: 2010-04-27
Posts: 1,239
Website

Re: Getting ports in firewall to close when service is stopped

I wrote this a while ago and haven't used it in a long time but you might find it useful: https://github.com/Stebalien/punchfw

However, as slithery said, this shouldn't be necessary.

1. If you're running an untrusted program, you're screwed.
2. Most "nice" programs pick different reasonably unique ports so, even if one does decide to listen on some port, it's unlikely to be the same port (unless you have, e.g., two bittorrent daemons).

Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C

Offline

#5 2016-01-31 17:12:26

jryan
Member
From: Philadelphia USA
Registered: 2011-03-16
Posts: 29
Website

Re: Getting ports in firewall to close when service is stopped

Stebalien wrote:

I wrote this a while ago and haven't used it in a long time but you might find it useful: https://github.com/Stebalien/punchfw

However, as slithery said, this shouldn't be necessary.

1. If you're running an untrusted program, you're screwed.
2. Most "nice" programs pick different reasonably unique ports so, even if one does decide to listen on some port, it's unlikely to be the same port (unless you have, e.g., two bittorrent daemons).

Thanks, that is pretty much what I was talking about. I guess I agree about leaving them open is probably okay.

Offline

Pages: 1

Board footer

Powered by FluxBB