I'm setting up a embedded device running debian 8 and basically it read gpio and is connected to internet to execute curl commands.
The only service that is active is ssh on port 22, that is already configured to allow only user access with encrypted keys.
Does it make sense to have a firewall in this installation?
Thank you
Yes it does, remember there are more daemons running than BIND, Apache/nginx, SSH. For example NTP, and your device can be attacked via this vector, and if its facing outwards youll probably have issues of people seeing your IoT device from shodan.io, meaning automated attacks on SSH and NTP etc, that will bring down the device, and if its an Embedded wont be that hard. Additionally
sudo netstat -tlpn
-l will list listening ports, -p will also display the process, -n will show port numbers instead of names. Add -t to only show TCP ports.
Then you can assess how many outward facing ports are there, which are needed, and thus voila the need for IPtables emerges.
On top add FAIL 2 BAN, will make managing less problematic, yes it will consume more RAM analyzing the logs, but will prevent from Brute-flood on SSH etc etc.
Read some more about iptables Linux IPTABLES examples