servers are usually behind router/firewall at home, so you can avoid firewall on server.
but if you have VPS in cloud then server is reachable from internet, it has static IP.
also I think that firewall should be running on home server too. you never know which member of family get some virus / malwatre on his device
I am runnig mix of services on my home servers, some of them are running in docker container. And managing docker networks with firewall is sometimes bit complicated.
I am using shorewall but thinking about change to firewalld.
Layered protection always. When it comes to security and the inner sanctum of your network it pays to let, as the old tune says, “paranoia runs deep.” I would second Tom’s recommendation of UFW.
If using Docker with Ubuntu or other distribution that uses iptables, you’ll need to be cognizant of where the Docker daemon writes its rules. iptable rules are matched from top down and usually docker inserts its own rules (or chain) at or very near the top of the ruleset, effectively bypassing other lower rules. Just something to be aware of.
