Hetzner has a free firewall service outside of your machine. You can use that as the first line of defence.

It's a good idea. At OCI, I have the VCN firewall enabled and ufw firewall enabled within my VPS's.

nvarsj 4 days ago | parent | prev | next [-]

The problem with Hetzner's firewall service is it nukes network performance especially on ipv6.

	▲	addandsubtract 4 days ago \| parent [-]
		It also killed my docker networking, so portainer stopped working.

reddalo 4 days ago | parent | prev [-]

That's what I use. Is it enough? Or should I also install a firewall on my machine?

	▲	ps 4 days ago \| parent \| next [-]
		Do both. Using provider's firewall service adds another level of defence. But hiccups may occur and firewall rules may briefly disappear (sync issues, upgrades, vm mobility issues) and you services then may become exposed. Happened to me in the past, were "lucky" enough so no damage was taken.
	▲	bardsore 4 days ago \| parent \| prev [-]
		Security in layers, I'd do both.