Do both. Using provider's firewall service adds another level of defence. But hiccups may occur and firewall rules may briefly disappear (sync issues, upgrades, vm mobility issues) and you services then may become exposed. Happened to me in the past, were "lucky" enough so no damage was taken.
It's a good idea. At OCI, I have the VCN firewall enabled and ufw firewall enabled within my VPS's.
The problem with Hetzner's firewall service is it nukes network performance especially on ipv6.
It also killed my docker networking, so portainer stopped working.
That's what I use. Is it enough? Or should I also install a firewall on my machine?
Do both. Using provider's firewall service adds another level of defence. But hiccups may occur and firewall rules may briefly disappear (sync issues, upgrades, vm mobility issues) and you services then may become exposed. Happened to me in the past, were "lucky" enough so no damage was taken.
Security in layers, I'd do both.