Many web hosting providers and dedicated server data centers will provide router-level firewalls for their customers, mainly as a precaution to protect their infrastructure. A bot, virus, or other form of malware that gets into a single network can spread from server-to-server very quickly.
On some home networks, a router firewall may be the only one used. The problem with relying on your service provider to block unwanted incoming traffic is that you have no control over what is blocked or if anything gets blocked at all. Furthermore, larger web hosts may have thousands or even hundreds of thousands of servers all connected through a complex network of routers. Any device on the same router as you could become a potential attacker or host to a bot.
Because of that reality, relegating responsibility for your server’s security to your web host is not only a matter of putting trust in the provider, but also involves trusting everyone else in your network. That is not a risk you should be willing to take. Install a software firewall, such as APF, on your server, and consider additionally installing an application firewall, such as ModSecurity.
Photo Source: Flickr