In last months reader poll I asked about Firewall on dedicated UNIX / Linux box.
Do we really need a firewall?
Personally, I install firewall on all boxes to filter out unwanted junk and IPs; even if box is only running public service such as a web server. The overall idea is to limit access and reduce liability on my part if serer got rooted (read as compromised). Remember, bad boys never play by the rules.