If I understand your question, you don't have any iptables
rules and is asking if you really need it if the only open ports you have are the ones from active running services, is it correct?
Short answer: yes you should have a working iptables
ruleset on your server, even if the only open ports are the services you want to run there. Also remember to mantain the rules and add/remove services that are added or removed from the server.
Long, exemplified answer: Theoretically you would not need it, but security is about making the attacker's life harder. Suppose that your webserver has a script that with a bug in it, and someone exploits that bug and injects a remote shell server (even a simple netcat
will do). If the server doesn't have a firewall on its front or locally blocking connections, the attacker will be able to connect to that exploited shell. If you add correct and working iptables
rules, the attacker will not be able to connect (because iptables
blocked any traffic not on ports you allowed).
Even if you have a firewall in front of your servers, a basic iptables script is a good practice, as I said, your job is to add layers of security (Defense in depth) so if one layer fails, others will still be up to delay the attack.