For this example. We can start with the email you get from the service provider.
The email from the service provider includes an account and password.
Username: you (not the real account)
Password: a3X*something (not the real password)
Here is access from the Windows Command Terminal you to the server with your account name you and the server de.something.com
‘de’ for a server running debian linux.
C:\Users\you>ssh you@de.something.com
The first time, the operating system may respond with something like:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
Next (from an internet search) clean up the “known_hosts" file:
Here is the file before:
de.something.com,69.55.235.35 ecdsa-sha2-nistp256 AAA...some medium length key
de.something.com ssh-ed25519 AAAAC3Nza...some medium length key
...
some other keys
...
after (after removing all the de.something.com references):
...
some other keys still there
...
Open the Terminal window again
C:\Users\you>ssh you@de.something.com
The authenticity of host 'de.something.com (##.##.###.##)' can't be established.
ED25519 key fingerprint is SHA256:fcDTZtI0...some medium key.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added 'de.something.com' (ED25519) to the list of known hosts.
you@de.something.com's password: a3X*something
Now, the revised file looks like this:
...
a few keys
...
de.something.com ssh-ed25519 AAAAC3Nza...some medium length key
de.something.com ssh-rsa AAAAB3Nz...some longer length key
de.something.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL...some longer length key
Logging in now should be simpler:
C:\Users\you>ssh you@de.something.com
you@de.something.com's password: a3X*something
Linux de.somthing.com 6.12.48+deb13-amd64 #1 SMP PREEM
...
some Linux info
...
Last login: Fri Oct 24 11:50:47 2025 from 149.28.212.41
you@subserver:~$
First steps are to update the system
$ sudo apt-get update
$ sudo apt update
Take a look at what services are running
you@de:~$ systemctl list-units --type=service --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION >
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
serial-getty@ttyS0.service loaded active running Serial Getty on ttyS0
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running User Login Management
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running Rule-based Manager for Device Events and Fi>
user@1001.service loaded active running User Manager for UID 1001
Legend: LOAD -> Reflects whether the unit definition was properly loaded.
ACTIVE -> The high-level unit activation state, i.e. generalization of SUB.
SUB -> The low-level unit activation state, values depend on unit type.
10 loaded units listed.
Do I have vi or vim?
you@de:~$ dpkg -l | grep vim
dpkg -l | grep vim
ii vim-common 2:9.1.1230-2 all Vi IMproved - Common files
ii vim-tiny 2:9.1.1230-2 amd64 Vi IMproved - enhanced vi editor - compact version
you@de:~$
you@de:~$ vi --version | less
VIM - Vi IMproved 9.1 (2024 Jan 02, compiled May 23 2025 00:48:59)
...
-dialog -mksession -sodium -X11
:
Press <spacebar>
...
11 -lXdmcp -lSM -lICE -lm -ltinfo -lselinux -lacl -lattr
(END)
press q
you@de:~$
Do I have curl to test the server using Windows?
From “Firewalls (iptables, nftables, pfsense) for Educators: A complete Guide to Teaching Perimeter Security S...” pp72-73 of 312 Kindle ed.
| Practical Testing Diagnostic Tools | |
|---|---|
| Command | Function |
| ping, curl | Verify accessibility |
| nmap | Verify open ports |
| iptables -L -v | View packet count by rule |
| tcpdump | Traffic sniffing |
| pfSense Logs | View in GUI → Status → System Logs |
C:\Users\you>curl --version
curl 8.13.0 (Windows) libcurl/8.13.0 Schannel zlib/1.3.1 WinIDN
Release-Date: 2025-04-02
Protocols: dict file ftp ftps http https imap imaps ipfs ipns mqtt pop3 pop3s smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets
C:\Users\you>curl https://de.something.com
curl: (7) Failed to connect to de.somthing.com port 443 after 2240 ms: Could not connect to server
Do I have nftables?
you@de:~$ dpkg -l | grep nftables
ii libnftables1:amd64 1.1.3-1 amd64 Netfilter nftables high level userspace API library
ii libnftnl11:amd64 1.2.9-1 amd64 Netfilter nftables userspace API library
ii nftables 1.1.3-1 amd64 Program to control packet filtering rules by Netfilter project
you@de:~$
See if it is running
you@de:~$ systemctl status nftables
• nftables.service - nftables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:nft(8)
http://wiki.nftables.org
you@de:~$
Enable the service
sudo systemctl enable --now nftables
you@de:~$ nft -v
-bash: nft: command not found
you@de:~$ sudo systemctl enable --now nftables
[sudo] password for x:
Created symlink '/etc/systemd/system/sysinit.target.wants/nftables.service' -> '/usr/lib/systemd/system/nftables.service'.
you@de:~$
Return to check status
you@de:~$ systemctl status nftables
• nftables.service - nftables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; >
Active: active (exited) since Fri 2026-01-16 11:15:42 PST; 1min 17s>
Invocation: 711830018b2849528a4daeef1c6dbc33
Docs: man:nft(8)
http://wiki.nftables.org
Process: 1558626 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code>
Main PID: 1558626 (code=exited, status=0/SUCCESS)
Mem peak: 3M
CPU: 107ms
you@de:~$
Check for active rules
you@de:~$ sudo nft list ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
you@de:~$
How to stop nftables
you@de:~$ sudo systemctl stop nftables
you@de:~$
check status
you@de:~$ systemctl status nftables
- nftables.service - nftables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; preset: enabled)
Active: inactive (dead) since Fri 2026-01-16 11:26:03 PST; 1min 18s ago
Duration: 10min 20.986s
Invocation: 711830018b2849528a4daeef1c6dbc33
Docs: man:nft(8)
http://wiki.nftables.org
Process: 1558626 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
Process: 1558676 ExecStop=/usr/sbin/nft flush ruleset (code=exited, status=0/SUCCESS)
Main PID: 1558626 (code=exited, status=0/SUCCESS)
Mem peak: 1.8M
CPU: 41ms
you@de:~$
Note the permissions of the original file
you@de:~$ ls /etc/nftables* -l
-rwxr-xr-x 1 root root 243 Jun 10 2025 /etc/nftables.conf
you@de:~$
Make a copy of the original rules file.
you@de:~$ sudo cp -a /etc/nftables.conf /etc/nftables.conf.org
[sudo] password for x:
you@de:~$
Check results
you@de:~$ ls /etc/nftables* -l
-rwxr-xr-x 1 root root 243 Jun 10 2025 /etc/nftables.conf
-rwxr-xr-x 1 root root 243 Jun 10 2025 /etc/nftables.conf.org
you@de:~$
Logging with Debian
The service is systemd-journald.service
you@de:~$ systemctl list-units --type=service --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION >
...
systemd-journald.service loaded active running Journal Service
...
messages are stored in /var/log/journal and /run/log/journal
Creating a log file for firewall messages
local traffic
ports 22, 80, 443, 3000, 3306
And writes a line to a log:
***** file /etc/nftables.conf*******
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter;
policy drop;
ct state established, related accept
iifname "lo" accept
icmp type echo-request accept
tcp dport 22 accept #ssh
tcp dport { 80, 443 } accept #http, https
tcp dport { 3000, 3306 } accept #mySQL, mariaDB
log prefix "Server Block: " flags all
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
Enable nftables with revised .conf file
you@de:~$ sudo systemctl enable nftables
[sudo] password for x:
you@de:~$
Check service status
you@de:~$ systemctl status nftables
• nftables.service - nftables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; preset: enabled)
Active: inactive (dead) since Fri 2026-01-16 11:26:03 PST; 4h 48min ago
Duration: 10min 20.986s
Invocation: 711830018b2849528a4daeef1c6dbc33
Docs: man:nft(8)
http://wiki.nftables.org
Main PID: 1558626 (code=exited, status=0/SUCCESS)
Mem peak: 1.8M
CPU: 41ms
you@de:~$
Start service
you@de:~$ sudo systemctl start nftables
you@de:~$
Check service
you@de:~$ systemctl status nftables
- nftables.service - nftables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; preset: enabled)
Active: active (exited) since Fri 2026-01-16 16:16:25 PST; 32s ago
Invocation: 18db68727d0a4fcd87f8eac4fffc6bd9
Docs: man:nft(8)
http://wiki.nftables.org
Process: 1561858 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
Main PID: 1561858 (code=exited, status=0/SUCCESS)
Mem peak: 3.3M
CPU: 62ms
you@de:~$