update ssh and firewall

docs/source/reference/devops/debian-firewall-nftables-and-iptables.md

@@ -174,6 +174,12 @@ sudo apt install iptables-persistent # if not installed yet
 6. [How To Choose an Effective Firewall Policy to Secure your Servers | DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-choose-an-effective-firewall-policy-to-secure-your-servers)
 7. [Basic iptables template for ordinary servers (both IPv4 and IPv6)](https://gist.github.com/jirutka/3742890)
 
+### Few Words about iptables
+
+If you have a large number of IPs to manage, try `ipset` ([ipset - ArchWiki](https://wiki.archlinux.org/index.php/Ipset))
+
+If you still prefer some well-known websites, [here]( https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands#service-ssh) is one.
+
 ## `nftables`
 
 Read the man page if you have time:

docs/source/reference/devops/set-up-debian-server-on-digital-ocean.md

@@ -122,6 +122,16 @@ sudo systemctl restart sshd
 If ever locked out, try the VNC connection (Console Access) on Digital Ocean's website,
 the "Access" dashboard for the droplets.
 
+If you want something fancy, you can choose to:
+
+* specify users who can ssh login
+* use [Google Authenticator](https://wiki.archlinux.org/index.php/Google_Authenticator) (ArchWiki)!
+* port knocking
+  * send a ICMP packet first then allow the source ip to ssh
+  * send a tcp packet first to a specific port then open that port as ssh port
+  * etc.
+* port multiplexing
+
 ### Add apt source list (optional)
 
 The following commands are only examples.