I craft my own firewall here using iptables. I have a favorite trick I learned from someone else a few years ago that I use to handle ssh security. Since ssh breaks every once and awhile and I like to leave it open it gets special security efforts. The trick is quite simple within iptables. If I get one connection failure I have to wait several seconds before making a retry. ("OK, Joanne, don't hyper ventillate. Just count to 10 and try again." {^_-}) The common attack is a dictionary attack with several attempts a second. So of course, they get one shot to crack a password, usually for <snicker> root, which is dumb to begin with. After that first attempt they are blocked for the rest of their run. If they are canny enough to figure out "wait N seconds and then try again" they can dictionary attack me no more than about 43000 attempts per day if they cut back to one every couple seconds. If I do not have a dictionary word (or even a word) as a password, it is not 8 characters, and so forth how long would it take to guess "Fis8ottlemew" or something equally silly? The universe would grow cold, first. So good attack developers (bless them in a left handed sort of way) are smart enough not to attack for more than a minute or so, a few hundred pakets floating in the attack, before they quit. The bad ones run up to maybe 3000 or 4000 attempts to stop. Now, I have to wonder about the quality of education in Albania after last night. An Albanian cracker, or at least an idiot originating an attack from albtelecom.al (217.24.240.77) wasted three full hours and 36807 connection attempts to get ONE, exactly ONE, shot at cracking my system, the first attempt. All others were rejected and logged. I just gotta shake my head at the pathetic twit who created the software that made that attempt. At least my machine kept a whole lot of other machines from being attacked and I got a huge laugh about it. (And albtelecom.al finds its little block as one of my permanent blocks in the firewall, now. This is not the first attack from that /20 block!) I love IPTables. {^_-} Joanne