I have just switched to using my ADSL modem in bridging mode and had to institute my own firewall and wanted to put ssh on a different port for external access to avoid these attacks. I didn't want to change the default port for internal access but the only way I could make it work was to do a trick like: iptables -t nat -I PREROUTING -p tcp --dport X -j DNAT :22 iptables -t nat -I PREROUTING -p tcp --dport 22 -j DNAT :X where X is the new external "ssh" external port. That way external ssh traffic is sent to port 22 internal and external port 22 traffic is sent to the other port X which can be dropped. It seems a bit clunky (I was worried that it might lead to a loop initially) - is there a better way to do this? Also is there a better site to external scan your machine than the "Shields Up" site? I've heard people complain about it - presumably it's marketing but it does appear to do a convenient job for quickly scanning your ports for free. Andrew