I just noticed the following entries in my firewall log: Nov 23 19:44:11 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=16126 F=0x0000 T=246 SYN (#3) Nov 23 19:47:21 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=28824 F=0x0000 T=246 SYN (#3) Nov 23 19:47:58 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=9754 F=0x0000 T=246 SYN (#3) Nov 23 19:51:35 kore kernel: Packet log: input DENY eth0 PROTO=6 192.168.1.4:22 a.b.c.d:22 L=40 S=0x00 I=38173 F=0x0000 T=246 SYN (#3) eth0 is the external i/f ... does this indicate ssh connection attempts with spoofed IP source addresses? (I do have a machine on reserved IP address 192.168.1.4 but it can only establish connections to the firewall via eth1) TIA Michael