Hallo! I am using the SuSEfirewall2 since a while now. Even on Debian systems. But i was missing a feature that would only let a dynamic host access port 22. E.g. you have a ISDN, DSL, Cable dial up account from your ISP, and your ip changes every 24h. here is a little workaround, what do you think? ## Insert into the first line of /sbin/SuSEfirewall2 # resolve ip newip=`fping -A host.dyndns.org | awk '{print $1}'` # check if ip changed if [ "`cat /var/log/newip.log`" = "$newip" ]; then exit fi # write new ip to cache, then load firewall rules echo $newip > /var/log/newip.log # apply new rules echo " fw_custom_before_antispoofing() { iptables -A INPUT -p tcp -s $newip --dport 22 -j ACCEPT true } fw_custom_before_port_handling() { true } fw_custom_before_masq() { true } fw_custom_before_denyall() { true }" > /etc/rc.config.d/firewall2-custom.rc.config Another Ring of Security ;) Is the SuSEfirewall2 from MarcŽs homepage still uptodate? Cheers, Mario