On Fri, Mar 21, 2008 at 07:23:28PM +0100, Fr?d?ric Massot wrote: ... > it works, access on port 22 is blocked. Well, that's not very proper to > do filtering on the table nat. I will look at the use of sshd on two ports. yep, it's also quicker to start/stop - just start stop the listening daemon. No risk to mess with the fw rules ;) Also, you could run the 12345/sshd with its own sshd_config or even in chroot jail. That's what I'm doing too, indeed. -- paolo