ALLOW rules and SSH-keys. Using a non-standard port will stop the majority of automated attackers, but a dedicated attack will find you're SSH server: it only takes 20-30mins to portscan 1-65535. -rb