carl.wagner at level3.com wrote: > > $ ipchains -L | grep ssh >ACCEPT tcp -y---- anywhere anywhere any -> >ssh > [snip, snip] Doesn't the -y---- there mean you are only ACCEPTing SYN packets? You need to also ACCEPT all the other packets as well. I would try a simple ACCEPT rule without the SYN limitation.