Hi, I have recently started using Tomato with my WRT54GL, and have found the transition painless and enjoyable so far. I am, however, rather paranoid about my security, so I like to set up iptables rules to limit most administrative capabilities to myself, both by cipher, and by annoyance (ip/mac limitation). I currently have the following script, which (I think? been a while since I worked with iptables) should throttle dictionary/brute attacks on the SSH daemon. However, it doesn't seem to do anything: Code: ## Block SSH brute force # 15 seconds between attempts iptables -A INPUT -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 15 -j DROP iptables -A INPUT -p tcp -m state --state NEW --dport 22 -m recent --set -j ACCEPT # Filter MAC and IP iptables -A INPUT -m mac -s 192.168.1.59 --mac-source 00:00:00:00:00:00 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP (obviously that's not the real MAC passed to --mac-source) I have tried putting these in the firewall scripts page, which didn't seem to work, and then the init scripts page, which also doesn't seem to work. When I do iptables -L over ssh I get the following: Code: # iptables -L | fgrep ssh # iptables -A INPUT -m mac -s 192.168.1.59 --mac-source 00:00:00:00:00:00 -p tcp --dport ssh -j ACCEPT # iptables -L | fgrep ssh ACCEPT tcp -- 192.168.1.59 anywhere MAC 00:00:00:00:00:00 tcp dpt:ssh # As you can see, it's like the script does nothing, because it is listed if I do it manually. Any ideas? Thanks! EDIT: Oh, and by the way, I'm using Tomato 1.28.