I have the following in my firewall: -A INPUT -p tcp --dport 12345 -m recent --set -A INPUT -p tcp --dport ssh -m state --state NEW \ -m recent --update --seconds 43200 -j ACCEPT This will only allow SSH from a computer which has telneted to port 12345 (obviously I use something else) in the past 12 hours (even the simple windows telnet will work, it's just important to try to connect). Obviously the above could be made more complicated with more than 1 port having to be 'telneted' but I doubt it's worth the trouble. Cheers, MaZe.