Hi all, I'm trying to implement port knocking for SSH behind NAT using Shorewall Events based on http://shorewall.net/Events.html, but no joy. The port seems to be always open. That is use of nmap to knock has no effect. DNAT net $FW:pri.va.te.ip tcp 22 pu.bl.ic.ip Knock net $FW tcp 1699:1701 Knock net $FW:pri.va.te.ip tcp 22 Any ideas. Using 4.5.21. Eric ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech