With the standard rule in place, which allows SSH, you may see several external connection attempts in the Event log similar to the following:
15:58:28, 15 May 2014,GP socket connected: 192.168.1.1:22 -> ###.###.###.###:5286
These messages may point to possible malicious hack attempts. Fortunately, Digi TransPort routers will listen on the standard service ports with 8000+ port numbers. For example: 8022(SSH),8080(HTTP), 8443(HTTPS), etc...
In order to configure the Digi TransPort to stop listening on the standard SSH port 22 and listen on the 8022 port instead, the following can be added to the firewall rules:
pass in break end proto tcp from any to any port=8022 flags S!A inspect-state
Looking at the Firewall hit counter under the Security > Firewall menu will allow you to see which rules are getting hit and logged into fwlog.txt by the last rule in the default firewall rule set:
block logbreak end
When adding the above mentioned rule, the firewall blocks the attempt, so it will never make it into the Event Log. Instead it shows up in Management - Network Status >Firewall Trace (fwlog.txt). The following shows an example of a blocked SSH connection attempt:
----- 15-5-2014 13:10:24 ------
FW LOG Dir: IN Line:21 Hits: 599 IFACE: PPP 1
Source IP: ###.###.###.### Dest IP: 192.168.1.1 ID: 27424 TTL: 232 PROTO: TCP (6)
Src Port: 5286 Dst Port: 22
block log break end