diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile
index 56543331..30f2de5b 100644
--- a/src/packages/fff/fff-firewall/Makefile
+++ b/src/packages/fff/fff-firewall/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fff-firewall
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 
diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
index aa04ce93..bb18657f 100644
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
@@ -1,9 +1,3 @@
-# If an router has a direct internet connection simple attack act as DOS attack
-if [ -n "$IF_WAN" ]; then
-	iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-	iptables -A INPUT -i $IF_WAN -j REJECT
-fi
-
 # Limit ssh to 6 new connections per 60 seconds
 /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
 /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP