diff --git a/default-files/etc/config/firewall b/default-files/etc/config/firewall
index 89b52af..48d0c22 100644
--- a/default-files/etc/config/firewall
+++ b/default-files/etc/config/firewall
@@ -1,4 +1,3 @@
-
 config defaults
 	option syn_flood '1'
 	option input 'DROP'
@@ -169,4 +168,4 @@ config rule
 	option target 'ACCEPT'
 
 config include
-	option path /etc/firewall.user
+	option path '/etc/firewall.user'
diff --git a/default-files/etc/firewall.user b/default-files/etc/firewall.user
new file mode 100644
index 0000000..bc17455
--- /dev/null
+++ b/default-files/etc/firewall.user
@@ -0,0 +1,12 @@
+# This file is interpreted as shell script.
+# Put your custom iptables rules here, they will
+# be executed with each firewall (re-)start.
+
+#to restart the fire wall use /etc/init.d/firewall restart;
+
+#for debugging added rules ues FW_TRACE=1 fw reload
+
+#more details http://wiki.openwrt.org/doc/uci/firewall
+
+iptables -I INPUT -i br-lan -p tcp --dport 22 -m state --state NEW -m recent --set
+iptables -I INPUT -i br-lan -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP