I think I now know the cause of this problem.

I actually have two Internet lines - WAN1 and WAN2 - and I have done separate Open Ports on each (as an Open Port is WAN specific [why there is no option for 'All' is an other topic])

The firewall rules and other associated objects (Service Types) are not WAN specific (WAN is not specified).

I assumed that the firewall rules applied to both WANs.

It seems that WAN2 is not being filtered by the firewall!!!??

If I turn off the open ports on WAN2 then the attacks stop. If I open them for WAN2 then within a few minutes the attacks start again.

Cool, glad you are getting somewhere

Both WANs should be filters by the firewall, are you on the latest firmware.
Id log a support case with Draytek if the filter is only working on 1 interface.

I am on 3.6.3

I was on 3.6.4 but that had issues so I reverted back.

I understand that the international site has a later driver but the UK site still is showing 364 which I assume is still the old one.

I will raise a case with support.

Thanks for your help.

having a slimier issue, I need to block SMTP Port 25 from all but one IP (92.63.133.169) so have setup the following rule:

Direction: WAN > LANRT/VPN
Source IP: !92.63.133.169
Destination IP: ANY
Service Type: TCP. Port from 25 to 25
Filter: Block Immediately

yet i can still connect from any IP

that rule will block anything from the IP you want to pass on port 25

You need two rules

Direction: WAN > LANRT/VPN
Source IP: ANY
Destination IP: ANY
Service Type: TCP. Port from 25 to 25
Filter: Block Unless Further Match

Direction: WAN > LANRT/VPN
Source IP: ANY
Destination IP: 92.63.133.169
Service Type: TCP. Port from 25 to 25
Filter: Pass Immediately

sicon wrote: that rule will block anything from the IP you want to pass on port 25

Thanks for taking the time to post. But if you look closely there is a ! in front on the IP which I believe is any other then 92.63.133.169

However I have setup the two rules as you described and still traffic is allowed through from any address