diff --git a/setup/start/cloudron-firewall.sh b/setup/start/cloudron-firewall.sh
index 93a206282..7f1c72fcf 100755
--- a/setup/start/cloudron-firewall.sh
+++ b/setup/start/cloudron-firewall.sh
@@ -139,8 +139,8 @@ for port in 80 443; do
     ipxtables -A CLOUDRON_RATELIMIT -p tcp --syn --dport ${port} -m connlimit --connlimit-above 5000 -j CLOUDRON_RATELIMIT_LOG
 done
 
-# ssh . 5 connections per 10 seconds per IP
-for port in 22 202; do
+# ssh and sftp. 5 connections per 10 seconds per IP
+for port in 22 202 222; do
     ipxtables -A CLOUDRON_RATELIMIT -p tcp --dport ${port} -m state --state NEW -m recent --set --name "public-${port}"
     ipxtables -A CLOUDRON_RATELIMIT -p tcp --dport ${port} -m state --state NEW -m recent --update --name "public-${port}" --seconds 10 --hitcount 5 -j CLOUDRON_RATELIMIT_LOG
 done