diff --git a/app/server.go b/app/server.go
index e9f7046..41f0002 100644
--- a/app/server.go
+++ b/app/server.go
@@ -35,6 +35,7 @@ func main() {
 	fmt.Printf("%s %s\n", VERSION, BUILDDATE)
 
 	pflag.StringP("interface", "i", "eth0", "Bind to this interface")
+	pflag.IntP("ssh", "s", 0, "Override SSH port")
 	pflag.StringP("logpath", "l", "/dev/null", "Log file path")
 	pflag.StringP("confpath", "c", "config/", "Configuration file path")
 	pflag.BoolP("debug", "d", false, "Enable debug mode")
@@ -44,6 +45,10 @@ func main() {
 	pflag.Parse()
 	viper.BindPFlags(pflag.CommandLine)
 
+	if viper.IsSet("ssh") {
+		viper.Set("ports.ssh", viper.GetInt("ssh"))
+	}
+
 	if viper.GetBool("version") {
 		return
 	}
diff --git a/config/config.yaml b/config/config.yaml
index 1da0dd7..5d5072e 100644
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -1,6 +1,7 @@
 ports:
   tcp: 5000
   udp: 5001
+  ssh: 2222
 
 rules_path: config/rules.yaml
 
diff --git a/glutton.go b/glutton.go
index b18ae14..c1cc657 100644
--- a/glutton.go
+++ b/glutton.go
@@ -53,6 +53,7 @@ func (g *Glutton) initConfig() error {
 	// If no config is found, use the defaults
 	viper.SetDefault("ports.tcp", 5000)
 	viper.SetDefault("ports.udp", 5001)
+	viper.SetDefault("ports.ssh", 22)
 	viper.SetDefault("max_tcp_payload", 4096)
 	viper.SetDefault("conn_timeout", 45)
 	viper.SetDefault("rules_path", "rules/rules.yaml")
@@ -186,11 +187,11 @@ func (g *Glutton) Start() error {
 
 	g.startMonitor(quit)
 
-	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort)); err != nil {
+	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		return err
 	}
 
-	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort)); err != nil {
+	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		return err
 	}
 
@@ -335,11 +336,11 @@ func (g *Glutton) Shutdown() {
 	}
 
 	g.Logger.Info("FLushing TCP iptables")
-	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort)); err != nil {
+	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		g.Logger.Error("failed to drop tcp iptables", producer.ErrAttr(err))
 	}
 	g.Logger.Info("FLushing UDP iptables")
-	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort)); err != nil {
+	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		g.Logger.Error("failed to drop udp iptables", producer.ErrAttr(err))
 	}
 
diff --git a/iptables.go b/iptables.go
index 8a97c1d..6089dc9 100644
--- a/iptables.go
+++ b/iptables.go
@@ -30,19 +30,19 @@ func genRuleSpec(chain, iface, protocol, _ string, sshPort, dport uint32) []stri
 	return strings.Split(fmt.Sprintf(spec, iface, protocol, sshPort, dport), ";")
 }
 
-func setTProxyIPTables(iface, srcIP, protocol string, port uint32) error {
+func setTProxyIPTables(iface, srcIP, protocol string, port, sshPort uint32) error {
 	ipt, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
 	if err != nil {
 		return err
 	}
-	return ipt.AppendUnique("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, 22, port)...)
+	return ipt.AppendUnique("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, sshPort, port)...)
 }
 
-func flushTProxyIPTables(iface, srcIP, protocol string, port uint32) error {
+func flushTProxyIPTables(iface, srcIP, protocol string, port, sshPort uint32) error {
 	ipt, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
 	if err != nil {
 		return err
 	}
 
-	return ipt.Delete("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, 22, port)...)
+	return ipt.Delete("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, sshPort, port)...)
 }