Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Block a specific ip address from ssh.
- Thread starter mrmekul
- Start date
- Sort by reaction score
You'll need to use pf/pfctl which is the BSD packet filter installed on OS X by default.
Basically you'll need to do the following:
1. Edit /etc/pf.conf as required *
2. Start pf: sudo pfctl -f /etc/pf.conf
3. Enable pf: sudo pfctl -e
4. Enable on boot
Code:
sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist* If you can't be bothered learning pf you could use a fronted:
http://www.murusfirewall.com
Last edited:
Consider enabling the Application Firewall. This adds dynamic blacklisting capabilities to the built-in firewall, and it can be configured to block malicious hosts for [X] number of minutes after [Y] number of failed login attempts. The default configuration will block hosts for 15 minutes after 10 failed attempts. You can also set up persistent blacklists and whitelists.
Documentation for enabling the Application Firewall on 10.7 through 10.10 can be found here:
https://support.apple.com/en-us/HT200259
And here:
https://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4B7E0AFBB818
And an overview of the command-line options can be found here:
http://krypted.com/mac-security/using-afctl-to-manage-the-adaptive-firewall-in-os-x-yosemite-server/
Pro-tip! Run the afctl command with the -T option to set the failure threshold for blocking a host that's trying to connect. The -H option is used to set how long the host is blocked (in minutes).
For example, running...
afctl -T 5
...will block the IP address of a host after 5 failed login attempts.
Running...
afctl -H 120
...will block the IP address of a host for 120 minutes.