Block a specific ip address from ssh.

Discussion in 'Mac OS X Server, Xserve, and Networking' started by mrmekul, Aug 6, 2015.

  1. mrmekul macrumors newbie

    May 24, 2015
    Hi, I need to block a certain IP address from ssh'ing into my computer. I am running Yosemite. Thanks in advance.
  2. SlCKB0Y, Aug 6, 2015
    Last edited: Aug 6, 2015

    SlCKB0Y macrumors 68040


    Feb 25, 2012
    Sydney, Australia
    You'll need to use pf/pfctl which is the BSD packet filter installed on OS X by default.

    Basically you'll need to do the following:

    1. Edit /etc/pf.conf as required *
    2. Start pf: sudo pfctl -f /etc/pf.conf
    3. Enable pf: sudo pfctl -e
    4. Enable on boot
    sudo defaults write /System/Library/LaunchDaemons/ ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
    sudo chmod 644 /System/Library/LaunchDaemons/
    sudo plutil -convert xml1 /System/Library/LaunchDaemons/
    * If you can't be bothered learning pf you could use a fronted:
  3. Cybaru macrumors newbie


    Aug 12, 2015
    Consider enabling the Application Firewall. This adds dynamic blacklisting capabilities to the built-in firewall, and it can be configured to block malicious hosts for [X] number of minutes after [Y] number of failed login attempts. The default configuration will block hosts for 15 minutes after 10 failed attempts. You can also set up persistent blacklists and whitelists.

    Documentation for enabling the Application Firewall on 10.7 through 10.10 can be found here:

    And here:

    And an overview of the command-line options can be found here:

    Pro-tip! Run the afctl command with the -T option to set the failure threshold for blocking a host that's trying to connect. The -H option is used to set how long the host is blocked (in minutes).

    For example, running...
    afctl -T 5
    ...will block the IP address of a host after 5 failed login attempts.

    afctl -H 120
    ...will block the IP address of a host for 120 minutes.

Share This Page