Block a specific ip address from ssh.

Discussion in 'Mac OS X Server, Xserve, and Networking' started by mrmekul, Aug 6, 2015.

  1. mrmekul macrumors newbie

    Joined:
    May 24, 2015
    #1
    Hi, I need to block a certain IP address from ssh'ing into my computer. I am running Yosemite. Thanks in advance.
     
  2. SlCKB0Y, Aug 6, 2015
    Last edited: Aug 6, 2015

    SlCKB0Y macrumors 68040

    SlCKB0Y

    Joined:
    Feb 25, 2012
    Location:
    Sydney, Australia
    #2
    You'll need to use pf/pfctl which is the BSD packet filter installed on OS X by default.

    Basically you'll need to do the following:

    1. Edit /etc/pf.conf as required *
    2. Start pf: sudo pfctl -f /etc/pf.conf
    3. Enable pf: sudo pfctl -e
    4. Enable on boot
    Code:
    sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
    sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
    sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist
    * If you can't be bothered learning pf you could use a fronted:
    http://www.murusfirewall.com
     
  3. Cybaru macrumors newbie

    Cybaru

    Joined:
    Aug 12, 2015
    Location:
    Iowa
    #3
    Consider enabling the Application Firewall. This adds dynamic blacklisting capabilities to the built-in firewall, and it can be configured to block malicious hosts for [X] number of minutes after [Y] number of failed login attempts. The default configuration will block hosts for 15 minutes after 10 failed attempts. You can also set up persistent blacklists and whitelists.

    Documentation for enabling the Application Firewall on 10.7 through 10.10 can be found here:
    https://support.apple.com/en-us/HT200259

    And here:
    https://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4B7E0AFBB818

    And an overview of the command-line options can be found here:
    http://krypted.com/mac-security/using-afctl-to-manage-the-adaptive-firewall-in-os-x-yosemite-server/

    Pro-tip! Run the afctl command with the -T option to set the failure threshold for blocking a host that's trying to connect. The -H option is used to set how long the host is blocked (in minutes).

    For example, running...
    afctl -T 5
    ...will block the IP address of a host after 5 failed login attempts.

    Running...
    afctl -H 120
    ...will block the IP address of a host for 120 minutes.
     

Share This Page