Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

mrmekul

macrumors newbie
Original poster
May 24, 2015
18
1
Hi, I need to block a certain IP address from ssh'ing into my computer. I am running Yosemite. Thanks in advance.
 
Hi, I need to block a certain IP address from ssh'ing into my computer. I am running Yosemite. Thanks in advance.

You'll need to use pf/pfctl which is the BSD packet filter installed on OS X by default.

Basically you'll need to do the following:

1. Edit /etc/pf.conf as required *
2. Start pf: sudo pfctl -f /etc/pf.conf
3. Enable pf: sudo pfctl -e
4. Enable on boot
Code:
sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist

* If you can't be bothered learning pf you could use a fronted:
http://www.murusfirewall.com
 
Last edited:
Hi, I need to block a certain IP address from ssh'ing into my computer. I am running Yosemite. Thanks in advance.

Consider enabling the Application Firewall. This adds dynamic blacklisting capabilities to the built-in firewall, and it can be configured to block malicious hosts for [X] number of minutes after [Y] number of failed login attempts. The default configuration will block hosts for 15 minutes after 10 failed attempts. You can also set up persistent blacklists and whitelists.

Documentation for enabling the Application Firewall on 10.7 through 10.10 can be found here:
https://support.apple.com/en-us/HT200259

And here:
https://help.apple.com/advancedserveradmin/mac/4.0/#/apd4288B31F-0C3D-4004-9480-4B7E0AFBB818

And an overview of the command-line options can be found here:
http://krypted.com/mac-security/using-afctl-to-manage-the-adaptive-firewall-in-os-x-yosemite-server/

Pro-tip! Run the afctl command with the -T option to set the failure threshold for blocking a host that's trying to connect. The -H option is used to set how long the host is blocked (in minutes).

For example, running...
afctl -T 5
...will block the IP address of a host after 5 failed login attempts.

Running...
afctl -H 120
...will block the IP address of a host for 120 minutes.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.