I get a lot of unwanted traffic from Chinese IP addresses. I'm using an old Mac with OS X 10.7.5 (my Mac is ancient, so I cannot update further), so I imagine it's more vulnerable than a newer Mac would be.
This page gave an excellent tutorial about how to use pfctl
to detect sshd "attackers" who violate certain rules and add them to a blacklist. In my naive understanding, this applies only to sshd
connections.
How can I generalize that tutorial to block other kinds of traffic as well? In particular, I have unwanted traffic involving sshd
, sshd-keygen-wrapper
, and screensharingd
, though I'd love to block any traffic that has too many simultaneous connections or too many attempts within a certain amount of time.
Best Answer
You can simply replace:
with:
If you want to restrict this to single ports use:
... port {22, 443, 5900:5902} ...
instead of... port ssh ...
.