Mac OS X PF Firewall: Protecting SSH from Brute Force Attacks

Apple-like gate (CC BY-SA 2.0 Licensed image by Dennis Jarvis, Flickr user archer10)
Apple-like gate (CC BY-SA 2.0 Licensed image by Dennis Jarvis, archer10)

The OpenBSD‘s PF provides a great many features for packet filtering and network address translation. Mac OS X includes a version of PF that can be used to protect network services. In an article called “Mac OS X pf: Avoiding known bad guys“, I talk about using the Mac OS X PF firewall to protect against known bad sites. In this article, we explore a technique to protect SSH from attackers trying to gain remote access to your Mac by guessing passwords by brute force.

Most of what I learned about PF was used at the office to protect our network. We built redundant firewalls using FreeBSD and PF rules. I started to experiment with the Mac OS X PF implementation once I learned that it was shipped in Lion (Mac OS X 10.7). I am specifically concerned about my Mac laptop systems. The information in this article can also be applied to Mac server and desktop systems too.

firewall security systems

Mac OS X pf firewall: Avoiding known bad guys

Apple Mac OS X has multiple firewall options. In this article, we will look at enabling the Mac OS X pf firewall and loading a list of IPs and networks that are known to host spammers, attackers, botnet command and control servers, and other undesirable actors on the Internet.