Mac OS X Server 10.6 Firewall Enables Automatic Blocking of Hosts Attempting Intrusion via SSH

You might not realise this, but the OpenSSH server infrastructure in Mac OS X Server 10.6 keeps track of failed connection attemps from remote hosts. It then activates rules in the Firewall service to temporarily ban attacking hosts from connecting to the OpenSSH service. If you don't have the Firewall service enabled, you can’t take advantage of this.

It is possible to run the Firewall service with an open set of rules that will not impinge on any traffic, ever. If you currently feel that you don’t have any need to use the Firewall service (you might have a hardware firewall/router), then you can still safely enable it with a minimal set of rules. This will allow the automatic remote host bans to take effect.

Last updated: December 9th, 2010