Brute-force attacks can create a lot of noise in system logs.
It could be convenient to be able to use a command to block a specific IP:

$ pfctl -t badhosts -T add $IP_TO_BLOCK

pf has the advantage to create easier to read rules than ipfilter and ipfw,
and to be still actively maintained.

Deployed on Hervil