Setting up macOS afctl (the adaptive firewall) on a 10.12 server. We had problems with this on a 10.11 server, and numerous online discussions reported that the thing just didn't work as advertised on 10.10 and 10.11. So I'm kicking the tires on 10.12. (Yes, we're aware that 10.13 is out; we've decided to let the rest of you be the guinea pigs for the next while.)
I've got the thing working for manually-added IP addresses, but I need to trigger the afctl rules with bad logins to make sure that new malefactors are added. I'm not sure how to do this. I just tried deliberately screwing up an ssh login a few times, but it didn't block my IP. So I'm thinking of scripting an ssh attack, or maybe ping flooding the server (later tonight, when no one will mind if it slows down the office network a tad).
Any thoughts on how I can do this? And yes, this will be for whitehat purposes only.
