watcher for the /var/log/authlog logfile detecting failed password logins
for invalid users via ssh.
The IP addresses from which the failed logins originate are added to the
pf table "blacklist". That table can be used in pf.conf to block further
access from those hosts.