Hi, I wish to block all attempts by “shodan.io”. Basically I run an OpenBSD (6.4) mail server using OpenSMTPD and notice quite bit of traffic all stemming from “shodan.io". I have PF configured so I was wondering how to block such a domain from making any attempts to connect to my server. There is little information about Public IP addresses being used by "shodan.io" scanner, so making an IP list for PF may be futile.
Could someone suggest a possible option? I was thinking along the lines of “relayd” or "squid proxy”. My server is hosted at Vultr and has a single WAN interface with Public IP. There is no internal LAN interface. For those who do not know about “shodan.io”, please do a search and you will discover what it does. Regards Nino
