A system issue got me to look at the Console and when I did I could see that there are about 15 IP addresses from North Korea and Poland from which they are trying to hack into my Mac via ScreenSharing.
I would like to leave ScreenSharing enabled so that I can 'login' to that machine remotely, but am concerned about others trying to hack in.
My thought was to leave all connections inbound to port 5900 open, but would like to blacklist those known IP addresses that are trying to gain access, but I can't figure out how. If I have one rule to allow all incoming, and another rule to block specific IP's, I can't seem to priorities the block rule over the allow all and as a result it lets everything through.
Appreciate any thoughts and input on this.