A ridiculously simple idea. Protect your port, say ssh, by adding a code to access it. Ok, that's nothing new, but maybe how it's done.
For a client to connect to a service, it need to unlock the port with a code. The code is made of predefined blocked ports, that makes pf trigger. If the first code port is triggered, IP address enters a state with timestamp. If the next port that the address triggers, matches the next code port within a timeframe, let it enter new state, else lose state. When all code ports have been triggered in the right order, allow address to pass. Sure it's not safe from MITM, but it protects from scans, and allows you to connect from dynamic IP addresses. There are 65536 ports, that gives you 65536^n possible combinations where n is the number of ports in your code. So you probably won't need more than 2-3 ports in your code. Say what you think! And if you like my brain fart, would you want to implement it? Kind regards, Johan Söderberg