::UPDATE:: I’ve confirmed that this still works under Mavericks.
::UPDATE 2/15/2015:: Still works fine on Yosemite
::UPDATE 1/31/1016:: El Capitan appears to use socketfilterfw instead of pf, though pf is still installed. I’ll post when I have this working on El Cap.
These instructions use Homebrew and PF with SSHGuard on OS X 10.8.4 and higher (10.10 tested). Previous versions of OS X may use IPFW instead of PF and secure.log instead of system.log
$ brew install sshguard
$ su #(or use sudo from here-on out)$ vim /etc/pf.conf
(add the following lines – this assumes your ethernet and wifi interfaces are en0 and en1. You can also use en0 and en1 in the rules instead of setting up variables)
#############
# Variables #
#############
ext_if="en0"
wifi="en1"
loop_if="lo0"
############
# SSHGuard #
############
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "sshguard"
block in quick on $wifi proto tcp from <sshguard> to any port 22 label "sshguard"
$ (sudo) pfctl -f /etc/pf.conf #reloads the rules
$ (sudo) cp -fv /usr/local/opt/sshguard/*.plist /Library/LaunchDaemons #set sshguard to run at startup
$ (sudo) launchctl load /Library/LaunchDaemons/homebrew.mxcl.sshguard.plist #start sshguard
Here are the contents of homebrew.mxcl.sshguard.plist:
<!--?xml version="1.0" encoding="UTF-8"?>-->
<!--DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">-->
<plist version="1.0">
<dict>
<key>Label</key>
<string>homebrew.mxcl.sshguard</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/opt/sshguard/sbin/sshguard
<string>-l</string>
<string>/var/log/system.log</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
I’m including images of my terminal showing the contents of these files since WordPress seems to find new ways to break the formatting of this post every so often.
pf.conf:
homebrew.mxcl.sshguard.plist:
If you don’t have homebrew installed, you should download the source and compile it for PF.
Small Things Float 
Good info, but WordPress seems to be eating the string “” when displaying your config example.
see it ate it in my reply too! :D
left-angle-bracket shhguard right-angle-bracket
OK, finally got that fixed. It must have cropped up again when I migrated this site. Thanks for pointing it out!
Any changes for sshguard and Yosemite?
No that I’ve found. The big factors that could cause problems would be OS X changing the default firewall or changing where SSH messages are logged, but neither of those seems to have happened in Yosemite.
I think It’s not working properly, I see the sshguard blocking messages, but the connections keep coming in.
It looks like the tags in the plist were also dropped around the command filename,
/usr/local/opt/sshguard/sbin/sshguard . Isn’t lack-of-html-escape-handling in blog-posts a joy?
Thanks. I don’t know how many times I’ve fixed formatting errors on this post.
Another hint – /etc/pf.conf *requires* a line break at the end of the file, otherwise it reports a spurious syntax error.