The easiest way to block IP addresses in a system with PF firewall is to create a persistent block table, and then just interact with the table.
table <badhosts> persist set skip on lo0 scrub in all block in quick from <badhosts> to any pass all
Each packet is evaluated against the filter ruleset from top to bottom. By default, the packet is marked for passage, which can be changed by any rule, and could be changed back and forth several times before the end of the filter rules. The last matching rule wins, but there is one exception to this: TheOpenBSD PF – Packet Filtering
quickoption on a filtering rule has the effect of canceling any further rule processing and causes the specified action to be taken.
pfctl -f /etc/pf.conf
pfctl -t badhosts -T add 184.108.40.206 pfctl -t badhosts -T add 220.127.116.11
pfctl -t badhosts -T show
Delete an address
pfctl -t badhosts -T delete 18.104.22.168
Delete all adresses
pfctl -t badhosts -T flush
And remember boys and girls, 30 minutes poking with commands can save you 3 minutes of documentation reading….