Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Larvitz @Larvitz@bsd.cafe

1/13/2026, 5:34:53 PM

Public

New blog post: GeoIP-Aware Firewalling with PF on FreeBSD

Running a mail server means constant brute-force attempts. My solution: geographic filtering. SMTP stays open for global mail delivery, but client ports (IMAP, Submission, webmail) are restricted to Central European IP ranges only.

Result: ~90% reduction in attack logs, cleaner signal-to-noise ratio, smaller attack surface.

Using MaxMind GeoLite2 + PF tables with ~273k CIDR blocks.

https://blog.hofstede.it/geoip-aware-firewalling-with-pf-on-freebsd/

#FreeBSD #InfoSec #SysAdmin #pf #DevOps

GeoIP-Aware Firewalling with PF on FreeBSD | Larvitz Blog

Using MaxMind’s GeoLite2 database with FreeBSD’s PF firewall to restrict client-facing services to specific countries, reducing brute-force attempts and log noise while keeping essential services globally accessible.

blog.hofstede.it

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.bsd.cafe/users/Larvitz/statuses/115888992652791291 on your instance and quote it. (Note that quoting is not supported in Mastodon.)