From owner-freebsd-stable@FreeBSD.ORG  Tue Sep 11 15:05:43 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B9E7D106564A
	for <freebsd-stable@freebsd.org>; Tue, 11 Sep 2012 15:05:43 +0000 (UTC)
	(envelope-from allbery.b@gmail.com)
Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com
	[209.85.216.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 71CB18FC0C
	for <freebsd-stable@freebsd.org>; Tue, 11 Sep 2012 15:05:43 +0000 (UTC)
Received: by qcsg15 with SMTP id g15so441339qcs.13
	for <freebsd-stable@freebsd.org>; Tue, 11 Sep 2012 08:05:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=pd8aUbdkCtQ6e0gy1zLfxNSfkWcYzIyRjrf3xi7HYBM=;
	b=hYxemZ2hih22xpKmyqdrLk/jpFhTqX1k/QSp0vgBpzghkB3aYX+1BPXAhubLlwccVv
	ytBr6POLD/eYTK/FVGktJgSj0fhzFCVlON8g3qUiGxFfe1wMIk9TSAgBwD4oax/jCXN3
	iWR//n7ChKapGny3pFAog4q1sSGa7CA1VAliyLfezto3V2KxjE+TdkMbV21ovess0Vjt
	3z35ExLgBowkJkCmcT9niLjtE2WaVCBgh0ISUpBb1KCO33YuroPZaZGtxqchpJHFftul
	W3zwT8PYY//v0IYZsh3ixOo6LPSWoX3jl0totSuMKiC4OZ+aeFwtvcRDy906MwTOt0u0
	IZeg==
MIME-Version: 1.0
Received: by 10.224.176.132 with SMTP id be4mr10313696qab.45.1347375942698;
	Tue, 11 Sep 2012 08:05:42 -0700 (PDT)
Received: by 10.49.95.230 with HTTP; Tue, 11 Sep 2012 08:05:42 -0700 (PDT)
In-Reply-To: <A41AC173-339A-49DB-9AAB-5079D6B1001C@my.gd>
References: <504EF33A.7080304@digital-infotech.net>
	<A41AC173-339A-49DB-9AAB-5079D6B1001C@my.gd>
Date: Tue, 11 Sep 2012 11:05:42 -0400
Message-ID: <CAKFCL4U8wN5vOZ7DRLLck5tpXFi9U_f=E8NSm7ieO-4TBqYHqQ@mail.gmail.com>
From: Brandon Allbery <allbery.b@gmail.com>
To: Damien Fleuriot <ml@my.gd>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: "Shiv. Nath" <prabhpal@digital-infotech.net>,
	"freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
Subject: Re: PF Configuration - FreeBSD Release 9.0 x64
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 15:05:43 -0000

On Tue, Sep 11, 2012 at 4:26 AM, Damien Fleuriot <ml@my.gd> wrote:

> On 11 Sep 2012, at 10:15, "Shiv. Nath" <prabhpal@digital-infotech.net>
> wrote:
> > It is FreeBSD Release 9.0 x64 and i see this log very frequent almost
> every second, And i want to block this IP from reaching my server. i
> configured the PF as following but still see the same logs, it is like it
> did not work.
> >
> > Sep 11 07:49:56 titan avahi-daemon[1567]: Received response from host
> 41.211.2.239 with invalid source port 4331 on interface 'em0.0'
>
> It says it received a *response* so my understanding is *you* are trying
> to connect.
>

But it's avahi (a zeroconf implementation) so the response is to a
broadcast; the remote machine in question may also be broadcasting.

I would actually question why avahi is even enabled on a server; perhaps
the correct answer is simply to disable it in rc.conf.

-- 
brandon s allbery                                      allbery.b@gmail.com
wandering unix systems administrator (available)     (412) 475-9364 vm/sms