Dear FreeBSD Guys, It is FreeBSD Release 9.0 x64 and i see this log very frequent almost every second, And i want to block this IP from reaching my server. i configured the PF as following but still see the same logs, it is like it did not work. block in log quick from 41.211.2.239/32 to any Sep 11 07:49:56 titan avahi-daemon[1567]: Received response from host 41.211.2.239 with invalid source port 4331 on interface 'em0.0' Sep 11 07:50:25 titan avahi-daemon[1567]: Received response from host 41.211.2.239 with invalid source port 38627 on interface 'em0.0' Sep 11 07:51:29 titan avahi-daemon[1567]: Received response from host 41.211.2.239 with invalid source port 38627 on interface 'em0.0'
On 11 Sep 2012, at 10:15, "Shiv. Nath" <prabhpal@digital-infotech.net> wrote:> Dear FreeBSD Guys, > > It is FreeBSD Release 9.0 x64 and i see this log very frequent almost every second, And i want to block this IP from reaching my server. i configured the PF as following but still see the same logs, it is like it did not work. > > block in log quick from 41.211.2.239/32 to any > > > Sep 11 07:49:56 titan avahi-daemon[1567]: Received response from host 41.211.2.239 with invalid source port 4331 on interface 'em0.0' > Sep 11 07:50:25 titan avahi-daemon[1567]: Received response from host 41.211.2.239 with invalid source port 38627 on interface 'em0.0' > Sep 11 07:51:29 titan avahi-daemon[1567]: Received response from host 41.211.2.239 with invalid source port 38627 on interface 'em0.0' > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"It says it received a *response* so my understanding is *you* are trying to connect. Adjust your rule and see if it's any better.
On Tue, Sep 11, 2012 at 10:15 AM, Shiv. Nath <prabhpal@digital-infotech.net> wrote:> Dear FreeBSD Guys, > > It is FreeBSD Release 9.0 x64 and i see this log very frequent almost every > second, And i want to block this IP from reaching my server. i configured > the PF as following but still see the same logs, it is like it did not work. > > block in log quick from 41.211.2.239/32 to any >try block log quick ... instead. -- chs,