When OS X server starts up, it starts the serialnumberd process. The job of this daemon is to check the network to make sure that you are not using the serial number on more than one machine. It does this by using multicast communication so that all other OS X servers can talk to each other. When this daemon starts up it creates a rule in the built-in firewall (ipfw). The rule is set to allow all ip traffic to port 626, which is the port that the serial number daemon communication uses. The rule is set to number 00001, the highest priority in the ipfw so that any other rules that you have in effect don’t affect its capabilities. If you remove the allow rule and replace it with a deny rule, serialnumberd doesn’t like it. You will not be able to access the features in server admin because it will tell you that you have a serial number conflict. If you have a site license however, then serialnumberd doesn’t care how many times a serial number is used, so it doesn’t need to add the firewall rule.