Roman,
Feb 3 18:47:14 bridge kernel: Packet log: b1 DENY eth1 PROTO=17 212.114.64.130:624 212.232.168.190:53 L=55 S=0x00 I=11152 F=0x0000 T=45
protocol (/etc/protocols) 17 is UDP. Length=55 bytes TTL=45 (from probably 64) Source port is 625 Destination port is 53.
I was worried because of --sport and I field. I field shows normal dns queries (a scan has a much wider range of I field numbers), while --sport is unusual low for server or client dns queries. And so I wasn't sure what queries these would be. A dns probe? Simply, it was the first time I saw a dns server query from :1023 --> 53 udp. Moreover it was/still is trying both dns servers .181 and .190. A reason more to believe it could be a dns probe. But now I read Boris Lorenz' (Lanswehr & Partner, Nürenberg) answer and it seems that everything is ok.
Now I just wonder why you filter these packets.
Because the --sport is too low. Normally clients and servers query from 1024: --> 53 udp. This is 99% of all cases. for 1% I will not open the 1:1023 ports.
Those appear to be regular dns queries, destined for 212.232.168.181 (your address? PS14613-RIPE).
Yes, it is. Philipp