... but today something strange is happend ...

the host tried to make a connection to an unknown IP on port 137 ( UDP ) ... why that ? ... usually Port 137 ( UDP ) is :

netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service

... here the log-entry :

Nov 28 12:26:22 linux-box kernel: OPEN: 192.168.10.60 -> 213.6.48.154 UDP, port:137 -> 137

... anybody an idea ??? should I deny any connections from host to internet on this port ???

This is not strange at all, in fact it is fairly common. Please do make an effort to do your homework and read up on the subject yourself. There are literally tonnes of networking resources on the Internet, I'm positive that Google would have got you a billion hits for the search terms "linux firewall port 137 netbios". What you're probably seeing is a masqueraded NetBIOS Name query. Windows boxes do this sort of crap all the time. It could also be Samba on a Linux (or other UNIX) box. Note that your default packet filtering stance should be to block everything. Then open up the filter for the sockets required by your applications. NetBIOS Name Service probably isn't on that list. Cheers, Tobias