Hi there,
since I’m forced by my employer to use an out-of-the-box Android 10 phone for work (i.e. no LineageOS, no data protection etc.) I notice the following messages in my firewall log (throughout the day every 20 minutes, 8 messages):
Nov 22 20:18:13 ipfire kernel: DROP_FORWARD IN=blue0 OUT=blue0 MAC=yy:yy:yy:yy:yy:yy:xx:xx:xx:xx:xx:xx:08:00 SRC=192.168.1.118 DST=192.168.1.2 LEN=88 TOS=0x00 PREC=0x00 TTL=253 ID=24137 DF PROTO=UDP SPT=33270 DPT=53 LEN=68
Nov 22 20:18:18 ipfire kernel: DROP_FORWARD IN=blue0 OUT=blue0 MAC=yy:yy:yy:yy:yy:yy:xx:xx:xx:xx:xx:xx:08:00 SRC=192.168.1.118 DST=192.168.1.2 LEN=88 TOS=0x00 PREC=0x00 TTL=253 ID=24138 DF PROTO=UDP SPT=33270 DPT=53 LEN=68
Host 192.168.1.118 is the phone in question, 192.168.1.2 is the internal DNS server running pi-hole, MAC addresses have been obfuscated.
Only this and another OOB Android phone are triggering such log entries. I can’t imagine why one would forward UDP packets to port 53 within the same network segment 192.168.1.0/24 and being dropped by the firewall. What is going on here?
Thanks!