While trying to debug some ports that appear closed at my ISP, I stumbled across this iptable rule in the OUTPUT chain, which doesn’t make much sense to me:
Target|Prot.|In|Out|Source|Destination|Options|Comment|
|DSCP|udp|*|*|0.0.0.0/0|0.0.0.0/0|multiport ports 123,53 DSCP set 0x24|-|
I know what DSCP is and of course these are ports for NTP and DNS, but why would DNS and NTP packets from the Omnia have DSCP set to 0x24 (dec 36) which accroding to https://linuxreviews.org/Type_of_Service_(ToS)_and_DSCP_Values means traffic class AF42 - which seems somewhat random.
I also couldn’t find where this rule comes from, i.e. what causes the rule to be created, since it’s not in the LuCI firewall config.
Any insight would be much appreciated.