Working on a Kibana dashboard for iptables I noticed that a lot of internal hosts try to reach phab1003 on port 22280/tcp
See https://logstash.wikimedia.org/goto/23faeb7f40dc1205cb58007b65020c68
Maybe there is a miss-configuration somewhere or a missing ferm rule?