I have some routers with SNTP client (the built-in one) enabled and working.
Some interfaces has public IP addresses but I don't have any firewall rule configured because I want to use FastPath.

Checking SNTP client status I often see this: I had a packet capture and I saw that these packets are NTP requests coming in, as if the router was listening on port 123.
I think this should not happen. Has anybody noticed this?

Those are people scanning the internet for all kinds of services to see if there is something they can abuse.
Whenever you have an open connection to internet you will see this, it is often called the background noise.

Thanks pe1chl, this is of course some kind of scanning coming from big internet but this is not what I want to point out.

What I mean is: a client should just get back its request, then why do I see incoming packets as if the router was listening on port 123/UDP? This is a server behaviour.

With UDP it is not possible to see the difference between a request and a reply.
(and to receive replies, you need to listen on a socket which you also use to send requests)
When you let in replies, you also let in requests.
That is why stateful firewalls exist....

no firewall rules in forward chain for fastpath ....is sort of OK
But this shouldn't rule out firewall rules in in-chain (which isn't fst-pathed to begin with)

@ pe1chl
The 1st UDP packet is in my definition the request, I we block it in in-chain, there will be no reply