Greetings, I have wireguard installed happily and I have put in two WAN firewall rules, the first to ALLOW UDP/51820 from WANv4/WANv6 and REJECT ALL WANv4/WANv6 immediately after so only my VPN traffic passes from external. Tested and works (eg I can use my internal addresses and hostnames with wg0 on and cannot with wg0 off.
Strangely when I turn wg0 off I still have the following ports visible when using nmap to my public ip:
PORT STATE SERVICE
21/tcp open ftp
554/tcp open rtsp
1720/tcp open h323q931
1723/tcp open pptp
5060/tcp open sip
Here’s my firewall rule:
Why do those ports remain visible? I do use sentinel honey pots on port 21,23,25,80,587 logs, sentinel proxy and survey. If these services are related how come ss and netstat don’t pick them up?