External ports remain visible after wireguard is activated and firewall placed on WAN traffic

Greetings, I have wireguard installed happily and I have put in two WAN firewall rules, the first to ALLOW UDP/51820 from WANv4/WANv6 and REJECT ALL WANv4/WANv6 immediately after so only my VPN traffic passes from external. Tested and works (eg I can use my internal addresses and hostnames with wg0 on and cannot with wg0 off.

Strangely when I turn wg0 off I still have the following ports visible when using nmap to my public ip:

21/tcp   open  ftp
554/tcp  open  rtsp
1720/tcp open  h323q931
1723/tcp open  pptp
5060/tcp open  sip

Here’s my firewall rule:

Why do those ports remain visible? I do use sentinel honey pots on port 21,23,25,80,587 logs, sentinel proxy and survey. If these services are related how come ss and netstat don’t pick them up?