Iptables DROP packets but Nmap show the ports opened !!
I've got a question, about how DROPPED packets are shown to TCP scanners such as Nmap.
I've done an IPtables script wich does what i want it to do, but even if unautorised packets are dropped and logged, when i nmap my server, almost all tcp ports are shown as opened.
Of course, some of those ports are (eg. TCP 80), but others are not (eg. TCP 445), i think it is clearly unsafe, cause hackers knows that there is a server behind those closed ports.
In my mind, a good firewall would show the firewalled TCP ports as "stealth" or "filtered" or in the last "closed", but i'd prefer "stealth".
Is it normal ? If not, do you know how can i solve that ?
Thanks a lot.