Please forgive me if I am asking this question in the wrong place. If there
is a more appropriate place to ask, just let me know.

I just installed NetBSD 1.5 as a nat box and firewall for my cable modem,
and it went relatively smoothly. The only concern I have is that when I use
nmap from work to scan my box, ports 137-139 and port 23 are reported as
filtered. Here are the rules I have for those ports.

block return-icmp-as-dest(port-unr) in log quick on ae0 proto tcp from any
to (my ip) port = 23
block return-icmp-as-dest(port-unr) in log quick on ae0 proto tcp from any
to (my ip) port = 137
block return-icmp-as-dest(port-unr) in log quick on ae0 proto tcp from any
to (my ip) port = 138
block return-icmp-as-dest(port-unr) in log quick on ae0 proto tcp from any
to (my ip) port = 139

My goal is for these ports to be a black hole to port scanners.

My second question is - why are ports 137-139 showing up anyway? I don't
have samba installed yet. I have not disabled the related entries in
/etc/services because I will install samba as soon as I have time.

Thanks alot for your help
Quint