I was setting up new Surf SOHO MK3 with firmware 7.0.2 and connect it to an existing LAN rather than the Internet to do port scans of the WAN port. To scan all TCP ports, I ran
nmap -p- 1.2.3.4
This found found all WAN ports filtered except two. As expected, the port I was using for remote admin was opened. What was not expected was that port 9999 was closed.
A few days earlier, I had enabled SSH/CLI on LAN/WAN using this non-standard port (9999). Then, I had disabled SSH/CLI. Apparently, this left the port being closed rather than filtered.
I tested this again on another Surf SOHO also running 7.0.2. This second router was HW2 and live on the Internet. Again, I picked a random port for SSL/CLI use. After enabling it, GRC port probe detected the port as open
GRC | ShieldsUP! — Single Port Probe
Then, I disable CLI/SSH and the above port probe shows it as closed rather than stealthed.
Is this working as expected, or, is it a bug?