strange iptables/bridge behaviour

I've noticed some very strange behaviour in my firewall lately. If I
do a port scan on my desktop machine (XP) from a site like
security.symantec.com then I get some open ports listed, such as
25,80,110... These ports aren't open on my machine, fport even says
so. If I explicitly block 110 on my firewall the scan still reports it
as being open. I'm using Fedora Core 4 with 2.6.11-1 kernel and
iptables to filter traffic over a bridge. When I block 110 I insert a
rule like this:

iptables -I FORWARD 1 -p tcp --dport 110 -j DROP

the packet counters for this rule are incrementing when I port scan, so
packets are matching. Has anyone seen anything like this before??? Is
it possible that something upstream from my firewall is causing this???

Beau
Received on Tue Feb 7 20:59:01 2006