Windows AdvFirewall and nmap scans

I come from a Unix background but got the task of configuring a Windows firewall on a public facing server.

I find awkward that any nmap scan I perform against the public IP reports all TCP ports from 1 to 65389 as open regardless of the Windows default rule of not allowing Inbound connections that do not match a rule.

I even got locked out of remote desktop after selecting "Block All Connections" on the Inbound rule of one of the profiles but still nmap shows:

3389/tcp open ms-term-serv

How is this explained

You're scanning the public ip address, which is assigned to the router/firewall, some ports are NAT'ed/forwarded to the server, the rest are not. The server isn't responding to your nmap scan, the router/firewall is, except for those ports that are NAT'ed/forwarded to the server, which will be reported as open, as they should be.

That's why it appears that all ports are open on the server. you need to look at the router/firewall configuration to determine why IT is reporting those ports as open (except for those ports that are NAT'ed/forwarded to the server).

How can I get Egress Static IP per namespace within a EKS cluster

Metadata not showing in Finder window for images on external drive

Turn off wallpaper-tinting from the command line

Can I have more than 2 outs on a Multi-Output Device

How to disable sparkle.framework updates for specific app?

How can I avoid an error preparing macOS Monterey installation on a Mac with an OWC Aura Pro x2 SSD?

Use Siri to play currently selected podcast in Overcast

OSX: how to add a right click option to a folder which opens the folder with an app like VS Code?

Reduce the minimum iPhone volume (bluetooth speakers)

How to disable auto-adjusting of mic input level in Chrome in Mac OS?

How to update my root certificates on an older version of macOS (e.g. El Capitan)?

When pairing a bluetooth keyboard(-like) device with Yosemite, can the pin number be skipped?