In the Nmap scan, what does the Nmap state filtered option do?
When I scanned a host for open ports I came across the following result:
PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 3306/tcp open mysql What does filtered mean?
Filtered is also a common response when scanning for UDP. Scanning for UDP presents a number of challenges and the nmap documentation has a detailed discussion on UDP and the filtered status.
Reminder: by default, nmap state filtered scans only for TCP against the 1000 most 'popular' ports. In the past I have used Unicornscan for this specific purpose because nmap has limitations, but there may be other tools that will perform adequately. I would suggest that you try again with a UDP scan and see what you get. Perhaps add some flags like -sV to get nmap to dig further.
Ports 139 and 445 normally use tcp while ports 137, 138 use udp.
# iptables -A INPUT -d 10.1.1.1 -p udp --dport 137 -j DROP
# iptables -A INPUT -d 10.1.1.1 -p udp --dport 138 -j DROP
# iptables -A INPUT -d 10.1.1.1 -p tcp --dport 139 -j DROP
# iptables -A INPUT -d 10.1.1.1 -p tcp --dport 445 -j DROPSource: Firewalling Samba