It has been quite awhile since I had to mess with the configuration of my ERL. I got a call from Comcast security that they picked up my external IP as part of a DDOS attack. It looks like way back when I was doing some troubleshooting I had changed the default action to accept, so first I changed the default action to Drop on the WAN_IN interface. That didn't seem to make any difference, so next I added a manual rule before the default and did a drop all on it.
When I do a nmap of the IP, I get a whole ton of ports opened. I figure I'm missing something simple, but nothing stands out to me.
I'm attaching the firewall rules and the results of an nmap scan from an external computer.