I'm using a CRS326 at home. I notice when i run an external scan of my IP address that although i have no ports open, the firewall is not only dropping packets, but is replying with 'port closed'.

Is this normal behaviour?

Is there a way for the firewall to drop packets silently? (this is what I'm used to with my old Draytek)

Thanks

Using a switch as a router? Must have a tiny throughput ISP. No port should be normally seen except ICMP....

its a short term solution...

this is what ShieldsUp shows...

Shields up is a very nice but not required,, I believed you the first time,
what is needed is to see why your config is letting that happen

/export file=anynameyouwish (minus switch impersonating a router serial number, any public wanip information, keys etc.)

/export file=becausanavsaidso (minus switch impersonating a router serial number, any public wanip information, keys etc.)

Corrected that for you ...

My experience is that FW with drop rule does successfully hide port (it's "stealth"). If, however, port is NATed (for a particular source address), then it's up to service on the backend to handle "unwanted connection requests" ... and mostly they respond in a way interpreted as "port closed".

But yes, it really depends on how FW is set up.

/export file=becausanavsaidso

Nice filename
possible alternative:
/export anavipsedixit

the Latin version is IMHO the best one, as it is short(er), elegant and better conveys the authority of the subject on the matter.

If i were to latinize it ......................

/export file=vici-de-bici