Blocking NMAP scans in DD-WRT

[John Connor]

I have some iptables in the firewall that seem to work making my host look down to NMAP, but probing my open ports shows that they are open despite using certain iptables I found on the Internet that supposed to block NMAP scans.

So now I'm wondering if my iptables even work or if DD-WRT even works with those iptables?

Here are the iptables that I found.

iptables -t filter -A INPUT -p TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -p UDP -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -p ICMP -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -m state --state INVALID -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL ALL -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL NONE -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL SYN,FIN -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,FIN -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL FIN -j DROP
iptables -t filter -A INPUT   -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j DROP

Does anyone know how I can block NMAP scans in DD-WRT with iptables?

TIA!