I needed to open a few ports and ran an nmap scan from the internet to test, all good, however I found that the below ports were also opened, which I had never configured. All ports from the internet were previously blocked, or so I had thought.
I ran another scan 10 minutes later and the concerning ports were no longer open. Is there any rational explanation for this? How would you guys investigate? It's quite concerning. I'll post up my firewall configs tomorrow.