I’m using a CRS326 at home. I notice when i run an external scan of my IP address that although i have no ports open, the firewall is not only dropping packets, but is replying with ‘port closed’.
Is this normal behaviour?
Is there a way for the firewall to drop packets silently? (this is what I’m used to with my old Draytek)
Thanks
Using a switch as a router? Must have a tiny throughput ISP. No port should be normally seen except ICMP…
its a short term solution…
this is what ShieldsUp shows…
Shields up is a very nice but not required, I believed you the first time,
what is needed is to see why your config is letting that happen 
/export file=anynameyouwish (minus switch impersonating a router serial number, any public wanip information, keys etc.)
Corrected that for you … 
My experience is that FW with drop rule does successfully hide port (it’s “stealth”). If, however, port is NATed (for a particular source address), then it’s up to service on the backend to handle “unwanted connection requests” … and mostly they respond in a way interpreted as “port closed”.
But yes, it really depends on how FW is set up.
Nice filename
possible alternative:
/export anavipsedixit
the Latin version is IMHO the best one, as it is short(er), elegant and better conveys the authority of the subject on the matter.
If i were to latinize it …
/export file=vici-de-bici