I am running a nessus scan on my BM3.6sp2 server and is showing on the

external interface of this box that , SLP, NCP, HTTPS are open. I am
confused as to how this is happening when I have my rule base
configured to
only permit what is in the access list then deny everything else.

I have tried to deny these ports on the external (public) interface
still shows up as being open. What am I missing? Is it because these
services are bound to all interfaces?