From pm discussion, I've confirmed those ports aren't really open on his firewall, and it's behaving as his shown firewall ruleset should, proving it was something to do with the network of the person who scanned him originally.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.