Stealth mode and 'connection opened' in NSA 3600 event logs
I have stealth mode turned on by default, such that any connection attempt to a port that is not explicitly allowed is dropped, with no response sent to the initiating system. I've tested this via various means.
Problem is, when looking at my event logs, these connection attempts are logged as 'Connection Opened', which suggests that the system actually did allow the connection.
This makes accurate analysis of what my firewall is and is not allowing through exceedingly difficult.