hi

Just installed a n9k (9.3) in production and I launched a nmap to it (only tcp first) and :

21/tcp filtered ftp
25/tcp filtered smtp
111/tcp filtered rpcbind
161/tcp open snmp
179/tcp open bgp
512/tcp filtered exec
513/tcp filtered login
514/tcp filtered shell
2049/tcp filtered nfs
27000/tcp filtered flexlm0
32768/tcp filtered filenet-tms

I can create acl for snmp and bgp to limit access but it's a bit crazy because I have already acl for snmp (but I read it opens also tcp 161), for bgp it should limit by itself with peering ip by example...

Is there a magic command to limit that in a better way ?

Thanks

Niko