arptables not working with nmap

I'm trying to implement a way to prevent network scans from my notebook. One of the things I want is to allow arp request to specific hosts, like my gateway. I added some rules using arptables and they seem to work (at first) arptables -A OUTPUT -d 192.168.1.30 -j DROP arptables -A INPUT -s 192.168.1.30 -j DROP This is actually blocking arp requests to this host. If I run: tcpdump -n port not 22 and host 192.168.1.38 (target host) and run: arp -d 192.168.1.30; ping -c 1 192.168.1.30; arp -n (notebook) tcpdump shows no incoming packets on the target and arp -n on the notebook show (incomplete) But if I run nmap -sS 192.168.1.30 on my notebook I get on the target host: 22:21:12.548519 ARP, Request who-has 192.168.1.30 tell 192.168.1.38, length 46 22:21:12.548655 ARP, Reply 192.168.1.30 is-at xx:xx:xx:xx:xx:xx, length 28 22:21:12.728499 ARP, Request who-has 192.168.1.30 tell 192.168.1.38, length 46 22:21:12.728538 ARP, Reply 192.168.1.30 is-at xx:xx:xx:xx:xx:xx, length 28 but an arp -n on the notebook still shows incomplete, but the nmap detects the host. I also tried using **nftables** and **ebtables** with no success. How can I prevent nmap to send arp request and finding the host?