Because of a feature/bug UPnP ports never gets closed on the wl500g. When they are opened the entries are stored in nvram so they will even survive a reboot. So if you have opened and used UPnP at one point there might be open ports in your firewall. An easy way to remove them is to reset to factory default. If that is not an option you can clear them from nvram.

Here is how you do that:

First check for unwanted forwarding rules in iptables:
iptables -L FORWARD

If there are open ports that you can't account for they are likely caused by UPnP. Now check nvram for those entries:
nvram show | grep "forward_port"

If you find entries there you can remove them one by one like this:
nvram unset forward_portX
where X is for the rule number (ex. forward_port0)

I have also written this script to help to remove a number of rules:

#!/bin/sh
tlr=$1
while [ $tlr -le $2 ]
do
nvram unset forward_port$tlr
tlr=`expr $tlr + 1`
done

It takes to and from rule number as parameters. You can run f.eks like this:
./clearUPnP 0 10
which will clear rules from 0 to 10.

If someone would like to write a script that will clear all forward_port rules on boot, that would be a nice extension. Unless of course Asus or Oleg change this behaviour in comming FW releases.

S.
Edit: Don't forget to nvarm commit before you reboot!

I guess this script would also do the trick:

#!/bin/sh
for line in `nvram show | grep "port_forward" | sed "s/ //"`
do
i=`expr index $line "="`
let i=i-1
rule=`expr substr $line 1 $i`
nvram unset $rule
done


It should remove all rules that starts with "port_forward", and can for instance be started from post-boot, to remove all UPnP ports upon reboot of router.

Haven't really tested it properly as I have already removed the entries from nvram, so use at own risk! I can suggest replacing the last line in the loop with:
echo "nvram unset $rule"
to make sure you don't get any unexpected behaviour, before you run it for real.

S.