NMAP (or other) continuous port scan until it returns open

You can use iptables(add allow rules)

Scanning host 8.8.8.8:

# iptables -I INPUT 1 -s 8.8.8.8 -j ACCEPT
# iptables -I OUTPUT 1 -d 8.8.8.8 -j ACCEPT
# iptables -Z && nmap -O 8.8.8.8
# iptables -vn -L
Chain INPUT (policy ACCEPT 273 packets, 17374 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    8   320 ACCEPT     all  --  *      *       8.8.8.8              0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 140 packets, 13386 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2043 94224 ACCEPT     all  --  *      *       0.0.0.0/0            8.8.8.8 

Nmap shows ports for which it receives no response as "filtered". This is the result when a rule or policy is set to "DROP".

The reason port 111 shows up in one output and not the other is in the "Not shown:" line. Whatever the most common port state ("closed" or "filtered", not "open") gets bundled up into that line, with a count. So when the policy is ACCEPT, and nothing is listening (or if the policy were REJECT), the most common state is "closed", meaning a TCP RST packet was received. The DROP rule for port 111 makes it different from the others, so it gets shown.

In the second case, when the default policy is DROP, the result for port 111 is no different than for any other port, so it is lumped in with the others in the "Not shown: 65534 filtered ports" line.

You can get more details on why a port is shown in a particular state by adding the --reason option. Also, turning on debugging with -d will unroll that "Not shown" bundle and show you each port separately (lots of output!).