My guess is that you meant 139/TCP instead of 439/TCP, in which case this is pretty much on par for many residential ISPs and their blocking of typical problematic ports.
My suggestion? Re-run shields-up (for what its worth) and run a capture on $ext_if with an appropriate filter and I'd bet you don't see any inbound 139 or 445. -jon