When you create port forward it should automatically create a corresponding firewall rule. If it didn’t create a corresponding firewall rule (base on your screenshot it created a corresponding rule named “NAT VRising Serer”), you need to manually create it.
Regarding the creation of firewall that is expected. Because the expected traffic is coming from Internet that is why it is only opening ports on WAN. There is no need to open ports on “server” because pfsense is smart enough to know a traffic is a returning traffic.
UDP is a different beast. Unlike TCP, UDP does not have a handshake where it informs the sender that it was able to establish hence why you are getting that message of being filtered. Have you tried using “-sU” parameter when you ran nmap?
Hey! Try configuring a static outbound NAT for the server. I had this same issue when setting up an Urban Terror server which uses a UDP connection. Basically what happens is that without static OB NAT the pfsense firewall is going to send traffic out on a random UDP port as it leaves your network (this is default behavior and thought to enhance security). When the ‘master server’ for the game network receives the traffic it will assume that your server lives on that random UDP port and try to reply to it via the random port, but when that traffic gets back to your firewall it’s going to drop or reject the traffic because your inbound NAT is set for port 9876-9877, and not the random port. Then the game’s ‘master server’ is going to assume that your server is down because it isn’t responding to the traffic it sent back to your server. Assigning outbound NAT tells the firewall to send traffic out from the firewall on the same port it was received on from your server.
TL;DR: It’s your firewall doing NAT translation. Setup static outbound NAT for the server (or the network the server lives on) within your firewall and the issue should resolve.