Ports gone crazy

Super confused here. Testing in a homelab setup I have mattermost-team-eddition deployed via the helm chart. Everything is working great there I am able to access the webui use the desktop app etc. All my traffic goes into an haproxy server in front of the cluster and then into the cluster. The confusion is that I understand 8443/udp must be accessible for the calls plugin to work but somehow I am still connecting but only when the client firewall is disabled. Looking at the logs and tcpdump on the client running mattermost desktop I am able to connect to the server but then the returning connection comes from a different address so its blocked by the firewall. If I wanted to expose 8443/udp via ingress to a service how would I do that and why am I able to connect without it?