Unifi Port Forwards not Working, does Xfinity have a hidden firewall? - Palworld

Hello, I hope you're doing well.

Disclaimer: Palworld is here and if I want to play with my friends (five of us on the game at once), we need to run a dedicated server software that requires port 8211 to be open. I intend to have myself and 4 friends connect to my IP so we can play the game. The server will shut off when we log off for the night. I am not intending on hosting long running large volume servers. This will not be used for business.

The problem: I do not rent any xfinity gear. Everything is my own. Port forwards are being ignored. I think it might be a top level filter that uses settings from the app?

My modem is a single modem unit, the CM1000. Bridge mode is not the solution here, it's a straight modem not a modem/router hybrid.
I have a USG-3port connected to a Unifi Switch. My desktop connects through the switch.

I have my port forwards setup correctly. I've tried using a static IP for the device, that way I know the IP is not changing somehow.

I verified the server file is setup correctly. I've had two peers double check it for extra commas or errors. It's not the config file of the server.
I verified I opened the port on my windows firewall.

If I run netstat -aon, I can see the 8211 port under UDP for 0.0.0.0:8211 for *:* foreign addresses.

However, if I use port checker or a telnet scan, port 8211 for my public IP is always closed... I can connect to the server locally, but using the public IP no one can connect. 

So it's definitely that 8211 is closed...
To reiterate, my modem is a straight modem, so it can't be a problem with bridge connection.

I can see I setup the port forwarding correctly on the USG Controller. I setup the windows defender firewall to allow the 8211 port for all connection types...

I'm at a loss... The only thing I can think of is Xfinity has a separate firewall that's run at a higher level beyond my house.

So now I need to ask, does Xfinity block port 8211? Is this some weird top level setup xfinity has to force you to use their app for advanced settings? I did see some users claim that after they went into the advanced settings on their xfinity app and port forward there things worked. That sounds nice, but I don't rent xfinity gear... The App can't do anything except see my modem. So since I'm on my own gear I can't control the port forwards with the xfinity app....

I checked the web page with the list of blocked ports and didn't see 8211 on there. Was it added due after Palworld came out and not put into the site possibly? I'd be impressed if your developers closed the port for one game. Is it maybe something to do with public IP's handed out by xfinity?

I think Xfinity having some sort of extra firewall would make sense. Separately, that would explain why my NAT on the xbox one is defaulting to Moderate.

If anyone has any ideas, please let me know. I cannot think of any reason it would be messed up on my end. I'm hopeful it's something an admin at Xfinity can fix for me.

Thanks for your time!