Cloudflare Access TCP/UDP access

I have a Cloudflare Access with a policy on every subdomain (*.domain.tld) and a reverse proxy (traefik) on my <domain.tld>.
This is working pretty well with a lots of services I have. But now I want to have a UDP/TCP that will run on <exemple.domani.tld> and the reverse proxy will redirect the defined port to the correct service, but the requests are not even getting to traefik, so my guess is that Cloudflare Access are blocking them.

Does Cloudflare Access also blocks unauthenticated UDP/TCP requests? If so, is there a way that I can bypass certain ports?

Due to how DNS works, you can’t return different DNS answers based on what port the application is trying to use. What you’re trying to do is use Cloudflare’s IP (the one that guards HTTPS with Access) when it needs to be protected, but your own non-proxied IP when you need to send UDP/TCP.

Your best bet is to whitelist the IP of the server sending UDP/TCP requests on your server(s) and have it send directly to the IP address of those servers instead of using the DNS for IP lookups.