Thanks for your info mrmarkuz. I read in a post from @filippo_carletti, that ndpi (which I have installed) would block TV.
config show firewall:
firewall=configuration
CheckIP=8.8.8.8,208.67.222.222
Docker=disabled
ExternalPing=enabled
HairpinNat=enabled
MACValidation=enabled
MACValidationPolicy=drop
MaxNumberPacketLoss=10
MaxPercentPacketLoss=50
NotifyWan=disabled
NotifyWanFrom=
NotifyWanTo=
PingInterval=5
Policy=permissive
VpnPolicy=strict
WanMode=balance
I tried with the following rule.
Instead of the service created for 5938 I tried the builtin (ndpi) teamviewer service too. I also tried with red, green or the host as source but nothing really helps.
Symptom: sometimes connection is established immediately, but then again with the same rule, the log fills with blocked connections to dst port 5938 - similar to the example on initial post, so I am lost…
shorewall clear lets me immediately connect, so it must have something to do with firewall/shorewall/deep packet inspection?