It will use the preferred IP address on the interface that faces the destination IP according to the routing table. That is the expected behavior on virtually any routing platform.
Why does that require you to edit your firewall? Ideally - for resources and sanity - your input chain rules should be stateful, and allow packets belonging to established connections back in. The output chain is rarely filtered, if it is, just permit connections to UDP/123.