Hello, I know this was discussed many times. I will be short.
The PSD rule to prevent Port Scanners via TCP : froward and input works ok as should.
But can I use PSD for UDP ???
I have made rules for UDP and have got strange behaviour as google DNS 8.8.8.8 and 8.8.4.4 and some other google belonging IP’s were listed and blocked by the drop rule.
I understand IP can be spoofed but to this happen straight after implementing the rule look like PSD traffic from Google senses as port scan.
Why I want to drop port scanners for UDP? : I want UDP ports 500, 1701, 4500 not to be visible for port scanners and to minimise numbers of dickheads for trying my VPN to be cracked. 
All comments appreciated.