Thank you for this message @S_Page, I am running the Roon server on an Ubuntu 20.04 system and I am trying to configure my iptables firewall.
I must say I cannot understand why port management is so complicated with Roon. Normally, it is sufficient to keep one port open for discovery or first client connection, and then the client and server can move the connection to a different random port as long as the firewall on the server allows connections with a RELATED or ESTABLISHED state.
In the post mentioned above (https://community.roonlabs.com/t/roon-api-on-build-880-connection-refused-error/181619/15), @Geoff_Coupe and @brian recommend using the discovery method. This might be fine for extensions developers using the Roon API, but this is not a practical solution for a user like me that is running the Roon core on his system and needs a firewal to ensure minimal security.
I opened the ports you suggested above and everything seems to be working fine (until it doesn’t), but these are very wide port ranges. Half of the UDP range needs to be kept open. I may have other applications that are vulnerable on these ports and this seems like an unjustified security risk.