I am really confused about why the firewall keeps resetting

[lemonpartyz]

Version

2.4.120

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

10

RAM

20

Storage for /

200

Storage for /nsm

16

Network Traffic Collection

tap

Network Traffic Speeds

more than 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

I am having issues with sending logs to SO. I modified the firewall to allow ports 8220 so my machine can connect to fleetserver to install elastic agent, however after 1 minute the firewall resets. I've added the subnet in the firewall (192.160.0.0/24) but it doesn't seem to stick. Is there something I'm doing wrong? I've read I should make hostgroups, but should this not just work out of the box? I must be missing someone.

Thanks in advance!

sudo iptables -A INPUT -p tcp --dport 8220 -j ACCEPT
sudo iptables-save | sudo tee /etc/iptables/rules.v4

Edit:
[root@shrek1 so]# curl -k https://localhost:8220/api/status
curl: (7) Failed to connect to localhost port 8220: Connection refused

I think I broke something, was saying no SSL cert. ugh.

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[lemonpartyz]

turns out I had an issue with my SSL cert, somehow i must have misconfigured it. I ended up recreating the entire elastic fleet container and then I think this did the trick,

sudo so-firewall includehost Fleet 192.168.x.x
sudo so-firewall apply

i think i've literally spend almost 24 hours in total on this. Still learning but I'm glad I finally knocked this out.