@jerry I am often reluctant to sound too authoritative on topics I know something about for fear of being wrong. Always most skeptical of those who have something declarative to say on topics I know are extremely complex and nuanced such as world affairs that are not their area of expertise.
I also ran into a really odd iptables problem... when I meshed in the second app server node using wireguard, my egress filter rule was blocking outbound traffic on both hosts. After some fiddling, out of frustration, I flushed the rules out of iptables on both hosts - so no rules. And... iptables was still blocking the outbound traffic. I ended up having to reboot each host - and once I did that, things worked ok. Has anyone seen iptables go into zombie mode before?