No connection when firewall is enabled (with ACL for src/port)

[ssa5]

When firewall on the server is enabled, cannot access Tailon. Once the firewalld service is stopped, I can connect via my browser. I did of course insure that there was a proper entry in my firewalld zone file. Basically same setting I use to access the very web application I want to view logs, except changing port from 8080 to 7780. I have done packet caps when firewall is enabled, and when is stopped. I have checked and changed SELINUX to non enforce mode, though did not see anything in audit,log or any logs for that matter. The system is Oracle 7.3 (i.e. RHEL7).

On this test server I do have multiple applications viewable thru web interface, and all work. So I did verify that network connection, firewall, address, port, etc are all working. Netstat shows me that the app is using the port I selected in the cli command (7780)

firewall-cmd --zone=drop --list-all|grep 7780
rule family="ipv4" port port="7780" protocol="tcp" accept
and
netstat -tulpn |grep python2
tcp 0 0 0.0.0.0:7780 0.0.0.0:* LISTEN 122154/python2
netstat -tulpn |grep 7780
tcp 0 0 0.0.0.0:7780 0.0.0.0:* LISTEN 122154/python2

I did run with '-d' option, but once started, after going back to browser and trying open page, the debug output showed nothing. It is as if once the firewalld daemon is started, Tailon stops listening on that port.