Block web ui / API

Hello everybody,

I’d like to allow access to the web ui / API only to a specific IP.

My foreman-installation is based on Debian 10.

If I do this:

iptables -N https 
iptables -A https --src -j ACCEPT  
iptables -A https -j DROP 
iptables -I INPUT -m tcp -p tcp --dport 443 -j https 

The web ui is blocked as expected, but although puppet agent --test works on the remote hosts, all hosts are showing “out of sync” after 1 hour.

Reports are sent to the foreman api at the end of a run by the client. IIRC --debug on the puppet run will show this. Otherwise you can see it in production.log if you open the access back up

Where is the puppetserver running? On the same host?

What does the full resulting iptables filter table look like?