Block web ui / API

ahoiroman · July 8, 2021, 8:59pm

Hello everybody,

I’d like to allow access to the web ui / API only to a specific IP.

My foreman-installation is based on Debian 10.

If I do this:

iptables -N https 
iptables -A https --src 1.2.3.4 -j ACCEPT  
iptables -A https -j DROP 
iptables -I INPUT -m tcp -p tcp --dport 443 -j https

The web ui is blocked as expected, but although puppet agent --test works on the remote hosts, all hosts are showing “out of sync” after 1 hour.

Lang_Jason · July 9, 2021, 2:24am

Reports are sent to the foreman api at the end of a run by the client. IIRC --debug on the puppet run will show this. Otherwise you can see it in production.log if you open the access back up

gvde · July 9, 2021, 5:22am

Where is the puppetserver running? On the same host?

What does the full resulting iptables filter table look like?