How to restrict the Foreman Interface Access to specific IP Address or Subnet ?
A first time user of Foreman here.
I have foreman-2.2.3 up and running on local VM.
I’m looking for a option to restrict the Foreman UI access & allow only from specific IPs.
Thanks in Advance.
IPtables (or FirewallD) are your friends here. As far as I know there are no specific settings in Foreman that restruct access, but the Host-based firewall will fix that for you
Just keep in mind, managed machines or at least all deployed smart proxies also typically needs to access the Foreman API, which is the same app and therefore the same port.
True, a solution to restrict ‘end-users’ talking to Foreman could be to put the server itself in a management VLAN, block all ‘end-user’ VLANs and put proxies in those networks (make sure to allow access from/to those systems )
This will effectively shield the management console as the smartproxies don’t have that functionality