Restricting web access by IP

Hi all,

Thinking about restricting access to the web interface to only a management IP address.

I believe the only aspect I am using that requires 'public' access is provisioning to handsets?

Could this be achievable, could I break other things in the process?
How would I go about this?

An iptables rule would be most effective way to limit access but would block provisioning as well. Pretty easy to modify as needed when provisioning new devices.

You can also use allow/deny statements in the nginx config for certain directories. With the right placement, GUI access would be blocked or redirected but could still allow provisioning.