Grafana Loki/Promtail firewall setup

I have a setup of a variety of projects, each server from every project is sending logs to Loki central server ( No Internal Network and the projects are in different Cloud providers ) using promtail.

  1. Does promtail just push info? or Should I open the port 9080 to the localhost and the Loki server?

For the firewall setup in the Loki server I want to filter who use the port 3100, so that will be the localhost and a bunch of external IPs from 6 or more projects. I was setting up some iptable rules, like:
iptables -A INPUT -p tcp -s localhost --dport 3100 -j ACCEPT
iptables -A INPUT -p tcp -s $other_server --dport 3100 -j ACCEPT
iptables -A INPUT -p tcp --dport 3100 -j DROP

But I noticed everytime I do this, there are no more new entrances from $other_server, Now with the above explanation

  1. What iptables rules or firewall setup should I set for the Loki server?