@Jeff When you restrict IP addresses to call Logic App endpoints and have webhook type of actions (like approval workflow), the subsequent call back requests are blocked unless you enable the Logic App connector outbound IP addresses in workflow settings or in ARM template. So you would need to enable the connector outgoing Ip addresses to receive user response for send approve email action either in Workflow settings IP ranges or update via ARM template for actions.
You can refer to this document which lets you to restrict IP addresses for triggers as well actions from ARM template.
"accessControl": {
"triggers": {
"allowedCallerIpAddresses": [
{
"addressRange": "192.168.12.0/23"
}
]
},
"actions": {
"allowedCallerIpAddresses": [
{
"addressRange": "192.168.12.0/23"
}
]
}
},
Let me know if you are still facing the issue once you have added the outgoing IP address as per the region where your logic app is deployed.