Tunnel/pipe from external to internal

Howdy peeps,

With a tunnel from external to internal, how can I specify the IP that will be permitted to access?

I’m looking for a script that can create the tunnel/forwarding properly and allow specific IPs to connect on designated ports from the guest to all the above NetVMs to get to the external.

Need it to be able to add and remove based on wither virtual or remote IP.

Is there anything out there that can do this please?

Thanks in advance.

Just specify the allowed IPs in the firewall rules.