Need a Firewall rule in two flavors ( IP and NF Tables).
(1) The firewall must limit access from an incoming SSH tunnel to only localhost aka "the server".
(2) No limit to what IP can create the SSH tunnel. Any IP with the right SSH key must be able to connect.
(3) The servers is currently in AWS Lightsail.
(4) Servers have one public IP and one Private IP
(5) There is one server for the IP rule and one for the NF rule, I Will provide ssh key and IP to servers.
(6) All other access must not be touched by the rules. Only apply to the SSH Tunnel.