Best Way to let L2TP server accessible only from Local IPs

Hello,

I would like to block incoming L2TP tunnel requests from outside and would only like to allow requests coming from local side. Is there any practical way of doing this? I’m trying not to consume CPU as much as I can, so I am wondering the optimal way of achieving this.

Thanks!

Default firewall will block it, just as any other incoming traffic from the outside world.

Drop rule.

Then somewhere above the drop rule… An accept rule from an address list that you approve of.