Tunnel retric accees by IP addresses

How can i retrict access to a tunnel for only specific IPs?

my main usecase is to expose an interal API service to the open network using a tunnel
i just wanna make sure its only accessable for a certain IP address