I don't think a firewall is the answer.
When I want to securely access my Node-red from anywhere away from home I use Zerotier.
It's described towards the end of the thread All flows gone after fresh install
- Setup an account at zerotier.com and create a virtual network.
- Install Zerotier on your Node-red computer and any device you want to access it from.
- Tell them the ID of the virtual network.
- Authorise them on Zerotier.com.
So my Node-red is on a Rspberry Pi at 192.168.1.11
If I take my laptop to the pub I can connect to it using IP address 192.168.192.11. It looks like a local IP but in fact it's a secure, encrypted connection between the laptop and Pi.
No jiggery-pokery with the router, no port forwarding!
