It is possible config a VM instance on GCP to only receive requests from the Load Balancer?

Question

I have an nginx deployment on k8s that is exposed via a nodeport service. Is it possible by using the GCP firewall to permit that only an application LB can talk with these