Accept incoming traffic from another app, prevent outgoing traffic

I have this sort of set up in mind:

  • My main web application, where all of my business logic lives.
  • Per-user apps where I will execute untrusted user commands (if not containers) on Fly machines. Those commands will be sent via some sort of HTTP/RPC mechanism to the machines from the main web application.

Is there anything I can do to:

  1. Allow only my main web application to send requests to the machines running the untrusted user code (it’s actually going to effectively be sending things like shell commands there).
  2. Prevent any outgoing connections from the machines running user commands (this is optional, but ideal).

Looking around at community discussions and documentation, it seems that private networks on Fly are completely isolated from one another. Is the best option, then to just create private networks per-user, and maybe set up some kind of public key auth between my main web app and the untrusted user apps/machines?