Isolating or securing roon core in company or public network

I use roon as an all-in-one setup on my linux laptop(debian) with chord mojo and beterdynamic headphomes. roon core in installed regularly and roon controller app running on wine. it works perfect and i love the sound and the interface.
roon was the only way i found to stream hi res and mqa tidal music on a linux laptop.

but, the roon core is exposed on the network to anyone that has the roon app and i really don’t like it, and i also read somewhere that roon is publishing events on the network.

my question is if there is a way to isolate roon or secure it in some way. i read the thread about securing roon here and i understand there is no official way to do that.
I’m not knowledgeable enough to find a solution but i’m thinking about maybe to force roon to attache only to the loopback interface, does it make sense?
or , install the core on a virtualbox vm with host only access or something like that and then a roon bridge + controller on the host ?
or, using a firewall to block all incoming connections ?

any idea son how to do that?

Havent’t tried it myself, but using the firewall to block incoming connections on roon ports from all other ip’s than your own (localhost/ if running everything on your own laptop) could work…