Preventing access to specific ports

I’m using Tailscale with userspace networking on Glitch, which exposes services which I do not want to let others use remotely (e.g. webservers which return project invite tokens). Could I somehow prevent access to those ports over tailscale?

Blocking access to ports 1080-1089 (the ports that Glitch seems to use internally) by adding tailscale serve configuration items to keep traffic from going to the actual service) seemed to work.
For reference, here’s the command I used to set that up:

set -x; for a in {1080..1089}; do tailscale serve https:$a / 'text:Nope!'; done; set +x