@MaP Understandable, that's why I went with the reverse proxy route, using ip tables is too low level in the OSI for the CORS related issues in the application layer.
You may be able to set the env.properties to set the ip address of the interface you're trying to access to force it to only listen on that host ip address. See if that bears any fruit...
Fox