Yes, I've tried the luci-app-upnp app and it actually has the option by default to only allow opening/forwarding a port to the same IP that initiated the request:
Enable secure mode
Also, you can just setup your console with a static IP and limit the allowed range to that specific IP:
Seems to work pretty good on OpenWrt 23.05.3