Protect private registry from external access

I’ve setup the container registry addon in my microk8s cluster (v1.31.5 revision 7592). It is working fine, I can push and pull images to port 32000 etc.
But today I tried to reach the registry’s default API on that port and it worked… From outside the cluster. It means anyone in my local network have access to these images.

How can I protect the addon-provided container registry? Ideally I would like to use some pullSecret/api token to it. If not possible, as a last resort I’ll try to drop outside traffic using some firewall.