Yeah, they provide a “Flow” section where you can setup firewall-like rules to control your flow of traffic. You can configure rules that say, allow ssh to a specific server, but only from a specified devices, while allowing ssh, https and smb to another server from any device, blocking all other TCP traffic. UDP is a little weirder to control, but there’s a decent tutorial with example configs.
I hear about TailScale a lot, and I know its super popular in the self-hosting & linux communities. I haven’t used it myself though, so can’t offer a comparison vs ZeroTier. I found ZeroTier refreshjngly easy to use and install on client devices, so haven’t had reason to look elsewhere yet.
Anyway, have fun with your endeavor!
You might try ZeroTier. You’ll each need a tiny client app, but its super easy to install and setup, and extremely secure. Free to use with up to 25 devices.