Access Control: Restrict allowed node member ips

I set up PXC and everything is working as expected. However, I wondered whether there is some kind of access control to restrict incoming connections to the nodes defined under wsrep_cluster_address. That is, is there a way to have a whitelist of IPs (e.g., the wsrep_cluster_address ones) and prevent any other IPs from joining the cluster by directly dropping those connections?

The idea behind this question is that I would like to reduce possible hacking attempts to the cluster in a WAN setup. Because if a hacker joins my cluster, then it would have all my data, right?

Well, I did not find any settings within PXC and used iptables in order to secure the cluster servers.