1. Proposed title of this feature request

Bind NodePort Services to Specific Node Interface

2. What is the nature and description of the request?

When a Service type NodePort is exposed, it listens by default on all nodes interfaces (0.0.0.0). We can keep this default configuration and add an option to configure the Cluster Network Operator to instruct OVN to bind NodePort Services only on a specific interface of the nodes when required (X.X.X.X instead of 0.0.0.0). Same as with kubeproxy [1].

[1].  https://kubernetes.io/docs/concepts/services-networking/service/#service-nodeport-custom-listen-address

3. Why does the customer need this? (List the business requirements here)

In a zero trusted network, customers leveraging external loadbalancer with nodeport to expose services, have to make sure that ingress traffic is going through specific interface of nodes. 
There is multiple use cases when customers may enable IP Forwarding in OpenShift (e.g: leverage Egress IP on secondary interface), in this case there'll be a security concern as the NodePort Service(s) could be reached from any interface on the node.

4. List any affected packages or components.

OpenShift OVN