Hi,
In my opinion, the best way to do this would be to use iptables rules. Add some like the following:
iptables -I INPUT -i tun0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
That will accept all connections from your VPN network, and will drop any connection to port 22 from the public network. You could then put the iptables commands in a shell script and execute it using the /etc/rc.local file. That should work across most linux distributions. Alternatively, you could save the iptables rules like so:
iptables-save >/etc/iptables.rules
Now, run this command to restore them.
iptables-restore </etc/iptables.rules
Also, you may want to check out the following article:
http://library.linode.com/security/firewalls/iptables
There may be alternative methods, and probably more secure ones too. You could, for instance, only accept incoming connections from certain VPN ip addresses with iptables and allow those connections to access certain ports, but I assume you'd trust anyone on your VPN network.
Good luck, and feel free to respond with any questions you might have. The excellent community here is happy to help.