Bastion SSH? This new-finagle “airgapt” makes GatewayPorts sshd_option setting of OpenSSL kinda useless?

My code review notes says:

  # GatewayPorts specifies whether remote hosts are
  # allowed to connect to ports forwarded for the
  # client.  By default, sshd(8) binds remote port
  # forwardings to the loopback address.  This prevents
  # other remote hosts from connecting to forwarded
  # ports.  GatewayPorts can be used to specify that sshd
  # should allow remote port forwardings to bind to
  # non-loopback addresses, thus allowing other hosts to
  # connect.  The argument may be no to force remote port
  # forwardings to be available to the local host only,
  # yes to force remote port forwardings to bind to the
  # wildcard address, or clientspecified to allow the
  # client to select the address to which the forwarding
  # is bound.
  #
  # CLI option: -o
  # options.fwd_opts.gateway_ports/channel_fwd_bind_addr()/channel_setup_fwd_listener_tcpip()/channel_setup_remote_fwd_listener()
  # options.fwd_opts.gateway_ports/channel_fwd_bind_addr()/channel_setup_fwd_listener_tcpip()/channel_setup_local_fwd_listener()
  # GatewayPorts defaults to 'no'.