Firewall/NAT

I have two locations with three internet connections total. We have a VPN from each of our locations to a Monowall in a colo. We would like to secure the Monowall to only talk to our three internet connections, and not anyone else.

Can this be done, and if so, how?

Yes and no. Yes in that you can configure your WAN firewall rules to only allow traffic from those locations. No depending on what VPN type(s) you're using, as there are auto-added VPN rules on WAN that allow that traffic in which may be more permissive than absolutely required (check status.php for the raw ruleset to see). You can hack the source to not add those rules and manually add your own more restrictive ones if that's the case in your setup.