Here are the docs in case you are interested.
On Elastic Cloud when you create and associate and AWS PrivateLink upon proper creation of that Private Link Connection the Elasticsearch endpoints an only be access via the Private Links connection which is directly linked to the Specified VPC Endpoint, and thus all traffic to the Private Link endpoint will be via AWS Internal Network.
If you do add an IP Filter that adds back Public IPs to address that is fine as well and traffic from those IPs will travel the public endpoint and hit the public IP.
With respect to how the Traffic is routed.
If your originating systems uses the VPC Endpoint that is directly linked to the AWS Private Link endpoint which is linked to the the Elastic Cloud Endpoint then by definition the traffic will be via the AWS Network, i.e. not on the public internet if you originating system uses the VPCE / PL
If your originating system uses the Public Endpoint it may (and I say may as AWS has some pretty smart routing) traverse the Public Internet.