Use the following rule to match on Source IP. This can be used to allow a single IP or a range. If you select the option Fail On Match it behaves as a block list.

Rule Type: Content Matching

Match Type: Regular Expression

Header Field: src-ip

If single address 192.168.10.10

Match String: /^192.168.10.10$/

If address range 192.168.0.0/16

You can use one of the following match strings (depending on your preference):

Match String: /^192.168.\d{1,3}.\d{1,3}$/

Or:

Match String: /^192.168.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9][0-9]?).(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)]?).(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)$/

The example above can be broken down as follows:

Start Regex: /

Start Match: ^

Part 1 matches 192.168.

Part 2 matches the range 192.168.0 – 192.168.255

Part 3 matches the range 192.168.0.1 – 192.168.255.254

End Match: $

End Regex: /

The following is an example of a content matching rule for all private IP ranges currently available (10.0.0.0/8, 172.16.0.0./12, 192.168.0.0./16):

/^((10.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9][0-9]?))|(172.(1[6-9]|2[0-9]|3[0-1]))|(192.168)).(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9][0-9]?).(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)$/

The example above can be broken down as follows:

Part 1 matches 10.x.x.x (10.0.0.0/8)

Part 2 matches the range 172.16.x.x to 172.31.x.x (172.16.0.0/12)

Part 3 matches 192.168

Part 4 matches the last 2 octets of 192.168.x.x (192.168.x.x/16)