use pdk::ip_filter::IpFilter;
// Create an allowlist filter (only specified IPs are permitted)
let ip_filter = IpFilter::allow(&["192.168.1.0/24", "10.0.0.1"])?;
// Create a blocklist filter (specified IPs are denied)
let ip_filter = IpFilter::block(&["192.168.1.0/24", "10.0.0.1"])?;
Filter IP Addresses
Use the Flex Gateway Policy Development Kit (PDK) IP Filter to filter requests based on IP addresses. Create allowlists or blocklists using IPv4/IPv6 addresses and CIDR ranges to evaluate incoming requests IPs.
Import IpFilter from the pdk crate, then create an IP filter to either allow or block specific IPs:
The IpFilter accepts an array of strings and supports:
-
Both IPv4 and IPv6 addresses.
-
Individual IPs, for example:
10.0.0.1. -
Classless Inter-Domain Routing (CIDR) notation for IP ranges. For example:
192.168.1.0/24,10.0.0.0/8.
After creating the filter, use the is_allowed method to check if an IP is permitted:
// Check if an IP is allowed
if ip_filter.is_allowed("192.168.1.100") {
// IP is permitted, continue processing
Flow::Continue(())
} else {
// IP is blocked, return forbidden response
Flow::Break(Response::new(403).with_body("Forbidden"))
}
IP Filter Configuration Examples
PDK provides the IP Filter Example policy to demonstrate how to implement IP-based access control in Rust code.
Within the example policy, see these code sections for additional configuration details:



