Contact Us 1-800-596-4880
  1. Homepage
  2. Flex Gateway Policy Development Kit (PDK) (1.7)
  3. Developing Custom Policies
  4. Implementing Your Custom Policy Features in Rust

  5. Filter IP Addresses

Filter IP Addresses

Use the Flex Gateway Policy Development Kit (PDK) IP Filter to filter requests based on IP addresses. Create allowlists or blocklists using IPv4/IPv6 addresses and CIDR ranges to evaluate incoming requests IPs.

Import IpFilter from the pdk crate, then create an IP filter to either allow or block specific IPs:

use pdk::ip_filter::IpFilter;

// Create an allowlist filter (only specified IPs are permitted)
let ip_filter = IpFilter::allow(&["192.168.1.0/24", "10.0.0.1"])?;

// Create a blocklist filter (specified IPs are denied)
let ip_filter = IpFilter::block(&["192.168.1.0/24", "10.0.0.1"])?;

The IpFilter accepts an array of strings and supports:

  • Both IPv4 and IPv6 addresses.

  • Individual IPs, for example: 10.0.0.1.

  • Classless Inter-Domain Routing (CIDR) notation for IP ranges. For example: 192.168.1.0/24, 10.0.0.0/8.

After creating the filter, use the is_allowed method to check if an IP is permitted:

// Check if an IP is allowed
if ip_filter.is_allowed("192.168.1.100") {
    // IP is permitted, continue processing
    Flow::Continue(())
} else {
    // IP is blocked, return forbidden response
    Flow::Break(Response::new(403).with_body("Forbidden"))
}

IP Filter Configuration Examples

PDK provides the IP Filter Example policy to demonstrate how to implement IP-based access control in Rust code.

Within the example policy, see these code sections for additional configuration details:

See Also