Access control

Nginx use the first match

server {
    # { allow | deny } { <IP address> | <CIDR> | all }
    deny   192.168.1.1;
    allow  192.168.1.1/24;
    deny   all;

    # ...
}

Ref: ngx_stream_access_module