The best ways to secure a system are usually based on restricting what can be done (what software can run, what files can be accessed, what ports can be connected to) to a specific list, with anything not explicitly allowed blocked by default. This is especially true in networking, and while it's easy to implement for ports, it's harder to implement for addresses. IP addresses are hard to evaluate at a glance, they sometimes change, and often multiple addresses are used for essentially the sa...
