Veja o Filtro de Endereços Remoto do Tomcat:
The Remote Address Filter allows you to compare the IP address of the client that submitted this request against one or more regular expressions, and either allow the request to continue or refuse to process the request from this client.
Editar : o arquivo a ser editado depende se você deseja que o filtro seja aplicado a uma única aplicação web ou a todos eles. Da mesma página vinculada acima:
Tomcat provides a number of Filters which may be configured for use with all web applications using $CATALINA_BASE/conf/web.xml or may be configured for individual web applications by configuring them in the application's WEB-INF/web.xml.
Editar 2 : Veja um exemplo para três endereços IPv4:
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z</param-value>
</init-param>
</filter>