Authorizing remote IP address before allowing a terminal session to connect is a great way to control remote access. This can be achieved with an exit program on the Telnet Device Initialization exit point. However, all Telnet connections run under the QSYS user profile so exit point controls can only apply to all users.
To implement source IP access controls by user profile, a much preferred method, you can use an "initial program."
In the INLPGM parameter for each user profile, filter the source IP against an allowed list:
Once you have your initial program created and fully tested, implement it by recording the program name and library in the INLPGM for each user profile where you want this control added.
BROWSE KISCO U