You can use the ipBlocks field under the Source section.
Please take a look at PR that adds a new task for using authorization policy for IP whitelisting: https://github.com/istio/istio.io/pull/6692 or the rendered page (https://deploy-preview-6692--preliminary-istio.netlify.com/docs/tasks/security/authorization/authz-ingress/)