IP Whitelisting at Istio

I am using istio as ingress in our EKS cluster .
The traffic flow is like

NLB ----> Istio-Ingress-Gateway—> Container

I want only few external Ip should be able to access thru NLB . went thru the post
https://istio.io/docs/tasks/policy-enforcement/denial-and-list/ for IP whitelisting, but this doesnt work . As the client IP is not preserved .

I am using istio helm chart , which doesnt not prvovide option to install ingress gateway as daemon set .

Has anyone implemented the above scenario , if so please let me know what all steps are to be done .

I’d look into WAF and try to block the IPs at that level instead (https://aws.amazon.com/waf/faq/).