Yes, the Tomcat Valve subsystem is where you can log and filter stuff like that.
However, as a general rule, limiting access by source IP address is something better done using the machine's firewall. It blocks earlier in the pipeline and can limit access to all servers on the machine, not just Tomcat (for example, Apache).
It should be noted that HTTP is no longer the recommended protocol in many cases. A lot of servers will immediately flip you over to HTTPS.
Also, I hope you're not trying to restrict access for for users based on their source IP address. That's an extremely unreliable means of identification.
When it comes to destroying a civilization, gas chambers cannot hold a candle to echo chambers.
Surfs up space ponies, I'm making gravy without this lumpy, tiny ad:
Create Edit Print & Convert PDF Using Free API with Java