Why so complicated? For literals just look for [ and ]. They can only be around a literal IP address. Or if you want to block only the non-routable addresses use these for regexp.
Your regexp seems to be ok to me, but I'm not an expert in regexp and I don't know if you can use it there (it's not a rule). The blacklist_from will act on other from headers as well - if that's ok. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
