If you happen to host the self-hosted gateway from Azure API Management into Kubernetes, pay attention to the default deployment script proposed by default on the Azure Portal.
This deployment creates a K8s service of type LoadBalancer which are source NAT’d by default. This means that the ip-filter policy is totally useless in APIM policies with that config since the original source IP of the intermediate calling service (Say Azure Application Gateway or Front Door) will be lost. The original IP is still retrievable from the X-Forwarded-For HTTP header but if you want to make sure your gateway is proxied by a WAF, you have no way to control it other then with an ip-filter policy.
This behavior is well described in the K8s doc https://kubernetes.io/docs/tutorials/services/source-ip/ so, a possibility if you want to keep using the ip-filter policy from within your APIM self-hosted gateway is to add an externalPolicy to the default proposed service implementation: externalTrafficPolicy: Local, this will preserve the source IP of the caller.
Note that, as explained here https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/, it has an impact on the way traffic is load balanced so you should decide accordingly.