This would be a good application for a data group. Not only would it make the rule easier to update and scale, it will make the tcl code much simpler.
Create a data group (give it a descriptive name...I'll just use 'allowed-subnets'):
create ltm data-group internal allowed-subnets type ip records add { 10.x.x.x/24 10.y.y.y/24 }
Now you can use this data group for matching in your iRule
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] eq allowed-subnets] } {
pool my.pool
}
}
In the future, allowing additional subnets (or even host addresses) is a matter of adding to the data group. No changes to the iRule would be required.