iRule to allow certain IP and networks

Hello. I am trying to create an iRule that will only allow certain IPs/networks on a VIP. I have:

 Datagroup which defines allowed client IP addresses/networks
class allowed_clients {
    {
    network 10.173.15.0/24
    network 10.171.105.0/24
    host 10.171.124.144
    host 10.171.124.145
    }
}

 This event is triggered when a client - BIG-IP TCP connection is established
when CLIENT_ACCEPTED {
   if { [matchclass [IP::client_addr] equals $::allowed_clients] }{

       Uncomment to turn on logging.
       log local0.  "Valid client IP: [IP::client_addr] - forwarding traffic"
       Do nothing... request will be sent to the pool

   } else {

       Uncomment to turn on logging.
       log local0. "Invalid client IP: [IP::client_addr] - discarding"
      discard
   }
}

The iRule isn't working. It tells me:

01070151:3: Rule [/Common/Limit_Access_by_IP_Range] error: /Common/Limit_Access_by_IP_Range:2: error: [command is not valid in the current scope][class allowed_clients {

What am I doing wrong?