iRule to drop unwanted traffic

I have an iRule using the CLIENT_ACCEPTED event that checks the requesting visitor's IP address against a class of addresses we want to block (and in theory should never make it past our IDP, firewalls, or router ACLs anyway, but this is a place of paranoia). If the address matches one in the list, traffic is dropped. However, a successful TCP connection is built first, allowing the visitor to see the open port before action is taken. (Obviously, because CLIENT_ACCEPTED implies that a connection has been established.)

 

 

I realize this isn't commonly left up to the application level, but is there an alternative event that might evaluate and drop the traffic immediately? It would be nice to be able to do this by an iRule rather than do it in iptables or something.