It is currently possible to set a list of Trusted IP addresses/ranges for all the tokens defined against a config, but this is severely limited as the same list is used for all the defined tokens.
This becomes an issue the instance you start defining a token with read/write access and another with just read access on a config as all the systems specified in the Trusted IP list have the ability to use both tokens, even if the aim is for one or more to use just the read token.