diff --git a/pkg/proxy/util/utils.go b/pkg/proxy/util/utils.go
index 66624579008..56752b3722b 100644
--- a/pkg/proxy/util/utils.go
+++ b/pkg/proxy/util/utils.go
@@ -260,32 +260,50 @@ func MapIPsByIPFamily(ipStrings []string) map[v1.IPFamily][]string {
 	ipFamilyMap := map[v1.IPFamily][]string{}
 	for _, ip := range ipStrings {
 		// Handle only the valid IPs
-		if net.ParseIP(ip) != nil {
-			ipFamily := getIPFamilyFromIP(ip)
+		if ipFamily, err := getIPFamilyFromIP(ip); err == nil {
 			ipFamilyMap[ipFamily] = append(ipFamilyMap[ipFamily], ip)
+		} else {
+			klog.Errorf("Skipping invalid IP: %s", ip)
 		}
 	}
 	return ipFamilyMap
 }
 
 // MapCIDRsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6)
-func MapCIDRsByIPFamily(ipStrings []string) map[v1.IPFamily][]string {
+func MapCIDRsByIPFamily(cidrStrings []string) map[v1.IPFamily][]string {
 	ipFamilyMap := map[v1.IPFamily][]string{}
-	for _, cidr := range ipStrings {
+	for _, cidr := range cidrStrings {
 		// Handle only the valid CIDRs
-		if _, _, err := net.ParseCIDR(cidr); err == nil {
-			ipFamily := getIPFamilyFromCIDR(cidr)
+		if ipFamily, err := getIPFamilyFromCIDR(cidr); err == nil {
 			ipFamilyMap[ipFamily] = append(ipFamilyMap[ipFamily], cidr)
+		} else {
+			klog.Errorf("Skipping invalid cidr: %s", cidr)
 		}
 	}
 	return ipFamilyMap
 }
 
-func getIPFamilyFromIP(ip string) v1.IPFamily {
-	if utilnet.IsIPv6String(ip) {
-		return v1.IPv6Protocol
+func getIPFamilyFromIP(ipStr string) (v1.IPFamily, error) {
+	netIP := net.ParseIP(ipStr)
+	if netIP == nil {
+		return "", ErrAddressNotAllowed
 	}
-	return v1.IPv4Protocol
+
+	if utilnet.IsIPv6(netIP) {
+		return v1.IPv6Protocol, nil
+	}
+	return v1.IPv4Protocol, nil
+}
+
+func getIPFamilyFromCIDR(cidrStr string) (v1.IPFamily, error) {
+	_, netCIDR, err := net.ParseCIDR(cidrStr)
+	if err != nil {
+		return "", ErrAddressNotAllowed
+	}
+	if utilnet.IsIPv6CIDR(netCIDR) {
+		return v1.IPv6Protocol, nil
+	}
+	return v1.IPv4Protocol, nil
 }
 
 // OtherIPFamily returns the other ip family
@@ -297,13 +315,6 @@ func OtherIPFamily(ipFamily v1.IPFamily) v1.IPFamily {
 	return v1.IPv6Protocol
 }
 
-func getIPFamilyFromCIDR(ip string) v1.IPFamily {
-	if utilnet.IsIPv6CIDRString(ip) {
-		return v1.IPv6Protocol
-	}
-	return v1.IPv4Protocol
-}
-
 // AppendPortIfNeeded appends the given port to IP address unless it is already in
 // "ipv4:port" or "[ipv6]:port" format.
 func AppendPortIfNeeded(addr string, port int32) string {