We don't know your exact context for this arrangements, but it sounds like you have users all over the place that connect to your database. Let's make this clear: this is a poor design.
SQL Server should never be exposed on the internet, period!
The best option would have been to design the application as a three-tier solution, with an application server that you expose on network. That application server could be a web server.
At this point, that may not be a realistic option, since it is a complete redesign. But you could still consider requiring users to use a VPN connection.
As a quick fix, you could use a logon trigger as I suggested, but it's not very secure, and I don't want help with a solution that I don't like, so I am not providing any example myself.