You can't do this in a way that will protect the integrity of the data (i.e. ensuring that the counts are actually accurate), since if you grant write access to those fields a client can write whatever value it wants to it.
You can, however, provide granular read/write access for only those specific children by using variables in your security rules:
{
"articles": {
"$key": {
"viewCounter": {
".write": true,
".validate": "newData.isNumber() && newData.val() == data.val() + 1"
},
"$other": {
".write": "auth.email == 'example@gmail.com'"
}
}
}
}
It is not possible to do any filtering based on IP addresses. You'll want to use a secret from trusted server code to do that as suggested in the comment.