Got IP zones from the internet:
wget http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz
gunzip -d all-zones.tar.gz ; tar -xvf all-zones.tar
Then with ipset
ipset create onlyita hash:net hashsize 64000
while read ip; do echo $ip ; done < it.zone
Iptables:
iptables -N countryfilter
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j countryfilter
iptables -A countryfilter -m set --set onlyita src -j RETURN
iptables -A countryfilter -j DROP
http://felipeferreira.net/index.php/2017/03/block-ip-bash-script/
http://felipeferreira.net/index.php/2016/04/iptables-block-country-script/
]]>
System Administrator