LinuxQuestions.org - DNSBL blocks and iptables

Goal: block all IP addresses from China (and possibly others) when they hit iptables, before they get to anywhere else in my system.

Why: China has no need to be accessing my home, personal server. A large majority of unauthorized ssh connections originate in China.

How: Not sure!

I've found this site:
http://countries.nerd.dk/more.html

But I'm not sure how to translate that into adding iptables rules. I'm thinking something along the lines of:

Code:

1. rsync the zone file to my local PC and setup a zone in named

2. iptables -A INPUT -src cn.countries.nerd.dk -J REJECT

The zone would be kept up to date with regular rsync's of the zone file and an `rndc reload`

My main issue is that I don't quite understand DNSBL and how they work with named. Or if the above is even possible. Is there a better way?

I could just find a list of IP addresses/CIDR masks that are associated with China, but that would be a static list, whereas the above is dynamic. Also, any lists I've found seem to be inaccurate (a static IP address for a company I used to work at is listed as China, but it's definitely Australian!)