For example, let's say you live in New Zealand. You could extract the IPs doing something like this:
Code:
zgrep "New Zealand" GeoIPCountryCSV.zip | awk -F"," {'print $1 $2'} | \
awk -F"\"" {'print $2 "-" $4'} > new_zealand_ips.txt
This gives you a text file with one IP range per line.
So to execute an iptables command for each range, you do something like this:
Code:
iptables -N CHECK_NEW_ZEALAND
for i in `cat /etc/new_zealand_ips.txt`; do
iptables -A CHECK_NEW_ZEALAND -m iprange --src-range $i -j ACCEPT
done
iptables -A CHECK_NEW_ZEALAND -j DROP
This gives you a chain called CHECK_NEW_ZEALAND which will send to DROP any packet which doesn't match any of the ranges. You can send your packets into this chain from any other chain.