We’ll learn how we can block traffic originated from specific country IPs using GeoIP database and linux iptables. Iptables is a command based utility program for configuring the linux kernel firewall which is implemented within the Netfilter project. Whereas GeoIP is a collection of IPs corresponding with the geographical locations where the geographical location is mapped with the IP addresses allocated at those specific organization, city, state and countries. The geographical co-ordinates in the GeoIP database are the often near the center of the population so it should not be used to identify a particular address or household. And with the help of a module called xt_geoip consisting in an iptables extension xtables-addon and the GeoIP database, we’ll perform country-based traffic filtering which helps us block or allow the traffic from a specific country.
Source: How to Block IPs from Countries using Iptables Geoip Addons (LinOxide)