Considering you solved the issue with getting all IPs for a given country correctly (and perhaps updating it sometimes): 1. Dump all IP addresses/ranges into a file (eg. blocked.ips) 2. add table <blocked_country> file /path/to/blocked.ips add "persist" if you want. 3. create rule to block all incoming connections from <blocked_country>
Alternatively, you can just create a file with IPs you allow, create table and write rules to allow connections from IPs in that file. On Wednesday, December 7, 2022 at 09:44:34 a.m. GMT+9, Damian McGuckin <dami...@esi.com.au> wrote: Has anybody created rules such as this and if so, do you have an example? Stay safe - Damian Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037 Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here Views & opinions here are mine and not those of any past or present employer