iptables: block specific continents
I'm looking for a way to block certain areas from accessing my machine.
My logs filled with attacks from Asia and the US mainly, and I have decided to drop all incoming connections from countries that have no business accessing my machine. That includes Russians! Stay out!
Now I have this filter gathered from bits and pieces I gathered around the internet, but it's pretty cruel. For example, 220.127.116.11/8 potentially blocks out friendly IP's in addition to hostiles.
Now I've found this BIG data base with all IP addresses and their assigned countries but that is too much. I would have to block or allow 104,959 different ranges.
Does anyone know a quicker or easier way? It would save me a whole lot of trouble if I knew a (crude) way to just block certain continents without blocking my own.