Hi there,

May be of interest if you want iptables to filter by country, or
to explore IP space allocation.

This site allows you to enter ISO 2 letter country codes or select
country names from a list. Output formatting allows you to get a
list of rules for building blacklists or whitelists by country for
linux iptables.

The client-side javascript offers a preview option, while the server-
side .cgi produces a gzip'd output file. Server-side is written in
awk and runs on a slackware-11 box.

The country to IP database is built from the various top-level
registries, the names data is from iso.org and the country names
list is filtered to only those with allocated IP blocks.

Unlike other lists on the 'net, the output of this tool merges
adjacent CIDR blocks to produce IP ranges for use with iptables'
"--src-range xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy" option (for 2.4
kernel users iprange can be added with the netfilter patch-o-matic).
This reduces the number of rules to filter a country, for example
'US' produces:

# matched: 33575, merged: 27721, listed: 5854, 33.314% IPv4 space

Over here: http://bugsplatter.mine.nu/ip2c/cc2ipblock.html

Thanks,
Grant.
--
http://bugsplatter.mine.nu/