First we make an extra chain to add and flush it easily,

#iptables -N COUNTRY-FILTER

Then write a script to get the list of ips for those countries, thank to ipdbinfo.com,

#!/bin/bashCOUNTRIE="CN" #Seperate by comma, here it is only chinaWORKDIR="/root/"

#######################################
cd \$WORKDIR
wget -q --output-document=iptables-blacklist.txt 'http://ipinfodb.com/country_query.php?country='\$COUNTRIE'&output=simple&filename=blocklist.txt'
if [ -f iptables-blacklist.txt ]; then
  iptables -F COUNTRY-FILTER
  BLOCKDB="iptables-blacklist.txt"
  IPS=\$(grep -Ev "\^#" \$BLOCKDB)
  for i in \$IPS
  do
    iptables -A COUNTRY-FILTER -s \$i -j DROP
  done
fi
rm \$WORKDIR/iptables-blacklist.txt

at last if everything was ok, add these commands:

#iptables -A INPUT -j COUNTRY-FILTER#service iptables save