If you want to block all Anonymous Proxies and Satellite Providers, you can enter something like that: (I assume that your linux box acts as a router, else you can provide `-A INPUT' instead.)
#> iptables -A FORWARD -m geoip --src-cc A1,A2 -j DROP
If you only plan to accept connections from your country.
#> iptables -P INPUT DROP #> iptables -A INPUT -m geoip ! --src-cc CA -j DROP
Some people likes to know which countries are hitting obscure or well-known security risk ports.
Create a dedicated accounting custom chain
#> iptables -N SSH_GEOIP
Feed that chain with your targeted countries (below are for exemple means only)
#> iptables -A SSH_GEOIP -m geoip --src-cc CA #> iptables -A SSH_GEOIP -m geoip --src-cc DE #> iptables -A SSH_GEOIP -m geoip --src-cc US #> iptables -A SSH_GEOIP -m geoip --src-cc JP #> iptables -A SSH_GEOIP -m geoip --src-cc FR
The sixth rule will match all other countries
#> iptables -A SSH_GEOIP -m geoip ! --src-cc CA,DE,US,JP,FR
Then call the chain for a specific situation
#> iptables -A INPUT -p tcp --dport 22 -j SSH_GEOIP