Netfilter is plenty fast, when configured sensibly. You'd probably want script to populate a "hash:net" ipset instead, and have just one iptables rule:
-A INPUT \ -m set --match-set geoblock \ -j DROP
Netfilter is plenty fast, when configured sensibly. You'd probably want script to populate a "hash:net" ipset instead, and have just one iptables rule:
(where "geoblock" is aforementioned set)