  1. This part of the answer you seemed to have missed ..... the rarity of "lists of Country IP Addresses" is because the assignment of IP Addresses (Blocks) is NOT 'static' ....

    And just to toss up another side of using a massive list like the example ..... can you absorb the performance impact?

    You are right, the performance impact of blocking IP Ranges in a firewall** and router is substantive. The link** is to a whitepaper showing the drop in TCP connections and latency impact with an allow-only US policy. TechGuard makes an in-line appliance to block country ranges and by IP reputation before connections hit your firewall.


    [edit] link broken