Hi all,
sorry for my late reaction on this.
@hellfire: As stated already, all you need to do is to replace the xt_geoip part in the iptables rules of yours with the appropriate ipset directives. This commit, for example, shows how this was done for XD - the special country code we use for “hostile” networks.
Adapting from that, the iptables rule for blocking any incoming connections from the US looks like:
iptables -I LOCATIONBLOCK -m set --match-set CC_US src -j DROP
Hope to have helped.
Thanks, and best regards,
Peter Müller