dariohimo A base de reglas:
iptables --new-chain SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CN,GB,DE,FR,US,RU,ID,BG,CA,SC -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc AO,BF,BI,BJ,BW,CD,CF,CG,CI,CM -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CV,DJ,DZ,EG,ER,ET,GA,GH,GM,GN -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc GQ,GW,KE,KM,LR,LS,LY,MA,MG,ML -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc MR,MU,MW,MZ,NA,NE,NG,RE,RW -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc SD,SH,SL,SN,SO,ST,SZ,TD,TG,TN -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc TZ,UG,YT,ZA,ZM,ZW,AQ,GS,TF,AE -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc AF,AM,AZ,BD,BH,BN,BT,CC,CX -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CY,GE,HK,IL,IN,IO,IQ,IR,JO -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc JP,KG,KH,KP,KR,KW,KZ,LA,LB,LK -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc MM,MN,MO,MV,MY,NP,OM,PH,PK,PS -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc QA,SA,SG,SY,TH,TJ,TL,TM,TR,TW -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc UZ,VN,YE,AD,AL,AT,AX,BA,BE -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc BY,CH,CZ,DK,EE,FI,FO,FR -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc GG,GI,GR,HR,HU,IE,IM,IS,IT -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc JE,LI,LT,LU,LV,MC,MD,ME,MK,MT -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc NL,NO,PL,PT,RO,RS,SE,SI,SJ -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc SK,SM,UA,VA,AG,AI,AW,BB,BL,BM -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc BS,BZ,CR,CU,DM,DO,GD,GL,GP -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc GT,HN,HT,JM,KN,KY,LC,MF,MQ,MS -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc MX,NI,PA,PM,PR,SV,TC,TT,VC -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc VG,AS,AU,CK,FJ,FM,GU,KI,MH,MP -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc NC,NF,NR,NU,NZ,PF,PG,PN,PW,SB -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc TK,TO,TV,UM,VU,WF,WS,AR,BO,BR -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CL,CO,EC,FK,GF,GY,PE,PY,SR,UY -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CN,GB,DE,FR,US,RU,ID,BG,CA,SC -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc AO,BF,BI,BJ,BW,CD,CF,CG,CI,CM -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CV,DJ,DZ,EG,ER,ET,GA,GH,GM,GN -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc GQ,GW,KE,KM,LR,LS,LY,MA,MG,ML -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc MR,MU,MW,MZ,NA,NE,NG,RE,RW -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc SD,SH,SL,SN,SO,ST,SZ,TD,TG,TN -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc TZ,UG,YT,ZA,ZM,ZW,AQ,GS,TF,AE -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc AF,AM,AZ,BD,BH,BN,BT,CC,CX -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CY,GE,HK,IL,IN,IO,IQ,IR,JO -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc JP,KG,KH,KP,KR,KW,KZ,LA,LB,LK -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc MM,MN,MO,MV,MY,NP,OM,PH,PK,PS -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc QA,SA,SG,SY,TH,TJ,TL,TM,TR,TW -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc UZ,VN,YE,AD,AL,AT,AX,BA,BE -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc BY,CH,CZ,DK,EE,FI,FO,FR -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc GG,GI,GR,HR,HU,IE,IM,IS,IT -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc JE,LI,LT,LU,LV,MC,MD,ME,MK,MT -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc NL,NO,PL,PT,RO,RS,SE,SI,SJ -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc SK,SM,UA,VA,AG,AI,AW,BB,BL,BM -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc BS,BZ,CR,CU,DM,DO,GD,GL,GP -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc GT,HN,HT,JM,KN,KY,LC,MF,MQ,MS -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc MX,NI,PA,PM,PR,SV,TC,TT,VC -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc VG,AS,AU,CK,FJ,FM,GU,KI,MH,MP -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc NC,NF,NR,NU,NZ,PF,PG,PN,PW,SB -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc TK,TO,TV,UM,VU,WF,WS,AR,BO,BR -j SIPGEOIP
iptables -A INPUT -p udp -m udp -m multiport --dports 5060:5082,80,443,22,1194,10000:20000 -m geoip --src-cc CL,CO,EC,FK,GF,GY,PE,PY,SR,UY -j SIPGEOIP
iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443,1194 -m geoip --src-cc A1 -j SIPGEOIP
iptables -A SIPGEOIP -j LOG --log-prefix "firewall-sipgeoip: " --log-level 6
iptables -A SIPGEOIP -j DROP
Con estas reglas solo permite acceder desde España tanto a la web como a ssh, puertos sip y VPN.