When CSF blocks an IP, it shows all the information of where and why including the country code. I'm not sure where CSF gets the country code information but why can't you simply block by the country code instead of huge lists of CIDR's? I am able to do this in Modesecurity but I would rather block for the entire server instead of just http.
Example block list:
218.155.106.83 # lfd: 218.155.106.83 (KR/South Korea/-), 5 distributed smtpauth attacks on account [account] in the last 3600 secs - Thu Aug 15 22:43:32 2024
222.124.14.234 # lfd: 222.124.14.234 (ID/Indonesia/-), 5 distributed smtpauth attacks on account [account] in the last 3600 secs - Thu Aug 15 22:43:33 2024