Before starting, make sure you have a few open SSH sessions to your box, particularly if you dont have physical access to your server. You dont want to lock yourself out!

yum -y install geoip

wget https://gist.github.com/jokey2k/a74f56955124880749e7/raw/4992f993c4777c5f93513a7c66754b8765271bd9/sshfilter.sh > /usr/local/bin/ipfilter.sh

chmod +x /usr/local/bin/ipfilter.sh

Make sure you put your country in the script by editing it

vi /usr/local/bin/ipfilter.sh

We want default behaviour to block all SSH traffic

sed -i '/^sshd/d' ./infile
echo sshd: ALL >> /etc/hosts.deny

Now call our script for allow traffic from inside hosts.allow

sed -i '/^sshd/d' ./infile
echo "sshd: ALL: spawn /usr/local/bin/ipfilter.sh %a" >> /etc/hosts.allow

• https://www.axllent.org/docs/view/ssh-geoip/
• https://tecadmin.net/allow-server-access-based-on-country/
• https://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO.html