We are considering a strategy of blacklisting or whitelisting IP by country.
1) Is there an easier method than adding lots of IP ranges (i.e. just specify a country)
2) What would be the performance considerations? i.e. how big of a list of IP ranges has to get before it starts to impact network throughput beyond neglible.
3) Are there better ways of achieving this objective, such as blocks at our ISP (AT&T) level, or specialized network appliances?
thanks for your answers in advance