iRule to block traffic from a country

This should be a good starting point: https://devcentral.f5.com/wiki/iRules.Geolocation-based-DNS-blacklisting.ashx

It's written with GTM in mind, but you should be able to apply the listed example to a virtual server instead of a GTM listener and have the same effect. Create a data group first containing the country codes to be blocked listed in lowercase.

when CLIENT_ACCEPTED {

 This rule is intended to provide inbound blackhole DNS to blacklisted origin countries.
 A datagroup named 'blacklist' is assumed where the country codes are entered in lowercase.
 This rule should be applied at the GTM Listener
 Any logging in a production environment should be HSL.
 The log example below is strictly for testing purposes.


if {[class match [string tolower [whereis [IP::remote_addr] country]] contains blacklist ]} {
    log local0. "blacklist making request - dropping"
    drop
}
}

This should be a good starting point: https://devcentral.f5.com/wiki/iRules.Geolocation-based-DNS-blacklisting.ashx

It's written with GTM in mind, but you should be able to apply the listed example to a virtual server instead of a GTM listener and have the same effect. Create a data group first containing the country codes to be blocked listed in lowercase.

when CLIENT_ACCEPTED {

 This rule is intended to provide inbound blackhole DNS to blacklisted origin countries.
 A datagroup named 'blacklist' is assumed where the country codes are entered in lowercase.
 This rule should be applied at the GTM Listener
 Any logging in a production environment should be HSL.
 The log example below is strictly for testing purposes.


if {[class match [string tolower [whereis [IP::remote_addr] country]] contains blacklist ]} {
    log local0. "blacklist making request - dropping"
    drop
}
}