I wrote these two scripts to use ipsets and iptables to block Tor exit nodes, and to whitelist countries (e.g. drop all traffic from those not in the ipset).
They will load the last saved ipset file if the iptables rule is not loaded (assumes system was rebooted) which is fast. They will handle download errors and reload the last saved ipset file. Once loaded and when the scripts are run again they will update the ipsets and save the ipset files. The US has a fairly large number of netblocks, and it can take a little bit of time to create the ipset. I could not find any other examples that had this level of "self sufficiency" so I wrote my own.
https://github.com/lonney9/ipsets
Times are a changing, and I dont see the need to have my Oracle Cloud instance or IRLP node accepting connections from anyone anywhere.