Geo Block IPs via APF or iptables?

New to Interworx and just deployed our first server with it.

I want to be able to apply the following script (or something very close to it) to block unwanted countries from spamming/hacking etc.

ipset -N geoblock nethash
for IP in $(wget -O ? http://www.ipdeny.com/ipblocks/data/countries/{cn,kr,pk,tw,sg,hk,pe}.zone)
do
ipset -A geoblock $IP
done
 Matching against the IPSet in IPTables:
 iptables -A INPUT -m set ?set geoblock src -j DROP

What file would I apply this to? I am not sure what firewall config files Interworx is using so I want to make sure I am applying this to the correct file.

Thank you

…I am not sure what firewall config files Interworx is using so I want to make sure I am applying this to the correct file.
The APF front end in NodeWorx is equivalent to editing:

/etc/apf/conf.apf

The Trusted/Blocked access controls are equivalent to editing:

/etc/apf/allow_hosts.rules and /etc/apf/deny_hosts.rules

Add the server’s IP to Trusted and go from there.

Debug Mode is equivalent to DEVM=“1” (on) or DEVM=“0” (off) in the file /etc/apf/conf.apf. Be sure to turn this on when you experiment with APF’s rules.

As a stopgap you can ban country IP blocks, as well as domain names, with Apache’s config file or an .htaccess file. This might be the preferred way, depending on your situation.