I get an absolute battering from China on a daily basis with the occasional attack from France, Germany or the US.  Time to block countries :)

First and foremost, make sure you have iptables installed, configured and working.
Next we'll install some additions:

emerge -av xtables-addons geoipupdate

You may need to remove some of the modules to allow xtables to install (depends on your setup).  This can be achieved by adding the following line to /etc/portage/make.conf:

XTABLES_ADDONS="=account =chaos =condition =delude =dhcpmac =fuzzy geoip =iface =ipmark =ipp2p =ipv4options =length2 =logmark =lscan =pknock =psd =quota2 =rawnat =steal =sysrq =tarpit =dnetmap =echo =gradm"

I'm only interested in geoip, so I removed everything else.

Make the directory where iptables will look for the database:

mkdir -p /usr/share/xt_geoip/

Execute the following to download the geoiplite databases:

If you have a paid account, you could potentially replace the URLs in the download script (untested)

cd /usr/share/xt_geoip/ && /lib64/xtables-addons/xt_geoip_dl && /lib64/xtables-addons/xt_geoip_build *.csv

You could cron this as a weekly update.

xt_geoip_dl: Downloads the CSV database files
xt_geoip_build: Processes the files into a format iptables can read.

/usr/share/xt_geoip/LE/<country abbreviation>.iv4 & .iv6

Now you can block countries using iptables

iptables -A INPUT -m geoip --src-cc CN -j DROP

An iptables -L -n will show

DROP all -- 0.0.0.0/0 0.0.0.0/0 -m geoip --source-country CN