I will not discuss that the IP address is spoofable, but it is a quick solution to prevent robots or less experienced attackers from trying the capabilities of your infrastructure (and I don’t want to talk about VPN today).
Ok, if we can collect a couple of specific IP addresses, the solution is simple. But what if it’s all IP pools?
One of the sources that pretends to be updated daily is ip.ludost.net.
Enables export based on selected countries, in many extended formats (cisco, iptables,…).
Of course, even this solution is not perfect, transnational operators can migrate their IP pools between countries, but it is definitely a way to start.
Pools obtained in this way are then easy to deploy in your solution. (in my case Mikrotik, but more on that later).