http://william.shallum.net/notes/2011-05-09-iptables-and-geoip-on-debian-squeeze/