This is doable, just tedious by hand. Your favorite clanker can walk you through the steps to find a geoip datasource (eg. bootleg maxmind, ASN lists, etc), and either directly write the routes, or a script that will generate it from that source.
https://github.com/C24Be/AS_Network_List, this repo give me idea make a script which generating a routes
You're probably interested in creating a firewall on openwrt that blocks all traffic from/to certain IPs
as i understand i can do by one subnet separatly but the problem that there are 1000+ subnets, maybe i dont know some feature to load an ipset file also uguguhguhg isnt parsing 1000+ subnets are load on cpu?
I'm not sure how a firewall would help, you'd definately want to do this from the routing table.
isnt parsing 1000+ subnets are load on cpu?
IPv4 addresses are basically just 32bit numbers, any somewhat modern CPU can check through 1000 routes in nanoseconds.
Also 1000+ seems a bit excessive, you should be able to aggregate some of those subnets into a few bigger ones. There are calculators online for this, or you can script it.
networking
Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.