Why May you want to do this? block traffic by Country on a CCR
Say you run an anycast network and you have 30 pops all 72 core 10gb interface CCR.
An attack starts and you look at the botnet and it happens to be all machines from countries in Asia attacking 1 IP
Your client base happens to be UK, and Europe
So either you suffer or you login to the the affected CCR's open up the firewall and drop http traffic from those countries where the attacks are coming from to that IP
Your websites are fine and all traffic from UK and Europe are not affected, business as normal.
This is why cloudflare do so well they have the ability on their anycast network to mitigate attacks, most business websites have their clients not worldwide but regional and as attacks get more frequent and bigger it would be very useful to drop traffic by Country to mitigate attacks.
Or may be you run a VOIP network in the USA a botnet starts dossing your UDP ports from a country you have no customers in, drop UDP packets from that country, 1 tick in the firewall for that country, drop UDP problem solved.
So many IP's you say can't do it !
Take the MaxMind Country binary DB, load the DB in memory on CCR. Microtik interface the binary DB and give tick boxes by country
Free version or a monthly paid updated binary DB
IP blocks are country specific so you can easily block IP's by country at IP block level.
https://github.com/maxmind/geoip-api-c/ ... /README.md
Anyway its possible, in fact easy for Microtik if they want to add a fantastic feature to the CCR