I would like to ask you what is faster in term of performance GeoIP or IPset.

Let me explain, imagine that I have rule:

iptables -A INPUT -m geoip ! --src-cc US,UK,CA -j DROP

And imagine that I have IPset of hash:net and I put all these IPs (from US, UK and CA) into hash:net country_whitelist set.

iptables -A INPUT -m set --match-set country_whitelist src -j ACCEPT

What is faster? GeoIP or IPset? We know that IPset is fast because it uses hash table (for hashes), but I don't know how does GeoIP work, if it isn't like 1 subnet for 1 rule.