netmask `wget -qO- [URL]http://ftp.apnic.net/stats/apnic/delegated-apnic-latest[/URL] | awk -F'|' '/US\|ipv4/ {print $4":+"($5-1)}' > /etc/US_IP`
table <USIP> persist file "/etc/US_IP"
block in quick on $ext_if proto tcp from <USIP> to any port {80,443} label "block US IP"
You can find ready to use .htaccess files to block countries:
http://www.countryipblocks.net/country-blocks/htaccess-deny-format/