Same, same - cn, kr, pk, af and others blocked on some of mine.
Have a read of this - I think i adapted scripts from there. You may not need to install ipset using the commands there - its in the base repository for centos so a simple "yum install ipset" will do, and get dependency as well.
You can consolidate those huge country lists you have right the way down!!
Also for modelling your firewall look at firewall builder www.fwbuilder.org
- its excellent.
sorry cannot immediately help you on vmalloc - somebody else will, no doubt
happy blocking !