Well I am afraid that ipfw will not be of any help to you there. The problem is that the firewall filters based on the network structure and addresses - these do not follow the political structures of the world.
There is a parallel to the way phone numbers work, lets say you only want to take calls from people whose name starts with the letter 'S' but your caller ID only shows the number of the incoming call. Because phone numbers are basically randomly assigned as far as the caller's name is concerned it will not do you much good to see the number.
Now how to really protect your machine. I take it that you want to allow some SSH connections, if those are from a small enough set of trusted machines you could just allow connections from those hosts (That would have to be a much smaller set than all the machines in Italy). Another good possibility would be to move your ssh to a non-standard port. That can be inconvenient for some uses but it is pretty effective for preventing random connections.
Finally you have to ask yourself it you really care? If the unwanted connection is stopped at the firewall or the SSH daemon does it matter to you? You are using public keys to authenticate users and machines right?