Overview
While trying to block all public IP addresses for the specific country, Kerio Control allows enabling GeoIP filter for incoming traffic. This filter helps you effectively stop malicious traffic and potential threats.
The GeoIP filter matches each IP address to its source country and displays the result in the Active Connections section. You can see any suspicious connections there and block all traffic from a given country.
Diagnosis
To display the countries associated with IP addresses in Active Connections, enable the Source Country and Destination Country columns in Active Connections:
- In the administration interface, go to Status > Active Connections.
- Right-click the table header.
- In the context menu, scroll down to Columns and select Source Country and Destination Country.
From now on, the source and destination country appear for all active connections with a nonlocal IP address.
Note: In case the Source Country and Destination Country columns are completely blank, then, you can refer to the Unable to see Source and Destination Country article to fix that.
Solution
To block all incoming connections from a specific country:
- In the administration interface, go to Security Settings > GeoIP Filter.
- Verify that the Block incoming traffic from the following countries option is enabled.
- Click Add.
- In the Select Items dialog box, select the countries you want to block.
- Click OK.
- Click Apply.
From now on, Kerio Control blocks all incoming connections from the selected countries. Outgoing connections are allowed.
Testing
To verify which packets are dropped by Kerio Control, use the Debug log:
- In the administration interface, go to Logs > Debug.
- Right-click to the log window.
- In the context menu, click Messages.
- In the Logging Messages dialog box, select GeoIP and Packets dropped for some reason.
- Click OK.
Important: disable Debug options once the verification is completed so it won't affect overall performance.