Overview
When the GeoIP feature is enabled, Debug logs indicate that packets are being dropped for the country that is not in the GeoIP blacklist:
[13/Feb/2020 09:22:21] {pktdrop} packet dropped: GeoIP filter drop (from Ethernet, proto:TCP, len:60, 46.247.161.20:42668 -> 1.1.1.1:22, flags:[ SYN ], seq:991277605 ack:0, win:29200, tcplen:0)
[13/Feb/2020 10:35:19] {pktdrop} packet dropped: GeoIP filter drop (from Ethernet, proto:TCP, len:48, 46.247.161.20:49751 -> 1.1.1.1:443, flags:[ SYN ], seq:2840156446 ack:0, win:8192, tcplen:0)
Sometimes, the GeoIP database may miscategorize IP addresses and countries. This article provides information on how to manually update GeoIP database definitions.
Prerequisites
Identify the correct pair of IP address and corresponding country using 3rd party websites (e.g., ip2location.com, MXtoolbox)
Process
-
Connect to Kerio Control via SSH and make sure the following files exist:
-
/var/winroute/geoip/4.x/geoip.csv: It stores all IP addresses. -
/opt/kerio/winroute/geoip.csv: It stores all country codes.
-
-
Use a secure copy program (e.g., WinSCP, SCP) to download the above files to the local PC.
-
On the downloaded
/var/winroute/geoip/4.x/geoip.csvfile, edit the IP address range as per the requirement.
For the above example, you will need to create the following entries:46.247.0.0/17,2635167
46.247.128.0/19,690791
46.247.128.0/19,3017382
46.247.128.0/19,2782113
46.247.128.0/19,3017382 -
Once the file is updated with the required changes, connect to the SCP program, and upload the file.
Note: Before upload, please make sure to make the OS readable/writable by running this command:
mount -o rw,remount /
Validation
Check the GeoIP Functionality by monitoring Debug logs. This should now work correctly and block/unblock IP addresses as per the configuration.
Priyanka Bhotika
Comments