ip6tables-restore v1.8.5 (nf_tables): unknown option "--icmp-type"

MH-Stefan · Post by **MH-Stefan** » 02 May 2025, 17:27

Recently we've added the UptimeRobot IPs from https://uptimerobot.com/inc/files/ips/IPv4andIPv6.txt to our CSF allow list (using "Include" of a separate file).

For each IP, we've added icmp|in|d=ping|s=<IP> and tcp|in|d=80,443|s=<IP>.

On some servers running CloudLinux 8 with cPanel, we've got this error after restarting CSF:

Code: Select all

csf: IPSET creating set chain_ALLOW
csf: IPSET creating set chain_6_ALLOW
csf: FASTSTART loading csf.allow (IPv4)
csf: FASTSTART loading csf.allow (IPv6)
ipset v7.1: Set cannot be destroyed: it is in use by a kernel component
Error: FASTSTART: (csf.allow IPv6) [ip6tables-restore v1.8.5 (nf_tables): unknown option "--icmp-type"]. Try restarting csf with FASTSTART disabled, at line *

We've disabled FASTSTART which would allow CSF to start, but that's probably not a proper solution.

After removing the lines icmp|in|d=ping|s=<IP> for all IPv6 addresses, CSF restarted without issues.

What exactly could this issue be related to and how can we prevent/fix it please?

Thanks in advance.