Does this error indicate a Zone file error? If so, what is the best way to correct it?
*ERROR* line:[2703]
Command:[/sbin/iptables --wait -v -A CC_ALLOWP -s 104.171.32.0/ -j CC_ALLOWPORTS]
Error:[iptables v1.4.21: invalid mask `' specified]
This network is found in /var/lib/csf/Geo/ip2asn-combined.tsv & /var/lib/csf/zone/us.zone
Zone file error
Re: Zone file error
We had the same problem due to corrupted / invalid de.zone file (had x.x.x.x/ without number after slash at the end).
I only noticed, because suddenly a port was blocked.
To fix it I did the following:
1. (optional and only if you have a VALID MaxMind Key set in csf.conf) Edit /etc/csf/csf.conf and change CC_SRC to "1" (I did this, because I am not sure I still trust the other sources.)
2. Edit /etc/csf/csf.conf and change FASTSTART to "0"
3. Remove zone files: rm /var/lib/csf/zone/*.zone*
4. Force update csf to restore correct zone files: csf -uf
5. Restart csf: csf -r
6. Edit /etc/csf/csf.conf and change FASTSTART to "1"
7. Restart service from systemctl: systemctl restart csf
8. Check status is not failed: systemctl status csf
I only noticed, because suddenly a port was blocked.
To fix it I did the following:
1. (optional and only if you have a VALID MaxMind Key set in csf.conf) Edit /etc/csf/csf.conf and change CC_SRC to "1" (I did this, because I am not sure I still trust the other sources.)
2. Edit /etc/csf/csf.conf and change FASTSTART to "0"
3. Remove zone files: rm /var/lib/csf/zone/*.zone*
4. Force update csf to restore correct zone files: csf -uf
5. Restart csf: csf -r
6. Edit /etc/csf/csf.conf and change FASTSTART to "1"
7. Restart service from systemctl: systemctl restart csf
8. Check status is not failed: systemctl status csf
Re: Zone file error
Another way to fix this could be to edit the entry at:
/var/lib/csf/zone/us.zone
from this 104.171.32.0/ to 104.171.32.0/20
/var/lib/csf/zone/us.zone
from this 104.171.32.0/ to 104.171.32.0/20