Page 1 of 1

Zone file error

Posted: 06 Jan 2023, 13:03
by schmerold
Does this error indicate a Zone file error? If so, what is the best way to correct it?
*ERROR* line:[2703]
Command:[/sbin/iptables --wait -v -A CC_ALLOWP -s 104.171.32.0/ -j CC_ALLOWPORTS]
Error:[iptables v1.4.21: invalid mask `' specified]

This network is found in /var/lib/csf/Geo/ip2asn-combined.tsv & /var/lib/csf/zone/us.zone

Re: Zone file error

Posted: 21 Jan 2024, 10:17
by vgstudios
We had the same problem due to corrupted / invalid de.zone file (had x.x.x.x/ without number after slash at the end).
I only noticed, because suddenly a port was blocked.

To fix it I did the following:

1. (optional and only if you have a VALID MaxMind Key set in csf.conf) Edit /etc/csf/csf.conf and change CC_SRC to "1" (I did this, because I am not sure I still trust the other sources.)
2. Edit /etc/csf/csf.conf and change FASTSTART to "0"
3. Remove zone files: rm /var/lib/csf/zone/*.zone*
4. Force update csf to restore correct zone files: csf -uf
5. Restart csf: csf -r
6. Edit /etc/csf/csf.conf and change FASTSTART to "1"
7. Restart service from systemctl: systemctl restart csf
8. Check status is not failed: systemctl status csf

Re: Zone file error

Posted: 23 Jan 2024, 12:39
by Sergio
Another way to fix this could be to edit the entry at:

/var/lib/csf/zone/us.zone
from this 104.171.32.0/ to 104.171.32.0/20