Zone file error

Post Reply
schmerold
Junior Member
Posts: 16
Joined: 15 Jun 2009, 18:50

Zone file error

Post by schmerold »

Does this error indicate a Zone file error? If so, what is the best way to correct it?
*ERROR* line:[2703]
Command:[/sbin/iptables --wait -v -A CC_ALLOWP -s 104.171.32.0/ -j CC_ALLOWPORTS]
Error:[iptables v1.4.21: invalid mask `' specified]

This network is found in /var/lib/csf/Geo/ip2asn-combined.tsv & /var/lib/csf/zone/us.zone
vgstudios
Junior Member
Posts: 2
Joined: 21 Aug 2023, 16:19

Re: Zone file error

Post by vgstudios »

We had the same problem due to corrupted / invalid de.zone file (had x.x.x.x/ without number after slash at the end).
I only noticed, because suddenly a port was blocked.

To fix it I did the following:

1. (optional and only if you have a VALID MaxMind Key set in csf.conf) Edit /etc/csf/csf.conf and change CC_SRC to "1" (I did this, because I am not sure I still trust the other sources.)
2. Edit /etc/csf/csf.conf and change FASTSTART to "0"
3. Remove zone files: rm /var/lib/csf/zone/*.zone*
4. Force update csf to restore correct zone files: csf -uf
5. Restart csf: csf -r
6. Edit /etc/csf/csf.conf and change FASTSTART to "1"
7. Restart service from systemctl: systemctl restart csf
8. Check status is not failed: systemctl status csf
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: Zone file error

Post by Sergio »

Another way to fix this could be to edit the entry at:

/var/lib/csf/zone/us.zone
from this 104.171.32.0/ to 104.171.32.0/20
Post Reply