ERROR: Faststart invalid port/service

Post Reply
pseconds
Junior Member
Posts: 2
Joined: 27 Mar 2015, 16:12

ERROR: Faststart invalid port/service

Post by pseconds »

Hi All, new install of CSF on Centos 7.7 with Cpanel 84. If there is an IP entry in the deny file, the service won't start. If I remove all entries in deny, it works.

Code: Select all

LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
REJECT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
DROP  all opt    in * out *  ::/0  -> ::/0  
REJECT  all opt    in * out *  ::/0  -> ::/0   reject-with icmp6-port-unreachable
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0  
DENYIN  all opt    in !lo out *  ::/0  -> ::/0  
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0  
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
INVALID  tcp opt    in !lo out *  ::/0  -> ::/0  
INVALID  tcp opt    in * out !lo  ::/0  -> ::/0  
csf: FASTSTART loading csf.deny (IPv4)
csf: FASTSTART loading csf.deny (IPv4 nat)
Error: FASTSTART: (csf.deny IPv4nat) [  -A DENYOUT ! -o lo -d 78.128.113.120 -j LOGDROPOUT] [iptables-restore v1.4.21: invalid port/service `' specified]. Try restarting csf with FASTSTART disabled, at line 5548
A typical deny entry looks like:

Code: Select all

8.128.113.120 # lfd: (smtpauth) Failed SMTP AUTH login from 78.128.113.120 (BG/Bulgaria/-/-/ip-113-120.4vendeta.com): 10 in the last 3600 secs - Sat Nov  2 13:04:36 2019
Any ideas? I'm new to this product.

BallyBasic79
Junior Member
Posts: 80
Joined: 22 Aug 2019, 21:43

Re: ERROR: Faststart invalid port/service

Post by BallyBasic79 »

Does it matter which IP? Or how it is entered?
Maybe just a copy and paste error, but the IP in the two code blocks provided doesn't match.
I haven't researched that error in more depth, but it looks like you may have invalid characters in csf.deny. Maybe ` or ' in the entries?

Start by checking the content of csf.deny.

HTH

Post Reply