ERROR: Faststart invalid port/service

2 posts Page 1 of 1
pseconds
Junior Member
Posts: 2
Joined: 27 Mar 2015, 16:12


Hi All, new install of CSF on Centos 7.7 with Cpanel 84. If there is an IP entry in the deny file, the service won't start. If I remove all entries in deny, it works.
Code: Select all
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
REJECT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
DROP  all opt    in * out *  ::/0  -> ::/0  
REJECT  all opt    in * out *  ::/0  -> ::/0   reject-with icmp6-port-unreachable
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0  
DENYIN  all opt    in !lo out *  ::/0  -> ::/0  
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0  
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
INVALID  tcp opt    in !lo out *  ::/0  -> ::/0  
INVALID  tcp opt    in * out !lo  ::/0  -> ::/0  
csf: FASTSTART loading csf.deny (IPv4)
csf: FASTSTART loading csf.deny (IPv4 nat)
Error: FASTSTART: (csf.deny IPv4nat) [  -A DENYOUT ! -o lo -d 78.128.113.120 -j LOGDROPOUT] [iptables-restore v1.4.21: invalid port/service `' specified]. Try restarting csf with FASTSTART disabled, at line 5548
A typical deny entry looks like:
Code: Select all
8.128.113.120 # lfd: (smtpauth) Failed SMTP AUTH login from 78.128.113.120 (BG/Bulgaria/-/-/ip-113-120.4vendeta.com): 10 in the last 3600 secs - Sat Nov  2 13:04:36 2019
Any ideas? I'm new to this product.
BallyBasic79
Junior Member
Posts: 77
Joined: 22 Aug 2019, 21:43


Does it matter which IP? Or how it is entered?
Maybe just a copy and paste error, but the IP in the two code blocks provided doesn't match.
I haven't researched that error in more depth, but it looks like you may have invalid characters in csf.deny. Maybe ` or ' in the entries?

Start by checking the content of csf.deny.

HTH
2 posts Page 1 of 1