CSF service not starting; Error: Another app is currently holding the xtables lock

Symptoms

The CSF service will not start due to the following error:

csf: Error: FASTSTART: (CC_DENY [tz] IPv4) [] [Another app is currently holding the xtables lock. 
Perhaps you want to use the -w option?]. Try restarting csf with FASTSTART disabled, at line 5781 in /usr/sbin/csf

Description 

This error is most likely being returned when you try to start CSF because certain IPtables rules cannot be added in the current state of IPtables. This exact error means that a certain country code is not able to be added to the block list. Enabling the overall CSF timeout (WAITLOCK) can bypass this error.

If FASTSTART is enabled in CSF, use the information following the article to disable it. Otherwise, follow the instructions below to enable WAITLOCK.

CSF Service Not Starting When The FASTSTART option Is Enabled

 Please note that CSF is a third-party application not part of or installed by cPanel or the cPanel-provides software. ConfigServer develops and provides support for CSF.

ConfigServer Security and Firewall

Workaround

1. Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
2. Open /etc/csf/csf.conf in your preferred text editor.
3. Set the WAITLOCK value to 1.

   WAITLOCK = "1"

4. Save the change and exit the text editor.
5. Restart the csf service.

   systemctl restart csf.service