Symptoms
The CSF service will not start due to the following error:
csf: Error: FASTSTART: (CC_DENY [tz] IPv4) [] [Another app is currently holding the xtables lock.
Perhaps you want to use the -w option?]. Try restarting csf with FASTSTART disabled, at line 5781 in /usr/sbin/csf
Description
This error is most likely being returned when you try to start CSF because certain IPtables rules cannot be added in the current state of IPtables. This exact error means that a certain country code is not able to be added to the block list. Enabling the overall CSF timeout (WAITLOCK) can bypass this error.
If FASTSTART is enabled in CSF, use the information following the article to disable it. Otherwise, follow the instructions below to enable WAITLOCK.
CSF Service Not Starting When The FASTSTART option Is Enabled
Please note that CSF is a third-party application not part of or installed by cPanel or the cPanel-provides software. ConfigServer develops and provides support for CSF.
ConfigServer Security and Firewall
Workaround
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Open
/etc/csf/csf.confin your preferred text editor. - Set the
WAITLOCKvalue to1.WAITLOCK = "1"
- Save the change and exit the text editor.
- Restart the csf service.
systemctl restart csf.service