Symptoms:
When trying to apply a firewall rule filter using a valid source/destination IP as the filtering criteria, the error "Invalid IP mask bits specified. Number of bits provided is 0." is displayed at the top of the firewall section.



the vsm.log will also contain lines similar to these:

2019-08-25 11:01:53.100 CEST  WARN http-nio-127.0.0.1-7441-exec-109 RemoteInvocationTraceInterceptor:88 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.firewall.facade.IFirewallUIFacade.getL3Configuration
InvalidNumMaskBitsException: core-services:1427:Invalid IP mask bits specified. Number of bits provided is 0.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment

This particular issue is triggered when firewall rules containing 0.0.0.0/0 as source/destination are in use in the environment.
These firewall rules are valid and supported but the UI currently does not handle these correctly.

Currently, there is no resolution

Workaround:
The only workaround at this point is to not use 0.0.0.0/0 as the source/destination in firewall rules.