POSTFIX Error “fatal: parameter inet_interfaces: no local interface found for ::1”

Issue

You are note able to restart / start postfix and getting the below error.
fatal: parameter inet_interfaces: no local interface found for ::1

Solution

Edit the file /etc/postfix/main.cf

vim /etc/postfix/main.cf

search for the line inet_interfaces = all

And change it to:

inet_interfaces = 127.0.0.1, 10.10.11.12 10.10.11.12 is your local IP address

:wq! Save and exit

restart postfix.

service postfix restart

Please Comment and share if this post was able to fix your issue

Original Article: fatal: parameter inet_interfaces: no local interface found for ::1

List for troubleshooting Process and threads on Linux

To the get the sum of all threads running in the system:

ps -eo nlwp | tail -n +2 | awk '{ num_threads += $1 } END { print num_threads }'

To get the number of threads for a given pid:

ps -o nlwp <pid>

Locate a Process

top

or

ps

To display all process names, use the following command –

$ ps -e

List the process associated with  a service/program

ps aux | grep my_service /  PID

To Kill a Process

kill PID

To see the thread count of process, use the following command-

$ cat /proc/<pid>/status

Configure IPTABLES to Allow Access to Common Services This article gives the steps to open firewall ports on CentOS in Iptables IPv4

Basics

  • Iptables rules can be changed on the fly by using the iptables binary.
  • The rules that are set using iptables command are in memory only and will vanish when the daemon is restarted.
  • The firewall rules added on the fly can be saved to the configuration file easily in CentOS/RHEL with the command service iptables save
    • This is no need to edit the configuration file unless you really want to.
  • The following examples are aimed at hardening the inbound traffic, but allowing all outbound traffic.
    • You can completely lock down all inbound, outbound and forwarded traffic if needed. It generally just causes a lot more administration and usually isn’t necessary.

Basic Commands

iptables –flush delete all firewall rules from memory.
iptables –list List current firewall policies
service iptables save (CentOS/RHEL) save current rules in memory to configuration file (/etc/sysconfig/iptables)
service iptables restart restart iptables daemon and load firewall rules from configuration file.
iptables-save > /root/firwallrules.fw save firewall rules in memory to a specific configuration file.
iptables-restore > /root/firwallrules.fw restore firewall rules from a specific configuration file to memory.

Basic iptables Command Parameters

  • -A append to policy chain
  • INPUT | OUTPUT | FORWARD policy chain identifiers
  • -p protocol
  • -m match
  • -s source
  • –dport destination port
  • –state connection state
  • -j jump target ACCEPT | DROP

Backup Current Iptables Configuration to File

Before you begin, it is recommended to backup your current firewall rules.

iptables-save > /path/to/somewhere/filename

Example:

iptables-save > /home/user1/iptable-rules-20130308.fw

Remove All Current Rules

iptables --flush

Set Policy Chains Default Rule

iptables -P INPUT DROP
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD ACCEPT

Allow Loopback

iptables -A INPUT -i lo -j ACCEPT

Allow All Established and Related Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Allow ICMP “ping” from LAN (TCP Port 22)

iptables -A INPUT -p icmp -m icmp -s 192.168.0.0/24 --icmp-type echo-request -j ACCEPT

Allow SSH from LAN (TCP Port 22)

iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow RSYNC from LAN (TCP Port 873)

iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow HTTP (TCP Port 80)

iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow HTTPS (TCP Port 443)

iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow MySQL Server Access from LAN (TCP Port 3306)

iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow Nagios NRPE Client Access from Nagios Server (TCP Port 5666)

iptables -A INPUT -s 192.168.0.100 -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT

Save Current Rules in Memory to Configuration File

service iptables save

Restart Service

service iptables restart

iptables: insert a rule at a specific line number

# list the rules with line numbers

iptables -nL --line-numbers

# insert a rule at line 5

iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 4000 -j ACCEPT

Related Articles: Configure iptablesiptables: insert a rule at a specific line number

How To Prevent Yum Upgrade Kernel On CentOS / Red Hat How do I exclude kernel or other packages from getting updated via yum?

You can prevent yum command from updating the Kernel permanently by following the simple steps.

Option #1: Edit /etc/yum.conf file

Use a text editor such as vi to edit /etc/yum.conf:

# vi /etc/yum.conf

Append/modify exclude directive line under [main] section, enter:

exclude=kernel*

Save and close the file. Try, updating the system without updating the Linux kernel:

# yum -y update

This is a permanent option, so you don’t need pass the -x option to yum command.

Option #2: Pass the -x option to prevent yum from updating kernel
The syntax is as follows to skip update on command line itself:

# yum -x 'kernel*' update

On Red Hat Enterprise Linux

The up2date command in Red Hat Enterprise Linux 4 excludes kernel updates by default. The yum in Red Hat Enterprise Linux 5 includes kernel updates by default.
To skip installing or updating kernel or other packages while using the yum update utility in Red Hat Enterprise Linux 5 and 6, use following options
Temporary solution via Command line:

# yum update --exclude=PACKAGENAME

For example, to exclude all kernel related packages:

# yum update --exclude=kernel*

To make permanent changes, edit the /etc/yum.conf file and following entries to it:

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exclude=kernel* redhat-release*

Related Article: Prevent Yum From Upgrading The Kernel | Exclude kernel or other packages from getting updated in Red Hat Enterprise

How to disable IPv6 on Linux CentOS or RHEL 7 This Article describes procedure to disable IPv6 on CentOS or Red Hat 7.x

There are 2 ways to do this:

  1. Disable IPv6 in kernel module (requires reboot)
  2. Disable IPv6 using sysctl settings (no reboot required)

To verify if IPv6 is enabled or not, execute :

# ifconfig -a | grep inet6

inet6 fe80::211:aff:fe6a:9de4 prefixlen 64 scopeid 0x20
inet6 ::1 prefixlen 128 scopeid 0x10[host]

Disable IPv6 in kernel module (requires reboot)

1) Edit /etc/default/grub and add ipv6.disable=1 in line

GRUB_CMDLINE_LINUX, e.g.:

# vi /etc/default/grub

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT=”console”
GRUB_CMDLINE_LINUX=”ipv6.disable=1 crashkernel=auto rhgb quiet”
GRUB_DISABLE_RECOVERY=”true”

2) Regenerate a GRUB configuration file and overwrite existing one:

# grub2-mkconfig -o /boot/grub2/grub.cfg

3) Restart system and verify no line “inet6” in “ip addr show” command output.

# shutdown -r now
 

# ip addr show | grep net6

Disable IPv6 using sysctl settings (no reboot required)

1) Append below lines in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

NOTE : To disable IPv6 on a single interface add below lines to /etc/sysctl.conf :
net.ipv6.conf.[interface].disable_ipv6 = 1 ### put interface name here [interface]
net.ipv6.conf.default.disable_ipv6 = 1

2) To make the settings affective, execute :

# sysctl -p

NOTE : make sure the file /etc/ssh/sshd_config contains the line AddressFamily inet to avoid breaking SSH Xforwarding if you are using the sysctl method

3) Add the AddressFamily line to sshd_config :

# vi /etc/ssh/sshd_config
 ....
 AddressFamily inet
 ....
 Restart sshd for changes to get get effect :

# systemctl restart sshd

Related Articles: CentOS / RHEL 7 : How to disable IPv6