Symptoms
Dovecot Solr fails to start on CentOS 8.
If you check the service messages for the dovecot_solr_firewall service, you find something very similar to the following:
# awk '/cpanel_dovecot_solr_firewall/ && /filter/' /var/log/messages | tail -2
Apr x xx:xx:xx xxx-xxx-xxx-xxx cpanel_dovecot_solr_firewall[53027]: [nftables] “/sbin/nft add chain inet filter cpanel-dovecot-solr” failed: Error: No such file or directory; did you mean table ‘filter’ in family ip?
Apr x xx:xx:xx xxx-xxx-xxx-xxx cpanel_dovecot_solr_firewall[53027]: add chain inet filter cpanel-dovecot-solr
If you check the nft tables, you will not find the "inet filter" table.
nft list tables
Description
This problem is happening because the "inet filter" table has been removed from your firewall configuration. The "inet filter" table is required for Dovecot Solr to function on cPanel servers.
Workaround
In order to resolve this, you should reach out to a systems administrator with the skills, training, and expertise required to repair your firewall. You may also consider restoring your firewall configuration from a backup if you have one.
When reviewing the nft manual page, it says that you can add a table with the following syntax:
# man nft | grep -A 46 "^TABLES"
TABLES
{add | create} table [family] table [{ flags flags ; }]
{delete | list | flush} table [family] table
list tables [family]
delete table [family] handle handle
Tables are containers for chains, sets and stateful objects. They are identified by their address family and their name. The address family must be one of ip, ip6, inet, arp, bridge, netdev.
The inet address family is a dummy family which is used to create hybrid IPv4/IPv6 tables. The meta expression nfproto keyword can be used to test which family (ipv4 or ipv6) context the
packet is being processed in. When no address family is specified, ip is used by default. The only difference between add and create is that the former will not return an error if the
specified table already exists while create will return an error.
Table 4. Table flags
┌────────┬─────────────────────────────────────────────────────────────────┐
│Flag │ Description │
├────────┼─────────────────────────────────────────────────────────────────┤
│ │ │
│dormant │ table is not evaluated any more (base chains are unregistered). │
└────────┴─────────────────────────────────────────────────────────────────┘
Add, change, delete a table.
# start nft in interactive mode
nft --interactive
# create a new table.
create table inet mytable
# add a new base chain: get input packets
add chain inet mytable myin { type filter hook input priority 0; }
# add a single counter to the chain
add rule inet mytable myin counter
# disable the table temporarily -- rules are not evaluated anymore
add table inet mytable { flags dormant; }
# make table active again:
add table inet mytable
add Add a new table for the given family with the given name.
delete Delete the specified table.
list List all chains and rules of the specified table.
flush Flush all chains and rules of the specified table.
Therefore you may be able to resolve this issue by running the following commands:
nft create table inet filter
/scripts/restartsrv_cpanel_dovecot_solr --restart
Although you should consult with a systems administrator before altering the firewall in any way if you are not sure of the exact consequences of running the above command to edit the firewall.
Comments
0 comments
Article is closed for comments.