Solved CSF / iptables issue in Almalinux 9

Active8

Verified User
Joined
Jul 13, 2013
Messages
1,762
My DNF command returns errors suddenly :
Code:
dnf update
Last metadata expiration check: 0:00:19 ago on Wed 01 Mar 2023 04:57:23 PM CET.
Error:
 Problem: package iptables-legacy-1.8.8-4.el9.1.x86_64 requires iptables-libs(x86-64) = 1.8.8-4.el9, but none of the providers can be installed
  - cannot install both iptables-libs-1.8.8-6.el9_1.x86_64 and iptables-libs-1.8.8-4.el9.x86_64
  - cannot install the best update candidate for package iptables-libs-1.8.8-4.el9.x86_64
  - cannot install the best update candidate for package iptables-legacy-1.8.8-4.el9.1.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

However CSF is running
Code:
● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2023-03-01 17:00:58 CET; 50ms ago
    Process: 120542 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
   Main PID: 120555 (lfd - starting)
      Tasks: 1 (limit: 100434)
     Memory: 25.5M
        CPU: 542ms
     CGroup: /system.slice/lfd.service
             └─120555 "lfd - starting"

Mar 01 17:00:58 srv.xxx.com systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Mar 01 17:00:58 srv.xxx.com systemd[1]: Started ConfigServer Firewall & Security - lfd.

But as said my DNF command run in problems still

tried to remove en install iptables + iptables-libs
Code:
sudo dnf remove iptables
sudo dnf remove iptables-libs
sudo dnf install iptables
sudo dnf install iptables-libs

Whics correct my DNF error but then my CFS is failing and and trow an blank page in panel
so tried to reinstall csf

Code:
/usr/local/directadmin/custombuild
./build csf

build works
Code:
Installing CSF...
################################################################################################################################################################# 100.0%
mkdir: cannot create directory '/etc/csf': File exists
Using configuration defaults
mkdir: cannot create directory '/var/lib/csf': File exists
mkdir: cannot create directory '/var/lib/csf/backup': File exists
mkdir: cannot create directory '/var/lib/csf/Geo': File exists
mkdir: cannot create directory '/var/lib/csf/ui': File exists
mkdir: cannot create directory '/var/lib/csf/stats': File exists
mkdir: cannot create directory '/var/lib/csf/lock': File exists
mkdir: cannot create directory '/var/lib/csf/webmin': File exists
mkdir: cannot create directory '/var/lib/csf/zone': File exists
mkdir: cannot create directory '/usr/local/csf': File exists
mkdir: cannot create directory '/usr/local/csf/bin': File exists
mkdir: cannot create directory '/usr/local/csf/lib': File exists
mkdir: cannot create directory '/usr/local/csf/tpl': File exists
mkdir: cannot create directory 'webmin/csf/images': File exists
mkdir: cannot create directory 'ui/images': File exists
mkdir: cannot create directory 'da/images': File exists
mkdir: cannot create directory 'interworx/images': File exists
cp: cannot stat 'Geo': No such file or directory
chmod: cannot access '/etc/csf/*.cgi': No such file or directory
chmod: cannot access '/etc/csf/*.php': No such file or directory
chmod: cannot access '/etc/csf/*.py': No such file or directory
csf.c:11:1: warning: return type defaults to 'int' [-Wimplicit-int]
   11 | main ()
      | ^~~~
csf.c: In function 'main':
csf.c:21:9: warning: implicit declaration of function 'setenv'; did you mean 'setpwent'? [-Wimplicit-function-declaration]
   21 |         setenv("CSF_RESELLER", "", 1);
      |         ^~~~~~
      |         setpwent
Unit /etc/systemd/system/firewalld.service is masked, ignoring.
Restarting CSF...
CSF installation has finished.

File exist error is fine because CSF was already installed

Now my CSF is runing but DNF command is giving error again

Code:
Error:
 Problem: package iptables-legacy-1.8.8-4.el9.1.x86_64 requires iptables-libs(x86-64) = 1.8.8-4.el9, but none of the providers can be installed
  - cannot install both iptables-libs-1.8.8-6.el9_1.x86_64 and iptables-libs-1.8.8-4.el9.x86_64
  - cannot install the best update candidate for package iptables-libs-1.8.8-4.el9.x86_64
  - cannot install the best update candidate for package iptables-legacy-1.8.8-4.el9.1.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

already did: dnf clean all

So i am in an loop of an strange error what I dont understand, any help is welcome
 
Last edited:
Hi zEitEr, thanks for replying
Didn't check it (yet) but its an possibility but the strange thing here is when I remove it dnf installs it without problem.
But then my CSF stuck so an rebuild is needed which it does but then my dnf is messed :(
I will check that file maybe some update messed it , keep you informed
 
I remembered once I also had similar problem with a CloudLinux 8, which was converted from AlmaLinux 8. I tried dnf clean first, didn't help. But then the CL tech ran yum clean, not dnf. And after that, dnf could update again.
 
I have had the same problem with dnf update and iptables on Alma 9 since at least yesterday. No changes in /etc/yum.conf.
 
I have had the same problem with dnf update and iptables on Alma 9 since at least yesterday. No changes in /etc/yum.conf.
This, i have this problem since yesterday, but didn't found any other people on their forum complaining.
Maybe some problems with AL repository ?

CL tech ran yum clean, not dnf.
Will give it an try

EDIT: changed the topic name to reflect the problem better
 
Last edited:
Looks like @smtalk may have solved it a couple of months ago here:

 
Looks like @smtalk may have solved it a couple of months ago here:

likely but he is not telling how it is going to be fixed
@smtalk would you be so kind to share the fix ?
 
Follow up there is more news from AL forum, looks like EPEL is not playing well :
It's a problem in EPEL. I've seen this issue before, it is caused by (in this case) iptables-legacy requiring a precise version of iptables-libs instead of a minimum version. You have three options: ignore it, report it, get rid of it. If you simply ignore it it will probably go away over the next few days/week or so, when the maintainer updates the iptables-legacy package. If you report it you are helping EPEL to stay current, and you may get the fix quicker. The third option is to update: "If you need to set up firewalls and/or IP masquerading, you should not install this package but either nftables or iptables-nft instead." - from dnf info iptables-legacy.
more:
Not much you can do for now because even latest build they did also broken on EL9 https://koji.fedoraproject.org/koji/buildinfo?buildID=2166255


you can use --skip-broken or dnf versionlock to lock version of iptables-libs iptables to not try to update them. But later when fix will be available in EPEL you'll have to unlock them.
 
To answer my own question and other who had this problem:
Issue is now solved with the latest update , just issue
Code:
 dnf update
and you are good to go :)
 
Back
Top