An error occurred while updating server software - Problem: package iptables-legacy
I am running AlmaLinux v9.4.0 and received the below error during cPanels maintenance update.
Is there a simple way to resolve this? Aside for using CSF (Firewall), this is otherwise a pretty standard cPanel installation.
Problem: package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos - cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64 - cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
-
Official comment
Official workaround:
dnf --assumeyes swap iptables-legacy iptables-nft
-
Hey there! This looks like some classic package mismatches. What does the output of this command show?
rpm -qa | grep -i iptables-libs
0 -
Its showing
iptables-libs-1.8.10-2.el9.x86_64
0 -
Could you try running the following to see if that allows the update to complete normally?
dnf update --best --allowerasing
0 -
I get the following error when running that.
Problem: cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
- problem with installed package iptables-legacy-1.8.10-2.2.el9.x86_64
- package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
- cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
- cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
- cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
(try to add '--skip-broken' to skip uninstallable packages)0 -
I've got the same error:
[root@srv02 ~]# dnf update
Last metadata expiration check: 0:12:32 ago on Thu Sep 5 00:07:22 2024.
Error:
Problem: package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
- cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
- cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
- cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
- cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)0 -
Morning all,
Having the same issue, I also installed iptables in order to install CSF firewall.
OS: AlmaLinux v9.4.0 STANDARD kvmcPanel Version: 120.0.16Kernel: 5.14.0-427.33.1.el9_4.x86_64When updating ( Home / Software / System Update ), I get the following error.
System update process has started. “/usr/bin/dnf” reported error code “1” when it ended: w/ /usr/bin/dnf upgrade --color=never -y --exclude=kernel-* Last metadata expiration check: 0:00:15 ago on Thu Sep 5 09:54:12 2024. <span class='text-danger'>Error: </span> Problem: package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos - cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64 - cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64 (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) Often errors like this can be resolved by running `dnf makecache` System update process has finished.
I tried running "dnf makecache" as the terminal output suggested, as well as uninstalling and reinstalling iptables to no avail.
When running the command suggested by cPRex I get the following:
[root@vps ~]# dnf update --best --allowerasing
Last metadata expiration check: 0:03:48 ago on Thu 05 Sep 2024 09:54:12 AM BST.
Error:
Problem: cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
- problem with installed package iptables-legacy-1.8.10-2.2.el9.x86_64
- package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
- cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
- cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
- cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
(try to add '--skip-broken' to skip uninstallable packages)
[root@vps ~]#0 -
My AlmaLinux 9.4 boxes run:
rpm -qa|grep tables
nftables-1.0.9-1.el9.x86_64
python3-nftables-1.0.9-1.el9.x86_64
iptables-libs-1.8.10-4.el9_4.x86_64
iptables-nft-1.8.10-4.el9_4.x86_64IF you were to decide you wanted to delete all the iptables/nftables stuff mentioned and then install items to match what I have above, you'd want to be sure to use the tools to back up your iptables configuration first.
One of my Almalinux 9.4 machines had the same message that yours did and I uninstalled iptables-legacy and iptables-libs and then made sure that the box mimicked my other boxes as shown above. BUT, on that particular box I did not have any iptables stuff configured because that particular box sits behind a hardware firewall so I never bothered to add iptables-specific rules. I didn't have to worry about backing my up iptables configuration.
The bottom line for me was that ultimately I got rid of iptables-legacy.
None of my CloudLinux 8.10 or Almalinux 9.4 boxes run iptables-legacy. And I use CSF/LFD on all of them but one.
0 -
Hey there,
When you mentioned backing up your IP tables configuration, were you referring to the csf.conf file (the one created by CSF), or something else?
Is there anything else to possibly try here, this is preventing maintenance updates from fully running.
I came across a few posts elsewhere from people with "similar" type errors who managed to resolve it by removing iptables-legacy and installing iptables-nft. However, that wasn't specifically related to cPanel, and I'm not sure how that might affect CSF or cPanel itself. I'm a bit cautious about running any commands without knowing the full impact.
Do you know if there's an official fix in the works for this?
Any help would be appreciated.
0 -
There is an official fix happening for this issue, yes. This will be included in the next version 122 release. (If you're on Release and you don't get the next update immediately, you can run "/scripts/upcp --force" to ensure you get it).
I'm not sure exactly when but we are hoping the next version of 122 gets through final testing today. So it could be as soon as tomorrow!
If I'm understanding things correctly, there is a package mismatch between EPEL and the AlmaLinux 8 and cPanel repositories so some update sooner than others, leading to the confusion, but it'll be resolved moving forward.
0 -
Thanks for the update.
Do we have to be on Release tier or will it trickle down to Stable as well? I am currently on Stable, should I change that to Release?
0 -
Everything eventually gets to Stable, although I'm not sure what the schedule is just yet for this getting through the tiers. Usually it's a few weeks while something works from Release to Stable.
0 -
Does the official workaround work if you are running CSF?
I thought CSF didn't work with nft ??? Thanks!!
0 -
I am also wondering if this will work with CSF.
I think I remember seeing something in the CSF changelog about it potentially using iptables-nft if it's available at /usr/sbin/iptables-nft, though I haven't tested that or the fix.
If anyone can confirm compatibility with CSF, it would be appreciated.0 -
While we don't provide support for CSF, our devs confirmed this wouldn't impact CSF in any way.
4 -
Hello. Here one more affected with this problem. I own 3 Almalinux 9.4 servers with cPanel and still receiving "An error occurred while updating server software". If I manually try UPCP cannot continue and I can't update the system either for the same problem so i'm in a loop
What is the best option? Wait for a fix to come automatically or fix this problem manually? In that case, how should I proceed? Thanks in advance.
0 -
We upgraded manually (AlmaLinux 9) because we were on 'Stable' and, so far, it's gone fine!
0 -
How did you updgraded manually?
0 -
They used the supplied SSH ‘official workaround’ above.
0 -
Thanks, appears to be working ok. Thanks for all the help in this thread.
0 -
After running the official workaround, is anyone having issues with CSF not allowing or blocking new IPs or ports?
I've tested by using csf -d {IP} but the IP I'm blocking can still connect to the server (where I would expect this be completely blocked now).
0 -
I've ended up re-installing CSF which seems to make it start working again (on multiple servers)
0
Please sign in to leave a comment.
Comments
22 comments