Skip to main content

An error occurred while updating server software - Problem: package iptables-legacy

Comments

22 comments

  • Official comment
    cPRex Jurassic Moderator

    Official workaround:

    dnf --assumeyes swap iptables-legacy iptables-nft

     

  • cPRex Jurassic Moderator

    Hey there!  This looks like some classic package mismatches.  What does the output of this command show?

    rpm -qa | grep -i iptables-libs

     

    0
  • pixelweb

    Its showing

    iptables-libs-1.8.10-2.el9.x86_64
    0
  • cPRex Jurassic Moderator

    Could you try running the following to see if that allows the update to complete normally?

    dnf update --best --allowerasing
    0
  • pixelweb

    I get the following error when running that. 

    Problem: cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
    - problem with installed package iptables-legacy-1.8.10-2.2.el9.x86_64
    - package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
    - cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
    - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
    - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
    (try to add '--skip-broken' to skip uninstallable packages)
    0
  • frenziedfox

    I've got the same error:

    [root@srv02 ~]# dnf update
    Last metadata expiration check: 0:12:32 ago on Thu Sep  5 00:07:22 2024.
    Error:
     Problem: package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
      - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
      - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
      - cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
      - cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
    (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

    0
  • Joe W

    Morning all,

    Having the same issue, I also installed iptables in order to install CSF firewall.

    OS: AlmaLinux v9.4.0 STANDARD kvm
    cPanel Version: 120.0.16
    Kernel: 5.14.0-427.33.1.el9_4.x86_64

    When updating ( Home / Software / System Update ), I get the following error.

    System update process has started.
    
    “/usr/bin/dnf” reported error code “1” when it ended:  w/ /usr/bin/dnf upgrade --color=never -y --exclude=kernel-*
    Last metadata expiration check: 0:00:15 ago on Thu Sep  5 09:54:12 2024.
    <span class='text-danger'>Error: </span>
     Problem: package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
      - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
      - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
      - cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
      - cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
    (try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
    
    Often errors like this can be resolved by running `dnf makecache`
    
    System update process has finished.
    

    I tried running "dnf makecache" as the terminal output suggested, as well as uninstalling and reinstalling iptables to no avail.

    When running the command suggested by cPRex I get the following:

    [root@vps ~]# dnf update --best --allowerasing
    Last metadata expiration check: 0:03:48 ago on Thu 05 Sep 2024 09:54:12 AM BST.
    Error:
     Problem: cannot install the best update candidate for package iptables-legacy-1.8.10-2.2.el9.x86_64
      - problem with installed package iptables-legacy-1.8.10-2.2.el9.x86_64
      - package iptables-legacy-1.8.10-2.2.el9.x86_64 from @System requires (iptables-libs(x86-64) = 1.8.10-2.el9 or iptables-libs(x86-64) = 1.8.10-2.el9_1), but none of the providers can be installed
      - cannot install the best update candidate for package iptables-libs-1.8.10-2.el9.x86_64
      - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from @System
      - cannot install both iptables-libs-1.8.10-4.el9_4.x86_64 from baseos and iptables-libs-1.8.10-2.el9.x86_64 from baseos
    (try to add '--skip-broken' to skip uninstallable packages)
    [root@vps ~]#
    0
  • mtindor

    My AlmaLinux 9.4 boxes run:

    rpm -qa|grep tables

    nftables-1.0.9-1.el9.x86_64
    python3-nftables-1.0.9-1.el9.x86_64
    iptables-libs-1.8.10-4.el9_4.x86_64
    iptables-nft-1.8.10-4.el9_4.x86_64

    IF you were to decide you wanted to delete all the iptables/nftables stuff mentioned and then install items to match what I have above, you'd want to be sure to use the tools to back up your iptables configuration first.

    One of my Almalinux 9.4 machines had the same message that yours did and I uninstalled iptables-legacy and iptables-libs and then made sure that the box mimicked my other boxes as shown above.   BUT, on that particular box I did not have any iptables stuff configured because that particular box sits behind a hardware firewall so I never bothered to add iptables-specific rules.  I didn't have to worry about backing my up iptables configuration.

    The bottom line for me was that ultimately I got rid of iptables-legacy.

    None of my CloudLinux 8.10 or Almalinux 9.4 boxes run iptables-legacy.    And I use CSF/LFD on all of them but one.

     

    0
  • pixelweb

    Hey there, 

    mtindor

    When you mentioned backing up your IP tables configuration, were you referring to the csf.conf file (the one created by CSF), or something else?

    cPRex 

    Is there anything else to possibly try here, this is preventing maintenance updates from fully running.

    I came across a few posts elsewhere from people with "similar" type errors who managed to resolve it by removing iptables-legacy and installing iptables-nft. However, that wasn't specifically related to cPanel, and I'm not sure how that might affect CSF or cPanel itself. I'm a bit cautious about running any commands without knowing the full impact.

    Do you know if there's an official fix in the works for this?

    Any help would be appreciated. 

    0
  • cPRex Jurassic Moderator

    There is an official fix happening for this issue, yes.  This will be included in the next version 122 release.  (If you're on Release and you don't get the next update immediately, you can run "/scripts/upcp --force" to ensure you get it).

    I'm not sure exactly when but we are hoping the next version of 122 gets through final testing today.  So it could be as soon as tomorrow!

    If I'm understanding things correctly, there is a package mismatch between EPEL and the AlmaLinux 8 and cPanel repositories so some update sooner than others, leading to the confusion, but it'll be resolved moving forward.

    0
  • pixelweb

    Thanks for the update.

    Do we have to be on Release tier or will it trickle down to Stable as well?  I am currently on Stable, should I change that to Release? 

    0
  • cPRex Jurassic Moderator

    Everything eventually gets to Stable, although I'm not sure what the schedule is just yet for this getting through the tiers.  Usually it's a few weeks while something works from Release to Stable.

    0
  • Unnamed User

    Does the official workaround work if you are running CSF?

    I thought CSF didn't work with nft ???  Thanks!!

    0
  • pixelweb

    I am also wondering if this will work with CSF.

    I think I remember seeing something in the CSF changelog about it potentially using iptables-nft if it's available at /usr/sbin/iptables-nft, though I haven't tested that or the fix.

    If anyone can confirm compatibility with CSF, it would be appreciated.

    0
  • cPRex Jurassic Moderator

    While we don't provide support for CSF, our devs confirmed this wouldn't impact CSF in any way.

    4
  • Hueznar

    Hello. Here one more affected with this problem. I own 3 Almalinux 9.4 servers with cPanel and still receiving "An error occurred while updating server software". If I manually try UPCP cannot continue and I can't update the system either for the same problem so i'm in a loop

    What is the best option? Wait for a fix to come automatically or fix this problem manually? In that case, how should I proceed? Thanks in advance.

    0
  • frenziedfox

    We upgraded manually (AlmaLinux 9) because we were on 'Stable' and, so far, it's gone fine!

    0
  • Hueznar

    How did you updgraded manually?

    0
  • frenziedfox

    They used the supplied SSH ‘official workaround’ above.

    0
  • Hueznar

    Thanks, appears to be working ok. Thanks for all the help in this thread.

    0
  • matt1206

    After running the official workaround, is anyone having issues with CSF not allowing or blocking new IPs or ports?

    I've tested by using csf -d {IP} but the IP I'm blocking can still connect to the server (where I would expect this be completely blocked now).

    0
  • matt1206

    I've ended up re-installing CSF which seems to make it start working again (on multiple servers)

    0

Please sign in to leave a comment.