Mike_Rochefort wrote: ↑2021/10/23 14:47:03Code: Select all
$ dnf repolist $ dnf clean all $ dnf config-manager --disable <repo-id> <repo-id> ... $ dnf upgrade $ dnf install @python36
yum install got broken on Centos 8
-
- Posts: 66
- Joined: 2020/11/18 10:52:19
Re: yum install got broken on Centos 8
Thank you, it works.
Re: yum install got broken on Centos 8
FYI, I have this alias defined in /etc/dnf/aliases.d/USER.conf:
Code: Select all
SAFE = --disablerepo=* --enablerepo=baseos,appstream,powertools,epel,remi-safe
-
- Posts: 3
- Joined: 2021/10/27 05:56:05
Re: yum install got broken on Centos 8
it seems a braindead developer infected yum and dnf
if i drop icmp and ping packets from iptables as a security work dnf and yum will timeout completely
who said everything exist you should use in your programming
if i drop icmp and ping packets from iptables as a security work dnf and yum will timeout completely
who said everything exist you should use in your programming
Re: yum install got broken on Centos 8
I just added iptables rules to my CentOS 8 VM to block both incoming and outgoing ICMP packets. DNF continues to function.if i drop icmp and ping packets from iptables as a security work dnf and yum will timeout completely
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 3
- Joined: 2021/10/27 05:56:05
Re: yum install got broken on Centos 8
you didnt blocked it correctly block like this:
-I INPUT -p icmp -j DROP
-I OUTPUT -p icmp -j DROP
#-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-I INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-I OUTPUT -p icmp -m icmp --icmp-type 8 -j DROP
sometimes will work with blocked icmp packets but is very rare
but when i unblock icmp it completely works clean
and dnf will detects new packages for install but cant download them
Last edited by imherenotyet on 2021/10/28 13:15:32, edited 1 time in total.
Re: yum install got broken on Centos 8
The top 2 rules that you posted cover all ICMP so the rest are unnecessary. ICMP type 8 is a sub-type of all ICMP so those rules will never be reached. You can check that by using iptables -nvL to list the rules with byte and packet counts. They will never be reached. Also your rules 5 & 6 are identical to 3 & 4.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 3
- Joined: 2021/10/27 05:56:05
Re: yum install got broken on Centos 8
i know i just copy pasted them and tried to show type of defination in iptables anyway what is the result ?TrevorH wrote: ↑2021/10/27 19:09:46The top 2 rules that you posted cover all ICMP so the rest are unnecessary. ICMP type 8 is a sub-type of all ICMP so those rules will never be reached. You can check that by using iptables -nvL to list the rules with byte and packet counts. They will never be reached. Also your rules 5 & 6 are identical to 3 & 4.
Re: yum install got broken on Centos 8
Well, exactly the same since the top two are the same rules that I put in and it works.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: yum install got broken on Centos 8
For "extra credit" do run sudo nft list ruleset. The output is what the kernel actually has. The command iptables in el8 is nothing but a wrapper that (attempts to) translate iptables syntax into nftables syntax.
Why the attempt to block ICMP? Do you perceive that it improves security?
Why the attempt to block ICMP? Do you perceive that it improves security?