yum install got broken on Centos 8

Issues related to applications and software problems and general support
search4workingdistro
Posts: 66
Joined: 2020/11/18 10:52:19

Re: yum install got broken on Centos 8

Post by search4workingdistro » 2021/10/23 17:49:53

Thank you, it works.
Mike_Rochefort wrote:
2021/10/23 14:47:03

Code: Select all

$ dnf repolist
$ dnf clean all
$ dnf config-manager --disable <repo-id> <repo-id> ...
$ dnf upgrade
$ dnf install @python36

sml
Posts: 305
Joined: 2020/01/17 09:01:44

Re: yum install got broken on Centos 8

Post by sml » 2021/10/24 20:01:11

FYI, I have this alias defined in /etc/dnf/aliases.d/USER.conf:

Code: Select all

SAFE = --disablerepo=* --enablerepo=baseos,appstream,powertools,epel,remi-safe

imherenotyet
Posts: 3
Joined: 2021/10/27 05:56:05

Re: yum install got broken on Centos 8

Post by imherenotyet » 2021/10/27 06:15:36

it seems a braindead developer infected yum and dnf

if i drop icmp and ping packets from iptables as a security work dnf and yum will timeout completely

who said everything exist you should use in your programming

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum install got broken on Centos 8

Post by TrevorH » 2021/10/27 10:54:49

if i drop icmp and ping packets from iptables as a security work dnf and yum will timeout completely
I just added iptables rules to my CentOS 8 VM to block both incoming and outgoing ICMP packets. DNF continues to function.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

imherenotyet
Posts: 3
Joined: 2021/10/27 05:56:05

Re: yum install got broken on Centos 8

Post by imherenotyet » 2021/10/27 15:56:39

TrevorH wrote:
2021/10/27 10:54:49
if i drop icmp and ping packets from iptables as a security work dnf and yum will timeout completely
I just added iptables rules to my CentOS 8 VM to block both incoming and outgoing ICMP packets. DNF continues to function.
you didnt blocked it correctly block like this:

-I INPUT -p icmp -j DROP
-I OUTPUT -p icmp -j DROP
#-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-I INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-I OUTPUT -p icmp -m icmp --icmp-type 8 -j DROP

sometimes will work with blocked icmp packets but is very rare
but when i unblock icmp it completely works clean

and dnf will detects new packages for install but cant download them
Last edited by imherenotyet on 2021/10/28 13:15:32, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum install got broken on Centos 8

Post by TrevorH » 2021/10/27 19:09:46

The top 2 rules that you posted cover all ICMP so the rest are unnecessary. ICMP type 8 is a sub-type of all ICMP so those rules will never be reached. You can check that by using iptables -nvL to list the rules with byte and packet counts. They will never be reached. Also your rules 5 & 6 are identical to 3 & 4.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

imherenotyet
Posts: 3
Joined: 2021/10/27 05:56:05

Re: yum install got broken on Centos 8

Post by imherenotyet » 2021/10/28 06:56:57

TrevorH wrote:
2021/10/27 19:09:46
The top 2 rules that you posted cover all ICMP so the rest are unnecessary. ICMP type 8 is a sub-type of all ICMP so those rules will never be reached. You can check that by using iptables -nvL to list the rules with byte and packet counts. They will never be reached. Also your rules 5 & 6 are identical to 3 & 4.
i know i just copy pasted them and tried to show type of defination in iptables anyway what is the result ?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: yum install got broken on Centos 8

Post by TrevorH » 2021/10/28 08:43:18

Well, exactly the same since the top two are the same rules that I put in and it works.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: yum install got broken on Centos 8

Post by jlehtone » 2021/10/28 14:09:06

For "extra credit" do run sudo nft list ruleset. The output is what the kernel actually has. The command iptables in el8 is nothing but a wrapper that (attempts to) translate iptables syntax into nftables syntax.

Why the attempt to block ICMP? Do you perceive that it improves security?

Post Reply