CentOS 6 – RepoForge and Advanced Policy Firewall

Hmm… Today I hit funny problem as I couldn’t install Advanced Policy Firewall from RepoForge (RPMforge) repository on CentOS 6. Fortunately the solution is trivial and doesn’t require any magic…

Problem description

Look at the command below to see the root of the problem:

$ sudo yum install apf
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
 * base: centos.hitme.net.pl
 * epel: ftp.ps.pl
 * extras: centos.hitme.net.pl
 * rpmforge: mirror.jgotteswinter.com
 * updates: centos.hitme.net.pl
1399 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package apf.noarch 0:9.7_1-1.el6.rf will be installed
--> Processing Dependency: /sbin/iptables for package: apf-9.7_1-1.el6.rf.noarch
--> Processing Dependency: /sbin/iptables-restore for package: apf-9.7_1-1.el6.rf.noarch
--> Processing Dependency: /sbin/iptables-save for package: apf-9.7_1-1.el6.rf.noarch
--> Processing Dependency: /sbin/iptables-save for package: apf-9.7_1-1.el6.rf.noarch
--> Processing Dependency: /sbin/iptables-restore for package: apf-9.7_1-1.el6.rf.noarch
--> Processing Dependency: /sbin/iptables for package: apf-9.7_1-1.el6.rf.noarch
--> Finished Dependency Resolution
Error: Package: apf-9.7_1-1.el6.rf.noarch (rpmforge)
           Requires: /sbin/iptables-restore
Error: Package: apf-9.7_1-1.el6.rf.noarch (rpmforge)
           Requires: /sbin/iptables
Error: Package: apf-9.7_1-1.el6.rf.noarch (rpmforge)
           Requires: /sbin/iptables-save
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

As you see there is an iptables dependency problem affecting installation process.

Files mentioned above (iptables, iptables-save, iptables-restore) are just links to the right executables:

$ rpm -qf /sbin/iptables
file /sbin/iptables is not owned by any package

$ ls -l /sbin/iptables
lrwxrwxrwx. 1 root root 33 04-26 16:22 /sbin/iptables -> /etc/alternatives/iptables.x86_64
$ ls -l /etc/alternatives/iptables.x86_64
lrwxrwxrwx. 1 root root 20 04-26 16:22 /etc/alternatives/iptables.x86_64 -> /sbin/iptables-1.4.7

$ repoquery -lq iptables | grep ^/sbin
/sbin/iptables-1.4.7
/sbin/iptables-multi-1.4.7
/sbin/iptables-restore-1.4.7
/sbin/iptables-save-1.4.7
/sbin/iptables-1.4.7
/sbin/iptables-multi-1.4.7
/sbin/iptables-restore-1.4.7
/sbin/iptables-save-1.4.7

Solution

To solve this problem download apf package directly:

$ wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/apf-9.7_1-1.el6.rf.noarch.rpm

Install it without checking for dependencies:

$ sudo rpm --nodeps -i apf-9.7_1-1.el6.rf.noarch.rpm