I cant remove iptables

pavlar · March 25, 2024, 6:21am

NAT iptables doesn’t work for me and that’s why I wanted to remove it and use it NAT nftables

sudo pacman -R iptables

:: removing iptables breaks dependency ‘iptables’ required by iproute2
I install iproute2 , but pacman -Qe | grep iproute2
it not show and iptables is chown: pacman -Qe | grep iptables
iptables 1:1.8.10-1

pebcak · March 25, 2024, 6:41am

Run pactree -r iptables to see what in your system is dependent on this package and why you can’t remove it without breaking things.

anon93652015 · March 25, 2024, 6:42am

Was just about to type this.

~~Would have to build his system from scratch, right?~~
Not actually sure. But looks like it.

pavlar · March 25, 2024, 6:43am

pactree -r iptables
iptables
└─iproute2
├─base
├─dhclient
├─netctl
├─networkmanager
│ └─network-manager-applet
├─pptpclient
├─rp-pppoe
└─vpnc
└─openconnect
└─networkmanager-openconnect

pebcak · March 25, 2024, 6:45am

Not sure if you can do without it anyways.

pavlar · March 25, 2024, 6:46am

I installed the system from ISO

anon93652015 · March 25, 2024, 6:47am

According to the wiki, it looks possible. But building Arch from scratch is not something I’ve ever done so…

anon93652015 · March 25, 2024, 6:48am

From scratch here would mean using the ISO from archlinux.org, or using your own customised ISO with calamaries.

pebcak · March 25, 2024, 6:49am

Can you point me to the article so I can have a look.

anon93652015 · March 25, 2024, 6:49am

Here you go:

https://wiki.archlinux.org/title/Nftables

and

https://wiki.archlinux.org/title/Iptables

pebcak · March 25, 2024, 6:56am

If I am not mistaken, installing base, when installing Arch, will pull in iproute2 as dependency which in turn pulls in iptables.

It doesn’t look as if it can be replaced by nftables. But nftables can be installed as well side by side.

See:

$ sudo pacman -S nftables
resolving dependencies...
looking for conflicting packages...

Package (1)     New Version  Net Change

extra/nftables  1:1.0.9-1      1.11 MiB

Total Installed Size:  1.11 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                                                                                                  [########################################################################################] 100%
(1/1) checking package integrity                                                                                                                [########################################################################################] 100%
(1/1) loading package files                                                                                                                     [########################################################################################] 100%
(1/1) checking for file conflicts                                                                                                               [########################################################################################] 100%
(1/1) checking available disk space                                                                                                             [########################################################################################] 100%
:: Processing package changes...
(1/1) installing nftables                                                                                                                       [########################################################################################] 100%
Optional dependencies for nftables
    python: Python bindings [installed]
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...


$ sudo pacman -R iptables
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: removing iptables breaks dependency 'iptables' required by iproute2
:: removing iptables breaks dependency 'iptables' required by ufw

$ sudo pacman -R iproute2
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: removing iproute2 breaks dependency 'iproute2' required by base
:: removing iproute2 breaks dependency 'iproute2' required by dhclient
:: removing iproute2 breaks dependency 'iproute2' required by networkmanager
:: removing iproute2 breaks dependency 'iproute2' required by pptpclient
:: removing iproute2 breaks dependency 'iproute2' required by rp-pppoe
:: removing iproute2 breaks dependency 'iproute2' required by unhide

pavlar · March 25, 2024, 7:01am

I download iso from https://endeavouros.com/#Download

anon93652015 · March 25, 2024, 7:01am

Yes, that’s true. But there is another section that says you can remove iptables after the fact, it seems, by replacing it with iptables-nft.

Alternatively, install iptables-nft, which includes nftables as a dependency, will automatically uninstall iptables (an indirect dependency of the base meta package) and prevent conflicts between iptables and nftables when used together.

Still think this may be impossible on a fully installed system, though.

Maybe would require an -Rdd?

pebcak · March 25, 2024, 7:02am

This is true.

No, a simple installation should ask you if you want to replace iptables.

pavlar · March 25, 2024, 7:03am

But I already had nftables in the system by default, I didn’t load it

anon93652015 · March 25, 2024, 7:03am

Try:

pacman -S iptables-nft

It may/should ask you to replace iptables.

pavlar · March 25, 2024, 7:07am

iptables left and iptables-nft appeared

anon93652015 · March 25, 2024, 7:09am

Great!

Thanks @pebcak. I woulda suggested something unnecessary.

All good? @pavlar

pavlar · March 25, 2024, 7:09am

pacman -R iptables-nft
:: removing iptables-nft breaks dependency ‘iptables’ required by iproute2

anon93652015 · March 25, 2024, 7:10am

Try:

pacman -R iptables

not iptables-nft