Description of problem: It seems wrong to me that the "iptables-services" both Requires and Provides "iptables", but of different versions. [cfriesen@bob Downloads]$ rpm -qpR iptables-services-1.4.21-15.fc23.x86_64.rpm iptables = 1.4.21-15.fc23 [cfriesen@bob Downloads]$ rpm -qp --provides iptables-services-1.4.21-15.fc23.x86_64.rpm iptables = 1.4.16.1 iptables-services = 1.4.21-15.fc23 This can easily cause confusion for various tools (and people) unless they look very closely at the version numbers. Version-Release number of selected component (if applicable): 1.4.21-15.fc23 (and a bunch of others, including RHEL7/CentOS7) How reproducible: Always Steps to Reproduce: 1. download the binary RPM and analyze it Actual results: See above. Expected results: iptables-services should not Provide any version of iptables, since it already Requires iptables.
The spec reads: %package services Summary: iptables and ip6tables services for iptables Group: System Environment/Base Requires: %{name} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # provide and obsolete old main package Provides: %{name} = 1.4.16.1 Obsoletes: %{name} < 1.4.16.1 I believe this was an incorrect attempt to handle a package split. I'm guessing the idea was to split the service files out from the main 'iptables' package. The intent was that when a system with the old combined 'iptables' package was updated, both the new smaller 'iptables' and 'iptables-services' should be installed, but iptables must not 'Requires: iptables-services' because the intent of the split is to make the service files optional. If that is the case, the *correct* way to do it would simply be for *both* the main package *and* the 'services' subpackage to obsolete the old main package. Thus: diff --git a/iptables.spec b/iptables.spec index cea46d0..18d1cdf 100644 --- a/iptables.spec +++ b/iptables.spec @@ -36,6 +36,9 @@ BuildRequires: pkgconfig(libnftnl) >= 1.0.5 # libpcap-devel for nfbpf_compile BuildRequires: libpcap-devel Requires: %{name}-libs%{?_isa} = %{version}-%{release} +# obsolete versions from before the 'services' split to ensure both +# main and sub-package are installed on update +Obsoletes: %{name} < 1.4.16.1 %description The iptables utility controls the network packet filtering code in the @@ -75,8 +78,7 @@ Requires: %{name} = %{version}-%{release} Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -# provide and obsolete old main package -Provides: %{name} = 1.4.16.1 +# obsolete pre-split main package Obsoletes: %{name} < 1.4.16.1 # provide and obsolete ipv6 sub package Provides: %{name}-ipv6 = 1.4.11.1 I don't know what's going on with the way the services package provides/obsoletes an 'ipv6' subpackage, so I don't know if that's correct or incorrect.
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Still seems to be valid.
I'm not 100% sure, but I believe this is the cause of some of my issues on F25. We are building a F25 chroot image and our puppet tries to install iptables-services expecting it to drag in iptables correctly. --- py27) root@diskimage-builder-new:/# dnf -v -y install iptables-services cachedir: /tmp/yum Loaded plugins: Query, noroot, copr, builddep, needs-restarting, protected_packages, download, debuginfo-install, playground, generate_completion_cache, reposync, config-manager DNF version: 1.1.10 repo: using cache for: fedora not found updateinfo for: Fedora 25 - x86_64 repo: using cache for: updates fedora: using metadata from Tue Nov 15 19:49:18 2016. updates: using metadata from Fri Dec 16 20:18:00 2016. Last metadata expiration check: 0:24:23 ago on Sun Dec 18 23:02:48 2016. --> Starting dependency resolution ---> Package iptables-services.x86_64 1.6.0-2.fc25 will be installed --> Finished dependency resolution Dependencies resolved. =========================================================================================== Package Arch Version Repository Size =========================================================================================== Installing: iptables-services x86_64 1.6.0-2.fc25 fedora 54 k Transaction Summary =========================================================================================== Install 1 Package Total size: 54 k Installed size: 24 k Downloading Packages: [SKIPPED] iptables-services-1.6.0-2.fc25.x86_64.rpm: Already downloaded Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. --- Well iptables 1.6.0-2.fc25 is available? --- (py27) root@diskimage-builder-new:/# dnf repoquery iptables iptables-services Last metadata expiration check: 0:25:20 ago on Sun Dec 18 23:02:48 2016. iptables-0:1.6.0-2.fc25.i686 iptables-0:1.6.0-2.fc25.x86_64 iptables-services-0:1.6.0-2.fc25.x86_64 --- Something weird is that "repoquery --requires" shows only bash as a requirement --- (py27) root@diskimage-builder-new:/# dnf repoquery --requires iptables-services Last metadata expiration check: 0:25:49 ago on Sun Dec 18 23:02:48 2016. /bin/bash --- The package has the same provides thing going on --- (py27) root@diskimage-builder-new:/# rpm -qp --provides iptables-services-1.6.0-2.fc25.x86_64.rpm config(iptables-services) = 1.6.0-2.fc25 iptables = 1.4.16.1 iptables-ipv6 = 1.4.11.1 iptables-services = 1.6.0-2.fc25 iptables-services(x86-64) = 1.6.0-2.fc25 --- So I *think* what happens is that dnf/yum sees "iptables-services provides iptables 1.4.16.1 ; all good" then rpm check and says "but I need iptables 1.6.0-2.fc25 ... uh oh I don't know what to do" The solution is to install "iptables-services iptables" all at once. But this is a problem for automation such as our puppet. I'd note this is the first I've seen this, and we've been doing this since at least F23, so presumably something broke in the F25 time-frame here?
Fixed in rawhide in package iptables-1.6.0-3.fc26
Hi! That dependency bugs seems to break bootstrapping a fedora 25 chroot using yum at the moment. Is there a chance to have the rawhide fix applied to fedora 25 updates, as well? Is there a different ticket for that? Many thanks, Sebastian
Reponening, since it was not fixed in stable releases such as F25, yet.
can we get this fixed in f25?
iptables-1.6.0-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d894ef91d4
iptables-1.6.0-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d894ef91d4
iptables-1.6.0-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
This is not fixed for me in Fedora 25. Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'.
I also have this error in F25 Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'.
It's important to read the entire bug. The automated note from Fedora's update system claims that this bug is fixed in a new version of the iptables packages, and even tells us that the new version is 1.6.0-3.fc25. The last two comments are attempting to convince us that the problem is not fixed, and quoting error messages that talk about version 1.6.0-2.fc25, which is the version we've known to be broken since the bug was opened. Perhaps you should wait until your mirror actually gets the new version of the packages and then test.
Got the same error message, and on my system the reason was not a due to a not uptodate mirror, but a real dependency issue: "... package system-config-firewall-base-1.2.29-12.fc21.noarch requires iptables-ipv6 ..." After deinstalling this package, I was able to update. I guess that's a new bug introduced by the recent fix - nothing provides iptables-ipv6 anymore.
(In reply to Mitchell Berger from comment #14) > It's important to read the entire bug. The automated note from Fedora's > update system claims that this bug is fixed in a new version of the iptables > packages, and even tells us that the new version is 1.6.0-3.fc25. > > The last two comments are attempting to convince us that the problem is not > fixed, and quoting error messages that talk about version 1.6.0-2.fc25, > which is the version we've known to be broken since the bug was opened. > > Perhaps you should wait until your mirror actually gets the new version > of the packages and then test. Thanks, Mitchell. I'm new to reading these. It looks as if the solution was to wait and run the following (indicated by the error message: sudo dnf upgrade iptables --best --allowerasing)
Re-opening. The update removes an existing provides.
With: iptables-1.6.0-2.fc25.x86_64 iptables-libs-1.6.0-2.fc25.x86_64 iptables-services-1.6.0-2.fc25.x86_64 # dnf update ... Dependencies resolved. ============================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================= Upgrading: iptables x86_64 1.6.0-3.fc25 updates 416 k iptables-libs x86_64 1.6.0-3.fc25 updates 87 k Reinstalling: iptables-services x86_64 1.6.0-2.fc25 fedora 54 k Skipping packages with broken dependencies: iptables-services x86_64 1.6.0-3.fc25 updates 53 k Transaction Summary ============================================================================================================================================================================================================================================= Upgrade 2 Packages Skip 1 Package Total download size: 557 k # dnf update --best --allowerasing ... Error: package system-config-firewall-base-1.2.29-12.fc21.noarch requires iptables-ipv6, but none of the providers can be installed
http://pkgs.fedoraproject.org/cgit/rpms/system-config-firewall.git/commit/?h=f25 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7df8b12271
$ LANG=C sudo dnf update Last metadata expiration check: 0:15:54 ago on Mon Feb 20 18:54:25 2017. Dependencies resolved. ==================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================== Upgrading: iptables x86_64 1.6.0-3.fc25 updates 416 k iptables-libs x86_64 1.6.0-3.fc25 updates 87 k Reinstalling: iptables-services x86_64 1.6.0-2.fc25 fedora 54 k Skipping packages with broken dependencies: iptables-services x86_64 1.6.0-3.fc25 updates 53 k Transaction Summary ==================================================================================================================================== Upgrade 2 Packages Skip 1 Package Total download size: 557 k Is this ok [y/N]: y Downloading Packages: (1/3): iptables-libs-1.6.0-3.fc25.x86_64.rpm 451 kB/s | 87 kB 00:00 (2/3): iptables-services-1.6.0-2.fc25.x86_64.rpm 277 kB/s | 54 kB 00:00 (3/3): iptables-1.6.0-3.fc25.x86_64.rpm 1.3 MB/s | 416 kB 00:00 ------------------------------------------------------------------------------------------------------------------------------------ Total 179 kB/s | 557 kB 00:03 Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'.
(In reply to Thomas Moschny from comment #15) > Got the same error message, and on my system the reason was not a due to a > not uptodate mirror, but a real dependency issue: > > "... package system-config-firewall-base-1.2.29-12.fc21.noarch requires > iptables-ipv6 ..." > > After deinstalling this package, I was able to update. > > I guess that's a new bug introduced by the recent fix - nothing provides > iptables-ipv6 anymore. This was the issue for me as well. It was not a mirror issue.
(In reply to mttdbrd from comment #21) > (In reply to Thomas Moschny from comment #15) > > Got the same error message, and on my system the reason was not a due to a > > not uptodate mirror, but a real dependency issue: > > > > "... package system-config-firewall-base-1.2.29-12.fc21.noarch requires > > iptables-ipv6 ..." > > > > After deinstalling this package, I was able to update. > > > > I guess that's a new bug introduced by the recent fix - nothing provides > > iptables-ipv6 anymore. > > This was the issue for me as well. It was not a mirror issue. I had the same issue with iptables update, so I tried to update with koji iptables builds and I ran into same error like Thomas. I filed a bugzilla for it https://bugzilla.redhat.com/show_bug.cgi?id=1425050 .
Install of RDO Newton openstack-nova-compute now fails due to iptables-1.6.0-3.fc25 no longer providing iptables-ipv6. Unfortunately, this creates a bit of a mess. I can back out to iptables-1.6.0-2.fc25 + iptables-services-1.6.0-2.fc25 and openstack-nova-compute installs again. As the iptables-ipv6 seems to be a legacy thing, with real downstream users, do you think you can add iptables-ipv6 to the "Provides" for "iptables" itself?
Hacky... but to get around this, I created a "iptables-ipv6-dependency.noarch" RPM that "Requires: iptables >= 1.6.0-3.fc25" and "Provides: iptables-ipv6 = 1.6.0-3.fc25". This resolved the issue I was fighting with without having to rebuild openstack-nova-compute. I think it is a sort of proof of concept that iptables should still "Provides: iptables-ipv6". The iptables-services confusion just hid this problem from us. I think I wondered why iptables-services was needed in the past but I didn't question it sufficiently until today...
*** Bug 1424954 has been marked as a duplicate of this bug. ***
Just hit this bug when trying to upgrade f24 to f25. Can't remove the iptables-services or I also lose openstack-nova-compute. Bug was first reported April 2016, nearly a year ago. C'mon guise...
Hello, According to the Shorewall maillist, on which I'm a member (short summary from the February 25th, 2017 digest): "It will not affect upstream Shorewall and Shorewall6 -- it will only affect Red Hat/Fedora packaging." "it doesn't affect those either, because shorewall doesn't need/use iptables-services." "The REL7 EPEL shorewall.spec file still has Shorewall6 and Shorewall6-lite requiring iptables-ipv6. I've suggested that Răzvan file a bug report against those packages." Hope it helps. :) Best regards, Răzvan
This update has broken shorewall6 on F25 also: # dnf --best --allowerasing upgrade iptables Last metadata expiration check: 2:38:16 ago on Sat Mar 4 05:26:30 2017. Dependencies resolved. ================================================================== Package Arch Version Repository Size ================================================================== Upgrading: iptables x86_64 1.6.0-3.fc25 updates 416 k iptables-libs x86_64 1.6.0-3.fc25 updates 87 k iptables-services x86_64 1.6.0-3.fc25 updates 53 k Removing: shorewall6 noarch 5.0.14.1-1.fc25 @updates 1.2 M Transaction Summary ================================================================== Upgrade 3 Packages Remove 1 Package Total size: 556 k Total download size: 53 k Is this ok [y/N]: Also because of http://pkgs.fedoraproject.org/cgit/rpms/iptables.git/commit/?h=f25&id=5d4ad7725f140f51c64d432c06b6da9239a0d454 which removes the Provides: %{name}-ipv6 = 1.4.11.1 I think this ticket needs to go back to the drawing board.
Hello, Please release this to stable, since it is constantly blocking automatic updates on Fedora systems. Thanks, Răzvan
Any updates to this? My iptables-ipv6-dependency RPM hack is working fine for me, but it seems like a lot of other people are impacted. Please update the fix so that instead of entirely dropping "Provides: iptables-ipv6", the "Provides: iptables-ipv6" should be added to "iptables". This would ensure compatibility with the tags that people are clearly depending upon still?
Why is this still a problem on current F25? It's been open for months now.
Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Looks like it was fixed in Fedora 26
Hi Chris: What part was fixed? I did notice the internal consistency within Fedora may have been fixed, but external packages that still rely on "iptables-ipv6" have not been fixed? As "iptables-ipv6" works in RHEL 7 and others (for a definition of "works" that means only that the packages do depend upon it still, and they don't fail), I am wondering whether the right solution is to explicitly provide "iptables-ipv6" from the "iptables" package, which matches previous understanding of what "iptables-ipv6" really meant?
The original issue was that iptables-services both required and depended on iptables. That is no longer a problem in fedora 26 or 27. In Fedora 26/27 there is no longer any package that provides "iptables-ipv6". The "iptables" package provides the "ip6tables" binary. Based on https://bugzilla.redhat.com/show_bug.cgi?id=1101510 it looks like this has been true for several years now.
>> "In Fedora 26/27 there is no longer any package that provides "iptables-ipv6". The "iptables" package provides the "ip6tables" binary. Based on https://bugzilla.redhat.com/show_bug.cgi?id=1101510 it looks like this has been true for several years now." Actually, it was the fix for this bugzilla that introduced the problem. See a prior version that was released in Fedora 25: $ wget -q http://dl.fedoraproject.org/pub/fedora/linux/releases/25/Workstation/x86_64/os/Packages/i/iptables-services-1.6.0-2.fc25.x86_64.rpm $ rpm -q --provides --package iptables-services-1.6.0-2.fc25.x86_64.rpm | grep ipv6 iptables-ipv6 = 1.4.11.1 Then, see the latest update: $ wget -q http://dl.fedoraproject.org/pub/fedora/linux/updates/25/x86_64/i/iptables-services-1.6.0-3.fc25.x86_64.rpm $ rpm -q --provides --package iptables-services-1.6.0-3.fc25.x86_64.rpm | grep ipv6 $ As you can see, it was the "-3" fix that dropped the iptables-ipv6 dependency. This causes RDO Newton openstack-nova-compute and RDO Ocata openstack-nova-compute to not install, because: $ wget -q http://mirror.centos.org/centos/7/cloud/x86_64/openstack-ocata/openstack-nova-compute-15.0.7-1.el7.noarch.rpm $ rpm -q --requires --package openstack-nova-compute-15.0.7-1.el7.noarch.rpm| grep ipv6 warning: openstack-nova-compute-15.0.7-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 764429e6: NOKEY iptables-ipv6 The "iptables-ipv6" used to mean something a long time ago. It still "works" in RHEL 7. This makes it a sort of public interface. Dropping it means breaking compatibility and causing all packages that still list as a dependency to be impossible to install because the requirement cannot be met. Earlier in the comments, I described how I had to introduce a special RPM that satisfies this dependency to allow such packages to get installed. I think "iptables" should provide "iptables-ipv6" for compatibility reasons. My guess of what happened here is that when iptables was split into iptables-services, the iptables-ipv6 got pulled over to iptables-services by accident and nobody noticed because generally everything still worked. Then, with iptables-services-1.6.0-3.fc25, to address your issue, somebody thought it was ok to also drop iptables-ipv6, and this created a regression that I am describing. How do we get this fixed?
For reference, this is the change that was made to address this Bugzilla: https://src.fedoraproject.org/cgit/rpms/iptables.git/commit/?h=f25&id=5d4ad7725f140f51c64d432c06b6da9239a0d454 And this is where "iptables-ipv6" got dropped: -# provide and obsolete old main package -Provides: %{name} = 1.4.16.1 +# obsolete old main package Obsoletes: %{name} < 1.4.16.1 -# provide and obsolete ipv6 sub package -Provides: %{name}-ipv6 = 1.4.11.1 +# obsolete ipv6 sub package Obsoletes: %{name}-ipv6 < 1.4.11.1 It was correct to drop "Provides: %{name} = 1.4.16.1" as you asked for, as there is already an iptables packages which provides the capability. It was not correct to drop the "Provides: %{name} = 1.4.11.1". This should have been moved to iptables to maintain compatibility with prior releases, and packages based upon prior releases, where "iptables-ipv6" has traditionally meant "iptables with ipv6 support", and some packages still require this capability.
Sorry for the noise. But above, I meant %{name}-ipv6: It was not correct to drop the "Provides: %{name}-ipv6 = 1.4.11.1". This should have been moved to iptables to maintain compatibility with prior releases, and packages based upon prior releases, where "iptables-ipv6" has traditionally meant "iptables with ipv6 support", and some packages still require this capability.
I agree that they should have kept the ipv6 "provides" entry. However, given that https://bugzilla.redhat.com/show_bug.cgi?id=1425050 hasn't gotten any attention at all, it seems like they're not planning on doing anything about it in Fedora 25. I'm not sure that it makes sense to try to keep this bug open for Fedora 26 and later, since the original problem of circular dependency has been resolved and the removal of the ipv6 "provides" entry could be intended policy in those releases (though if that's the case it'd be good if someone made an official statement in that other bug).
Chris: Yeah. I think people are confused about when this problem was introduced and this is part of why there is no follow up. But it was introduced with the well-intentioned fix for your reported issue, and it has caused downstream breakage. :-( I am a little ignorant here. What is the Fedora policy around bug fixes that introduce regressions? Should we require it be re-opened or should we open a new one? https://bugzilla.redhat.com/show_bug.cgi?id=1425050 doesn't really address my concern, which is that non-Fedora packages also rely on iptables-ipv6, and these are now broken as well. If they fixed https://bugzilla.redhat.com/show_bug.cgi?id=1425050 by dropping the iptables-ipv6 dependency, it wouldn't address my concern. I'd be happy to fix it myself, but I don't know the way into this other than bugzilla for today. :-)
Realistically, Fedora 25 is going EOL by the end of the year, so I suspect it will not get fixed before then... The "iptables-ipv6" dependency seems to be completely gone in Fedora 26 and later.
For: > The "iptables-ipv6" dependency seems to be completely gone in Fedora 26 and later. Yes. But, it isn't gone from non-Fedora packages. For example: RDO and openstack-nova-compute. Erasing a long-used RPM dependency as a side-effect of fixing another problem in mid-Fedora 25 release is a serious regression to me. Even the Pike release still refers to iptables-ipv6! I'm using Fedora 26 today and the problem originating from this Fedora 25 fix is still hanging around and affecting me. I'm really looking for a statement to set things straight here like: 1) Too bad. Fedora has made an explicit policy decision to break compatibility by no longer providing the long-used "iptables-ipv6" capability. All packages that still refer to this need to be fixed to drop this dependency or they will not work correctly in Fedora 26 and future. -- In this case, I will consider my work-around permanent until I either stop using the RDO packages, or the RDO packages are changed. 2) Sorry, I'll fix this. I tried to fix Chris' problem and I didn't realize that iptables-ipv6 was a dependency of other packages. My mistake. Let me put this back for you or this is how you can do this yourself. It may have to be fixed in Fedora 27 though, is that ok? 3) Sorry, but we can't fix this in Fedora 25 as it is nearing EOL. Please open a new Bugzilla to capture this regression to be resolved in Fedora 26 or Fedora 27 and somebody will be happy to look into it or this is how you can look into it yourself.
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.