Rocky 9.5 minimal image comes with firewalled, which has iptables-nft as a dependency, so if we do yum install iptables-sevices, a package iptables-nft-services is installed.
However, later during yum update (or due to some other scripts), we end up also with iptables-services from epel:
]# dnf list installed | grep -i iptables
iptables-devel.x86_64 1.8.10-4.el9_4 @appstream
iptables-libs.x86_64 1.8.10-4.el9_4 @baseos
iptables-nft.x86_64 1.8.10-4.el9_4 @baseos
iptables-nft-services.noarch 1.8.10-4.el9_4 @appstream
iptables-services.noarch 1.8.10-4.1.el9 @epel
Both of these provide, for example, /usr/libexec/initscripts/legacy-actions/ip6tables/save or /usr/lib/systemd/system/iptables.service. That is the difference, and how do they not conflict?
If you will see when EPEL is disabled:
root@rocky9:~# dnf list iptables*
Last metadata expiration check: 1:00:21 ago on Thu 22 May 2025 12:04:55 PM CEST.
Installed Packages
iptables-libs.x86_64 1.8.10-11.el9_5 @baseos
iptables-nft.x86_64 1.8.10-11.el9_5 @baseos
Available Packages
iptables-devel.i686 1.8.10-11.el9_5 appstream
iptables-devel.x86_64 1.8.10-11.el9_5 appstream
iptables-libs.i686 1.8.10-11.el9_5 baseos
iptables-nft-services.noarch 1.8.10-11.el9_5 appstream
iptables-utils.x86_64 1.8.10-11.el9_5 baseos
there is no iptables-services package. As you can see I also don’t have it installed. I then decided to install it properly, so:
root@rocky9:~# dnf install iptables-nft-services
Last metadata expiration check: 1:01:36 ago on Thu 22 May 2025 12:04:55 PM CEST.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
iptables-nft-services noarch 1.8.10-11.el9_5 appstream 19 k
Transaction Summary
========================================================================================================================
Install 1 Package
Total download size: 19 k
Installed size: 30 k
Is this ok [y/N]: y
Downloading Packages:
iptables-nft-services-1.8.10-11.el9_5.noarch.rpm 133 kB/s | 19 kB 00:00
------------------------------------------------------------------------------------------------------------------------
Total 43 kB/s | 19 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : iptables-nft-services-1.8.10-11.el9_5.noarch 1/1
Running scriptlet: iptables-nft-services-1.8.10-11.el9_5.noarch 1/1
Verifying : iptables-nft-services-1.8.10-11.el9_5.noarch 1/1
Installed:
iptables-nft-services-1.8.10-11.el9_5.noarch
Complete!
by providing the correct package name. I then enable epel again and do dnf update and it doesn’t install or try to add iptables-services from epel.
root@rocky9:~# dnf config-manager --enable epel
root@rocky9:~# dnf update
Extra Packages for Enterprise Linux 9 - x86_64 188 kB/s | 35 kB 00:00
Dependencies resolved.
Nothing to do.
Complete!
root@rocky9:~# rpm -qa | grep iptables | sort
iptables-libs-1.8.10-11.el9_5.x86_64
iptables-nft-1.8.10-11.el9_5.x86_64
iptables-nft-services-1.8.10-11.el9_5.noarch
even if I repeat what you did, but with epel disabled, I still cannot replicate the problem:
root@rocky9:~# dnf install iptables-services
Last metadata expiration check: 1:03:35 ago on Thu 22 May 2025 12:04:55 PM CEST.
Dependencies resolved.
========================================================================================================================
Package Architecture Version Repository Size
========================================================================================================================
Installing:
iptables-nft-services noarch 1.8.10-11.el9_5 appstream 19 k
Transaction Summary
========================================================================================================================
Install 1 Package
Total download size: 19 k
Installed size: 30 k
Is this ok [y/N]: y
Downloading Packages:
iptables-nft-services-1.8.10-11.el9_5.noarch.rpm 125 kB/s | 19 kB 00:00
------------------------------------------------------------------------------------------------------------------------
Total 44 kB/s | 19 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : iptables-nft-services-1.8.10-11.el9_5.noarch 1/1
Running scriptlet: iptables-nft-services-1.8.10-11.el9_5.noarch 1/1
Verifying : iptables-nft-services-1.8.10-11.el9_5.noarch 1/1
Installed:
iptables-nft-services-1.8.10-11.el9_5.noarch
Complete!
root@rocky9:~# dnf config-manager --enable epel
root@rocky9:~# dnf update
Extra Packages for Enterprise Linux 9 - x86_64 166 kB/s | 35 kB 00:00
Dependencies resolved.
Nothing to do.
Complete!
root@rocky9:~# rpm -qa | grep iptables | sort
iptables-libs-1.8.10-11.el9_5.x86_64
iptables-nft-1.8.10-11.el9_5.x86_64
iptables-nft-services-1.8.10-11.el9_5.noarch
and even with epel enabled, if I try to install iptables-services it only installs the epel package and not iptables-nft-services.
So not really sure how you managed to do it, because I cannot replicate. I would check your command history as well as dnf log files because I expect it was already installed or someone installed it.