There are issues with netfilter-based iptables on OpenVZ VPS running AlmaLinux 8. You may see errors similar to the following when trying to start the default netfilter-based iptables service on an AlmaLinux 8 OpenVZ VPS:
CHAIN_ADD failed (Device or resource busy): chain OUTPUT
CHAIN_UPDATE failed (Device or resource busy): chain INPUT
CHAIN_UPDATE failed (Device or resource busy): chain FORWARD
CHAIN_UPDATE failed (Device or resource busy): chain OUTPUT
RULE_APPEND failed (No such file or directory): rule in chain INPUT
RULE_APPEND failed (No such file or directory): rule in chain FORWARD
The steps below outline how to install the legacy iptables packages as a workaround.
1. Remove the existing broken iptables packages:
dnf remove iptables iptables-libs iptables-services2. Install legacy iptables packages:
dnf install -y https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/i/iptables-libs-1.6.2-2.fc28.x86_64.rpm
dnf install -y https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/i/iptables-1.6.2-2.fc28.x86_64.rpm
dnf install -y https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/28/Everything/x86_64/os/Packages/i/iptables-services-1.6.2-2.fc28.x86_64.rpm3. Prevent these packages from being updated to the broken versions:
echo 'exclude=iptables iptables-libs iptables-services' >> /etc/dnf/dnf.conf4. You should now be able to start the iptables service without any issues:
systemctl start iptables