On Friday 2025-03-07 14:42, Guido Trentalancia wrote: >libxtables: tolerate DNS lookup failures > >Do not abort on DNS lookup failure, just skip the >rule and keep processing the rest of the rules. > >This is particularly useful, for example, when >iptables-restore is called at system bootup >before the network is up and the DNS can be >reached. Not a good idea. Given -F INPUT -P INPUT ACCEPT -A INPUT -s evil.hacker.com -j REJECT -A INPUT -j ACCEPT if you skip the rule, you now have a questionable hole in your security.
