Am 07.03.25 um 15:07 schrieb Jan Engelhardt:
On Friday 2025-03-07 14:42, Guido Trentalancia wrote:
libxtables: tolerate DNS lookup failures
Do not abort on DNS lookup failure, just skip the
rule and keep processing the rest of the rules.
This is particularly useful, for example, when
iptables-restore is called at system bootup
before the network is up and the DNS can be
reached.
Not a good idea. Given
-F INPUT
-P INPUT ACCEPT
-A INPUT -s evil.hacker.com -j REJECT
-A INPUT -j ACCEPT
if you skip the rule, you now have a questionable hole in your security.
just don't use hostnames in stuff which is required to be upo *before*
the network to work properly at all
