On Friday 2025-03-07 16:24, Guido Trentalancia wrote: >Of course, if the DNS is not available the "evil hacker" rule is >skipped when this patch is merged. > >However the drawbacks of not applying this patch are far worse, because > if the DNS is not available and some rules in the table contain domain >names, then all rules are skipped and the operation is aborted even for >numeric IP addresses and resolvable names. A silent/ignored error is much worse than an explicit error; the latter you can at least test for, scripting or otherwise.