I am not familiar with the application layer tools such as NetworkManager. The point is that the underlying issue does not change with auxiliary tools: I believe iptables should not abort setting up all rules, just because one or more of them fail to resolve in DNS. As already said, if one or more rules fail then those specific hosts are most likely unreachable anyway. Guido On Fri, 07/03/2025 at 18.21 +0100, Jan Engelhardt wrote: > On Friday 2025-03-07 18:09, Guido Trentalancia wrote: > > > > The patch solves a well defined problem: when iptables are loaded > > (usually at system bootup) the network might not be available (e.g. > > laptop computer with wireless connectivity) > > > > Consider that iptables can always be loaded again when Internet > > connectivity becomes available (for example, by a script used to > > turn > > the wireless connection up). > > When you add/edit rules in Networkmanager hooks (or whatever the > software in use is), i.e. response to network events, > then you can just as well use a *deterministic* ruleset during early > boot.