Re: [PATCH iptables]: xtables: tolerate DNS lookup failures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am not familiar with the application layer tools such as
NetworkManager.

The point is that the underlying issue does not change with auxiliary
tools: I believe iptables should not abort setting up all rules, just
because one or more of them fail to resolve in DNS.

As already said, if one or more rules fail then those specific hosts
are most likely unreachable anyway.

Guido

On Fri, 07/03/2025 at 18.21 +0100, Jan Engelhardt wrote:
> On Friday 2025-03-07 18:09, Guido Trentalancia wrote:
> > 
> > The patch solves a well defined problem: when iptables are loaded
> > (usually at system bootup) the network might not be available (e.g.
> > laptop computer with wireless connectivity)
> > 
> > Consider that iptables can always be loaded again when Internet
> > connectivity becomes available (for example, by a script used to
> > turn
> > the wireless connection up).
> 
> When you add/edit rules in Networkmanager hooks (or whatever the
> software in use is), i.e. response to network events,
> then you can just as well use a *deterministic* ruleset during early
> boot.




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux