Am 07.03.25 um 21:37 schrieb Guido Trentalancia:
Apart from the case of DNS Round-robin, quite often an hostname (for
example, a server hostname) is DNS-mapped to a static IP address, but
over the time (several months or years) that IP address might change,
even though it's still statically mapped.
In that case, if a client behind an iptables packet filter does not use
hostname-based rules, it won't be able to connect to that server
anymore.
So, there are cases where hostname-based rules give an advantage.
sorry, but hostanme based access lists are even on a webserver a bad
idea and on a packet filter it's unacceptable
if a host changes it's IP rules have to be adjusted - it's as simple as
that for the past 20 years in networking and will continue so the next
20 years
------------
and frankly if a service partner can't assign a static IP it's the wrong
partner to begin with - we are talking about security
either you have a static ip or there is a vpn-tunnel with certificates
done within seconds with wireguard - the dynamic host is the one to
build up the tunnel, case closed