Hi, On Wed, Mar 12, 2025 at 12:49:20PM +0100, Guido Trentalancia wrote: > Hello Pablo this is off-list. > > By the way, there is a patch that seems to be stuck on the basis of the > fact that an existing feature such as hostname-based iptables rules are > presumably unsafe. > > I am referring to the following patch: > > https://lore.kernel.org/netfilter-devel/1741369231.5380.37.camel@trenta > lancia.com/T/#m5e68fc86c299f9d7d372813397253dcda1086170 > > The comments have just been looping on the assumption that hostname- > based filtering is unsafe and should not be used, while circumstances > might vary, the feature is not necessarily unsafe and in any case the > real problem of possible DNS failures, which might cause the dropping > of all rules (leaving the system in a truly unsafe state), is not being > addressed. > > I hope this helps. Thanks for your feedback. I agree with what has been said on this already on the mailing list, you should not rely on filter by name
