I added a rule to accept connections from 192.168.1.135/24, since my router is configured to hand out /24 addresses. Then, iptables -L -v showed that connections from 192.168.1.0/24 are accepted. When I change the rule to accept connections from .135/32 - or from .135 without specifying the subnet -, it not only works as intended, but it also resolves the hostname correctly.
Why?
unsolicited “why do you still use iptables” advice not welcome :D
Thank you very much! :)
Interesting why
iptablesbehaves like that though. Because, if I understand it correctly, specifying any address between 192.168.1.[0…255]/24 will result in all addresses in that range to be accepted? So, the only way to actually single out one host is to use the mask /32…?Yes, exactly. The convention is to use the lowest address in the range (e.g. 192.168.1.0/24), since you’re allowing a range of addresses rather than a single one.
The reason to do this is that many firewall rules will be based on sets of addresses - you might want to allow traffic from any device in your local network without having to add individual rules for each
Tomorrow, at work, I’m gonna brag about what I have learned here today, until my colleagues’ ears fall off.
Thanks again! :)