I added a rule to accept connections from 192.168.1.135/24, since my router is configured to hand out /24 addresses. Then, iptables -L -v showed that connections from 192.168.1.0/24 are accepted. When I change the rule to accept connections from .135/32 - or from .135 without specifying the subnet -, it not only works as intended, but it also resolves the hostname correctly.
Why?
unsolicited “why do you still use iptables” advice not welcome :D
Yes, exactly. The convention is to use the lowest address in the range (e.g. 192.168.1.0/24), since you’re allowing a range of addresses rather than a single one.
The reason to do this is that many firewall rules will be based on sets of addresses - you might want to allow traffic from any device in your local network without having to add individual rules for each
Tomorrow, at work, I’m gonna brag about what I have learned here today, until my colleagues’ ears fall off.
Thanks again! :)