Comment 14 for bug 490317

At the risk of courting contreversy, is the real "solution" not to only use IP addresses in firehol scripts and possibly better failsafe if the firewall does not load (although good look googling for the reason or remotely logging into your box to fix it with everything set to deny).

Using names means any resolution failure risks your firewall not starting up; the fact that DNS is apparently no longer resolving early enough in the boot process has simply exposed one cause.

The fact is that when using a domain name IPs are resolved at load time and will be unchanged for the lifetime of the firewall - so it doesn't do what most people would really want anyway.