I added a rule to accept connections from 192.168.1.135/24, since my router is configured to hand out /24 addresses. Then, iptables -L -v showed that connections from 192.168.1.0/24 are accepted. When I change the rule to accept connections from .135/32 - or from .135 without specifying the subnet -, it not only works as intended, but it also resolves the hostname correctly.
Why?
unsolicited “why do you still use iptables” advice not welcome :D
They’re not “/24 addresses”, it’s a mask.
/32 references one specific host, it is a mask of all 1s.
/24 references 254 hosts, it is a mask of 75% 1s and 25% 0s.
https://www.geeksforgeeks.org/computer-networks/role-of-subnet-mask/
^ The illustrations here explain it way better than many words can.