From eba81400a86f08e0d9c7ac7d5a1dd1696e87aadc Mon Sep 17 00:00:00 2001
From: Samuel Bouchet <contact@samuel-bouchet.fr>
Date: Fri, 17 Apr 2026 21:13:06 +0200
Subject: [PATCH] Skip unresolvable domains in firewall allowlist instead of
 aborting

If DNS resolution transiently fails for one domain, the whole postStart
hook used to exit 1 and leave the container without a firewall. Warn and
continue so the remaining rules still get installed.
---
 .devcontainer/init-firewall.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.devcontainer/init-firewall.sh b/.devcontainer/init-firewall.sh
index 49b2726..95f8cc4 100644
--- a/.devcontainer/init-firewall.sh
+++ b/.devcontainer/init-firewall.sh
@@ -74,8 +74,8 @@ for domain in \
     echo "Resolving $domain..."
     ips=$(dig +noall +answer A "$domain" | awk '$4 == "A" {print $5}')
     if [ -z "$ips" ]; then
-        echo "ERROR: Failed to resolve $domain"
-        exit 1
+        echo "WARN: Failed to resolve $domain - skipping"
+        continue
     fi
 
     while read -r ip; do