I added a rule to accept connections from 192.168.1.135/24, since my router is configured to hand out /24 addresses. Then, iptables -L -v showed that connections from 192.168.1.0/24 are accepted. When I change the rule to accept connections from .135/32 - or from .135 without specifying the subnet -, it not only works as intended, but it also resolves the hostname correctly.
Why?
unsolicited “why do you still use iptables” advice not welcome :D
Your masks are backward.
Ones on the left, zeroes on the right.
The mask is binary AND’d with the IP, leaving the leftmost octets alone.