[soupbowl]

Certain Firewall rules don't work without stable IPs, DNS won't help with that.

[oneplane]

But a relatively normal firewall daemon supports variables and aliases and lookups etc. I suppose if you don't use address lists or address tags and no DNS and no DDNS then it would indeed be a problem.

[soupbowl]

I have played with multiple routers even commercial ones that do not support aliases or anything but static addresses. You are not wrong but what you suggest is far from the norm.

[bpye]

I was curious to see what the solutions are for some of these - Ruckus for example has Ansible modules [0] but they just SSH in and change the config.

[0] - https://github.com/commscope-ruckus/RUCKUS_ICX_Ansible

[throwaway2048]

DNS is generally looked up once, on ruleset initalization, there is no way a firewall is going to look up DNS every single time a rule is referenced. Since DNS here is changing constantly, this is unhelpful.