I have the default '50-reject-www-data' rule enabled. I have to add some sites (for example wordpress.com) to this file to allow things to work correctly.
Recently I've found that I can't easily embed YouTube videos into WordPress posts. I'm pretty sure that this is because of the number of different IP addresses that 'www.youtube.com' can resolve to, whenever the firewall is reloaded all that gets put into the chain in the firewall is (I assume) the address that currently resolves as 'www.youtube.com'.
Has anyone come up with any strategies to get around this? I could just disable the www-data reject completely, but it seems to me like a good thing to have in place.