--- /dev/null
+From 9c221f305f107f3d50a661b8da2f32f3140d1224 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+Date: Sat, 14 Aug 2021 06:54:13 +0100
+Subject: [PATCH 2/2] ipsets: permit default timeout of 0
+
+Allow ipsets to be created with timeout facility but with a default
+timeout of 0. This permits timed entries to be added if required even
+though the default is 0 (indefinite)
+
+Previously a default timeout value of 0 would create a set without
+timeout support.
+
+Fixes: FS#3977
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ ipsets.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ipsets.c b/ipsets.c
+index ba31e64..e7cde16 100644
+--- a/ipsets.c
++++ b/ipsets.c
+@@ -266,6 +266,7 @@ fw3_alloc_ipset(struct fw3_state *state)
+ ipset->enabled = true;
+ ipset->family = FW3_FAMILY_V4;
+ ipset->reload_set = false;
++ ipset->timeout = -1; /* no timeout by default */
+
+ list_add_tail(&ipset->list, &state->ipsets);
+
+@@ -395,7 +396,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
+ ipset->portrange.port_min, ipset->portrange.port_max);
+ }
+
+- if (ipset->timeout > 0)
++ if (ipset->timeout >= 0)
+ fw3_pr(" timeout %u", ipset->timeout);
+
+ if (ipset->maxelem > 0)
+--
+2.30.1 (Apple Git-130)
+