From: Kevin Darbyshire-Bryant Date: Sat, 14 Aug 2021 06:18:11 +0000 (+0100) Subject: fw3: permit default timeout of 0 X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fstaging%2Fldir.git;a=commitdiff_plain;h=c2035b35efbf20f0f87448d5c896f6bba2d09acf;hp=bf912bfbb4547497a03c3afdee8a6c7fcbced270 fw3: permit default timeout of 0 Signed-off-by: Kevin Darbyshire-Bryant --- diff --git a/package/network/config/firewall/patches/0002-ipsets-permit-default-timeout-of-0.patch b/package/network/config/firewall/patches/0002-ipsets-permit-default-timeout-of-0.patch new file mode 100644 index 0000000000..d99dccecec --- /dev/null +++ b/package/network/config/firewall/patches/0002-ipsets-permit-default-timeout-of-0.patch @@ -0,0 +1,43 @@ +From 9c221f305f107f3d50a661b8da2f32f3140d1224 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Sat, 14 Aug 2021 06:54:13 +0100 +Subject: [PATCH 2/2] ipsets: permit default timeout of 0 + +Allow ipsets to be created with timeout facility but with a default +timeout of 0. This permits timed entries to be added if required even +though the default is 0 (indefinite) + +Previously a default timeout value of 0 would create a set without +timeout support. + +Fixes: FS#3977 + +Signed-off-by: Kevin Darbyshire-Bryant +--- + ipsets.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ipsets.c b/ipsets.c +index ba31e64..e7cde16 100644 +--- a/ipsets.c ++++ b/ipsets.c +@@ -266,6 +266,7 @@ fw3_alloc_ipset(struct fw3_state *state) + ipset->enabled = true; + ipset->family = FW3_FAMILY_V4; + ipset->reload_set = false; ++ ipset->timeout = -1; /* no timeout by default */ + + list_add_tail(&ipset->list, &state->ipsets); + +@@ -395,7 +396,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state) + ipset->portrange.port_min, ipset->portrange.port_max); + } + +- if (ipset->timeout > 0) ++ if (ipset->timeout >= 0) + fw3_pr(" timeout %u", ipset->timeout); + + if (ipset->maxelem > 0) +-- +2.30.1 (Apple Git-130) +