ipsets: permit default timeout of 0

Allow ipsets to be created with a default timeout of 0.  This permits
timed entries to be added if required even though the default is 0
(indefinite)

Prior to this change a default timeout value of 0 would create a set without
timeout support.

Fixes: FS#3977
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

diff --git a/ipsets.c b/ipsets.c
index ba31e645a8618a3ffaf481ac87d2daf9c5ad4b2a..e7cde16e930a438c8850a79b51b0e0cac65171bf 100644 (file)
--- a/ipsets.c
+++ b/ipsets.c
@@ -266,6 +266,7 @@ fw3_alloc_ipset(struct fw3_state *state)
        ipset->enabled    = true;
        ipset->family     = FW3_FAMILY_V4;
        ipset->reload_set = false;
+       ipset->timeout    = -1; /* no timeout by default */
 
        list_add_tail(&ipset->list, &state->ipsets);
 
@@ -395,7 +396,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
                       ipset->portrange.port_min, ipset->portrange.port_max);
        }
 
-       if (ipset->timeout > 0)
+       if (ipset->timeout >= 0)
                fw3_pr(" timeout %u", ipset->timeout);
 
        if (ipset->maxelem > 0)