fw3: permit default timeout of 0

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

diff --git a/package/network/config/firewall/patches/0002-ipsets-permit-default-timeout-of-0.patch b/package/network/config/firewall/patches/0002-ipsets-permit-default-timeout-of-0.patch
new file mode 100644 (file)
index 0000000..d99dcce
--- /dev/null
+++ b/package/network/config/firewall/patches/0002-ipsets-permit-default-timeout-of-0.patch
@@ -0,0 +1,43 @@
+From 9c221f305f107f3d50a661b8da2f32f3140d1224 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+Date: Sat, 14 Aug 2021 06:54:13 +0100
+Subject: [PATCH 2/2] ipsets: permit default timeout of 0
+
+Allow ipsets to be created with timeout facility but with a default
+timeout of 0.  This permits timed entries to be added if required even
+though the default is 0 (indefinite)
+
+Previously a default timeout value of 0 would create a set without
+timeout support.
+
+Fixes: FS#3977
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ ipsets.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ipsets.c b/ipsets.c
+index ba31e64..e7cde16 100644
+--- a/ipsets.c
++++ b/ipsets.c
+@@ -266,6 +266,7 @@ fw3_alloc_ipset(struct fw3_state *state)
+       ipset->enabled    = true;
+       ipset->family     = FW3_FAMILY_V4;
+       ipset->reload_set = false;
++      ipset->timeout    = -1; /* no timeout by default */
+ 
+       list_add_tail(&ipset->list, &state->ipsets);
+ 
+@@ -395,7 +396,7 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
+                      ipset->portrange.port_min, ipset->portrange.port_max);
+       }
+ 
+-      if (ipset->timeout > 0)
++      if (ipset->timeout >= 0)
+               fw3_pr(" timeout %u", ipset->timeout);
+ 
+       if (ipset->maxelem > 0)
+-- 
+2.30.1 (Apple Git-130)
+