You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I define a timeout of 0 in a firewall config ipset rule, the ipset is created without timeout support. The fw3 code checks for "timeout > 0" and therefor ignores the timeout option while a timeout value of zero is actually valid for ipsets and stands for "indefinite".
expected:
making an ipset firewall rule with //option timeout 0// creates an ipset with timeout support.
device: all (tested on NanoPi R4S)
openwrt version: 21.02-rc4 (custom build), current trunk is also affected
example snippet from /etc/config/firewall
config ipset
option name 'ssh-access'
option match 'src_net'
option family 'ipv6'
option storage 'hash'
option timeout '0'
option loadfile '/etc/ipset/ssh-access.list'
config rule
option src 'wan'
option ipset 'ssh-access'
option dest_port '22'
option proto 'tcp'
option target 'ACCEPT'
option name 'Allow-External-SSH-ipset'
option family 'ipv6'
Current workaround:
set the timeout to any value > 0
append " timeout 0" to all entries in the file loaded by loadfile
The text was updated successfully, but these errors were encountered:
jorne-tremani:
When I define a timeout of 0 in a firewall config ipset rule, the ipset is created without timeout support. The fw3 code checks for "timeout > 0" and therefor ignores the timeout option while a timeout value of zero is actually valid for ipsets and stands for "indefinite".
expected:
making an ipset firewall rule with //option timeout 0// creates an ipset with timeout support.
device: all (tested on NanoPi R4S)
openwrt version: 21.02-rc4 (custom build), current trunk is also affected
example snippet from /etc/config/firewall
config ipset
option name 'ssh-access'
option match 'src_net'
option family 'ipv6'
option storage 'hash'
option timeout '0'
option loadfile '/etc/ipset/ssh-access.list'
config rule
option src 'wan'
option ipset 'ssh-access'
option dest_port '22'
option proto 'tcp'
option target 'ACCEPT'
option name 'Allow-External-SSH-ipset'
option family 'ipv6'
Current workaround:
The text was updated successfully, but these errors were encountered: