Correct handling of DYNAMIC_BLACKLIST options

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.cli

@@ -3813,6 +3813,9 @@ setup_dbl() {
 
 	    [ -n "$g_disconnect" ] && g_disconnect=src-dst
 	    ;;
+    esac
+
+    case $DYNAMIC_BLACKLIST in
 	ipset*,timeout*)
 	    #
 	    # This utility doesn't need to know about 'timeout=nnn'

Shorewall/Perl/Shorewall/Chains.pm

@@ -8506,7 +8506,7 @@ sub create_load_ipsets() {
 		emit( '        #',
 		      '        # Update the dynamic blacklisting ipset timeout value',
 		      '        #',
-		      qq(        awk '/create $set/      { sub( /timeout [0-9]+/, \"timeout $globals{DBL_TIMEOUT}\" ) }; {print};' \${VARDIR}/ipsets.save > \${VARDIR}/ipsets.temp),
+		      qq(        awk '/create $set/      { sub( /timeout [0-9]+/, "timeout $globals{DBL_TIMEOUT}" ) }; {print};' \${VARDIR}/ipsets.save > \${VARDIR}/ipsets.temp),
 		      '        zap_ipsets',
 		      '        $IPSET restore < ${VARDIR}/ipsets.temp',
 		      '    fi' );