From eb6ae5e186e9b4d050f3825296c6a658c0eecff1 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 5 Oct 2016 16:56:29 -0700
Subject: [PATCH] Correct handling of DYNAMIC_BLACKLIST options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli             | 3 +++
 Shorewall/Perl/Shorewall/Chains.pm | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 312ca3336..b7cffb71d 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -3813,6 +3813,9 @@ setup_dbl() {
 
 	    [ -n "$g_disconnect" ] && g_disconnect=src-dst
 	    ;;
+    esac
+
+    case $DYNAMIC_BLACKLIST in
 	ipset*,timeout*)
 	    #
 	    # This utility doesn't need to know about 'timeout=nnn'
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index ecbe52f4c..142812542 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -8506,7 +8506,7 @@ sub create_load_ipsets() {
 		emit( '        #',
 		      '        # Update the dynamic blacklisting ipset timeout value',
 		      '        #',
-		      qq(        awk '/create $set/      { sub( /timeout [0-9]+/, \"timeout $globals{DBL_TIMEOUT}\" ) }; {print};' \${VARDIR}/ipsets.save > \${VARDIR}/ipsets.temp),
+		      qq(        awk '/create $set/      { sub( /timeout [0-9]+/, "timeout $globals{DBL_TIMEOUT}" ) }; {print};' \${VARDIR}/ipsets.save > \${VARDIR}/ipsets.temp),
 		      '        zap_ipsets',
 		      '        $IPSET restore < ${VARDIR}/ipsets.temp',
 		      '    fi' );