When not using UTC time, firewall rules using `time [starttime | stoptime]` is not parsed correctly.
Steps to reproduce error:
- Define time-zone != from UTC
- Choose a value `time [starttime | stoptime]`, where in local time-zone is valir, but in UTC would be bigger than 24
- Commit
Example:
- Time-zone: Argentina, which is UTC - 3
- Value for `time [starttime | stoptime]`: any value starting from 21:00:00 ==> That would lead to time bigger than 24 (next day and actually would be 00, in UTC).
```
### Configuration
vyos@vyos:~$ show config comm | grep firewall
set firewall ipv4 input filter rule 1 action 'accept'
set firewall ipv4 input filter rule 1 description 'Good'
set firewall ipv4 input filter rule 1 time starttime '00:00:00'
set firewall ipv4 input filter rule 1 time stoptime '15:00:25'
set firewall ipv4 input filter rule 2 action 'accept'
set firewall ipv4 input filter rule 2 description 'Good, using latest value accepted'
set firewall ipv4 input filter rule 2 time starttime '17:00:01'
set firewall ipv4 input filter rule 2 time stoptime '20:59:59'
set firewall ipv4 input filter rule 3 action 'accept'
set firewall ipv4 input filter rule 3 description 'StopTime 23 plus utc 3 >> than 24. not ok'
set firewall ipv4 input filter rule 3 time starttime '06:00:00'
set firewall ipv4 input filter rule 3 time stoptime '23:00:00'
set firewall ipv4 input filter rule 4 action 'accept'
set firewall ipv4 input filter rule 4 description 'Both time would be bigger than 24 in UTC.. Not OK'
set firewall ipv4 input filter rule 4 time starttime '21:00:00'
set firewall ipv4 input filter rule 4 time stoptime '23:30:00'
vyos@vyos:~$
```
Rules are parsed correctly:
```
vyos@vyos:~$ cat /run/nftables.conf
...
chain VYOS_INPUT_filter {
type filter hook input priority filter; policy accept;
hour >= "00:00:00" hour < "15:00:25" counter accept comment "ipv4-INP-filter-1"
hour >= "17:00:01" hour < "20:59:59" counter accept comment "ipv4-INP-filter-2"
hour >= "06:00:00" hour < "23:00:00" counter accept comment "ipv4-INP-filter-3"
hour >= "21:00:00" hour < "23:30:00" counter accept comment "ipv4-INP-filter-4"
counter accept comment "INP-filter default-action accept"
}
```
And finally, wrong values that are written in nftables:
```
vyos@vyos:~$ sudo nft -s list chain vyos_filter VYOS_INPUT_filter
table ip vyos_filter {
chain VYOS_INPUT_filter {
type filter hook input priority filter; policy accept;
meta hour >= "00:00" meta hour < "15:00:25" counter accept comment "ipv4-INP-filter-1"
meta hour >= "17:00:01" meta hour < "20:59:59" counter accept comment "ipv4-INP-filter-2"
meta hour >= "06:00" meta hour < "1193045:28:16" counter accept comment "ipv4-INP-filter-3"
meta hour >= "1193043:28:16" meta hour < "1193045:58:16" counter accept comment "ipv4-INP-filter-4"
counter accept comment "INP-filter default-action accept"
}
}
vyos@vyos:~$
```