diff -up firewalld-0.3.9/doc/xml/firewall-cmd.xml.RHBZ#994044 firewalld-0.3.9/doc/xml/firewall-cmd.xml
--- firewalld-0.3.9/doc/xml/firewall-cmd.xml.RHBZ#994044	2014-09-29 23:03:25.059783798 +0200
+++ firewalld-0.3.9/doc/xml/firewall-cmd.xml	2014-09-29 23:04:31.637000024 +0200
@@ -340,10 +340,11 @@
 	</varlistentry>
 
 	<varlistentry>
-	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-service</option>=<replaceable>service</replaceable> <optional><option>--timeout</option>=<replaceable>seconds</replaceable></optional></term>
+	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-service</option>=<replaceable>service</replaceable> <optional><option>--timeout</option>=<replaceable>timeval</replaceable></optional></term>
 	  <listitem>
 	    <para>
-	      Add a service for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the amount of seconds and will be removed automatically afterwards.
+	      Add a service for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards.
+	      <replaceable>timeval</replaceable> is either a number (of seconds) or number followed by one of characters <literal>s</literal> (seconds), <literal>m</literal> (minutes), <literal>h</literal> (hours), for example <literal>20m</literal> or <literal>1h</literal>.
 	    </para>
 	    <para>
 	      The service is one of the firewalld provided services. To get a list of the supported services, use <command>firewall-cmd --get-services</command>.
@@ -384,10 +385,11 @@
 	</varlistentry>
 
 	<varlistentry>
-	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-port</option>=<replaceable>portid</replaceable><optional>-<replaceable>portid</replaceable></optional>/<replaceable>protocol</replaceable> <optional><option>--timeout</option>=<replaceable>seconds</replaceable></optional></term>
+	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-port</option>=<replaceable>portid</replaceable><optional>-<replaceable>portid</replaceable></optional>/<replaceable>protocol</replaceable> <optional><option>--timeout</option>=<replaceable>timeval</replaceable></optional></term>
 	  <listitem>
 	    <para>
-	      Add the port for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the amount of seconds and will be removed automatically afterwards.
+	      Add the port for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards.
+	      <replaceable>timeval</replaceable> is either a number (of seconds) or number followed by one of characters <literal>s</literal> (seconds), <literal>m</literal> (minutes), <literal>h</literal> (hours), for example <literal>20m</literal> or <literal>1h</literal>.
 	    </para>
 	    <para>
 	      The port can either be a single port number or a port range <replaceable>portid</replaceable>-<replaceable>portid</replaceable>. The protocol can either be <literal>tcp</literal> or <literal>udp</literal>.
@@ -428,10 +430,11 @@
 	</varlistentry>
 
 	<varlistentry>
-	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-icmp-block</option>=<replaceable>icmptype</replaceable> <optional><option>--timeout</option>=<replaceable>seconds</replaceable></optional></term>
+	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-icmp-block</option>=<replaceable>icmptype</replaceable> <optional><option>--timeout</option>=<replaceable>timeval</replaceable></optional></term>
 	  <listitem>
 	    <para>
-	      Add an ICMP block for <replaceable>icmptype</replaceable> for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the amount of seconds and will be removed automatically afterwards.
+	      Add an ICMP block for <replaceable>icmptype</replaceable> for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards.
+	      <replaceable>timeval</replaceable> is either a number (of seconds) or number followed by one of characters <literal>s</literal> (seconds), <literal>m</literal> (minutes), <literal>h</literal> (hours), for example <literal>20m</literal> or <literal>1h</literal>.
 	    </para>
 	    <para>
 	      The <replaceable>icmptype</replaceable> is the one of the icmp types firewalld supports. To get a listing of supported icmp types: <command>firewall-cmd --get-icmptypes</command>
@@ -475,10 +478,11 @@
 	</varlistentry>
 
 	<varlistentry>
-	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-forward-port</option>=port=<replaceable>portid</replaceable><optional>-<replaceable>portid</replaceable></optional>:proto=<replaceable>protocol</replaceable><optional>:toport=<replaceable>portid</replaceable><optional>-<replaceable>portid</replaceable></optional></optional><optional>:toaddr=<replaceable>address</replaceable><optional>/<replaceable>mask</replaceable></optional></optional> <optional><option>--timeout</option>=<replaceable>seconds</replaceable></optional></term>
+	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-forward-port</option>=port=<replaceable>portid</replaceable><optional>-<replaceable>portid</replaceable></optional>:proto=<replaceable>protocol</replaceable><optional>:toport=<replaceable>portid</replaceable><optional>-<replaceable>portid</replaceable></optional></optional><optional>:toaddr=<replaceable>address</replaceable><optional>/<replaceable>mask</replaceable></optional></optional> <optional><option>--timeout</option>=<replaceable>timeval</replaceable></optional></term>
 	  <listitem>
 	    <para>
-	      Add the <emphasis>IPv4</emphasis> forward port for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the amount of seconds and will be removed automatically afterwards.
+	      Add the <emphasis>IPv4</emphasis> forward port for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards.
+	      <replaceable>timeval</replaceable> is either a number (of seconds) or number followed by one of characters <literal>s</literal> (seconds), <literal>m</literal> (minutes), <literal>h</literal> (hours), for example <literal>20m</literal> or <literal>1h</literal>.
 	    </para>
 	    <para>
 	      The port can either be a single port number <replaceable>portid</replaceable> or a port range <replaceable>portid</replaceable>-<replaceable>portid</replaceable>. The protocol can either be <literal>tcp</literal> or <literal>udp</literal>. The destination address is a simple IP address.
@@ -519,10 +523,12 @@
 	<!-- add/remove/query masquerade -->
 
 	<varlistentry>
-	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-masquerade</option> <optional><option>--timeout</option>=<replaceable>seconds</replaceable></optional></term>
+	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-masquerade</option> <optional><option>--timeout</option>=<replaceable>timeval</replaceable></optional></term>
 	  <listitem>
 	    <para>
-	      Enable <emphasis>IPv4</emphasis> masquerade for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. If a timeout is supplied, masquerading will be active for the amount of seconds. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection.
+	      Enable <emphasis>IPv4</emphasis> masquerade for <replaceable>zone</replaceable>. If zone is omitted, default zone will be used. If a timeout is supplied, masquerading will be active for the specified amount of time.
+	      <replaceable>timeval</replaceable> is either a number (of seconds) or number followed by one of characters <literal>s</literal> (seconds), <literal>m</literal> (minutes), <literal>h</literal> (hours), for example <literal>20m</literal> or <literal>1h</literal>.
+	      Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection.
 	    </para>
 	    <para>
 	      The <option>--timeout</option> option is not combinable with the <option>--permanent</option> option.
@@ -569,10 +575,11 @@
 	</varlistentry>
 
 	<varlistentry>
-	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-rich-rule</option>='<replaceable>rule</replaceable>' <optional><option>--timeout</option>=<replaceable>seconds</replaceable></optional></term>
+	  <term><optional><option>--permanent</option></optional> <optional><option>--zone</option>=<replaceable>zone</replaceable></optional> <option>--add-rich-rule</option>='<replaceable>rule</replaceable>' <optional><option>--timeout</option>=<replaceable>timeval</replaceable></optional></term>
 	  <listitem>
 	    <para>
-	      Add rich language rule '<replaceable>rule</replaceable>' for <replaceable>zone</replaceable>. This option can be specified multiple times. If zone is omitted, default zone will be used. If a timeout is supplied, the <replaceable>rule</replaceable> will be active for the amount of seconds and will be removed automatically afterwards.
+	      Add rich language rule '<replaceable>rule</replaceable>' for <replaceable>zone</replaceable>. This option can be specified multiple times. If zone is omitted, default zone will be used. If a timeout is supplied, the <replaceable>rule</replaceable> will be active for the specified amount of time and will be removed automatically afterwards.
+	      <replaceable>timeval</replaceable> is either a number (of seconds) or number followed by one of characters <literal>s</literal> (seconds), <literal>m</literal> (minutes), <literal>h</literal> (hours), for example <literal>20m</literal> or <literal>1h</literal>.
 	    </para>
 	    <para>
 	      For the rich language rule syntax, please have a look at <citerefentry><refentrytitle>firewalld.richlanguage</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
diff -up firewalld-0.3.9/src/firewall-cmd.RHBZ#994044 firewalld-0.3.9/src/firewall-cmd
--- firewalld-0.3.9/src/firewall-cmd.RHBZ#994044	2014-09-29 23:03:25.063783811 +0200
+++ firewalld-0.3.9/src/firewall-cmd	2014-09-29 23:04:31.638000022 +0200
@@ -111,7 +111,8 @@ Service Options
 Options to Adapt and Query Zones
   --list-all           List everything added for or enabled in a zone [P] [Z]
   --list-services      List services added for a zone [P] [Z]
-  --timeout=<seconds>  Enable an option for seconds only
+  --timeout=<timeval>  Enable an option for timeval time, where timeval is
+                       a number followed by one of letters 's' or 'm' or 'h'
                        Usable for options maked with [T]
   --add-service=<service>
                        Add a service for a zone [P] [Z] [T]
@@ -425,7 +426,7 @@ parser_group_lockdown_whitelist.add_argu
 
 parser.add_argument("--permanent", action="store_true")
 parser.add_argument("--zone", default="", metavar="<zone>")
-parser.add_argument("--timeout", default=0, type=int, metavar="<seconds>")
+parser.add_argument("--timeout", default="0", metavar="<seconds>")
 
 parser_group_zone = parser.add_mutually_exclusive_group()
 parser_group_zone.add_argument("--add-interface", metavar="<iface>")
@@ -574,7 +575,7 @@ options_zone_adapt_query = \
 options_zone_ops = options_zone_interfaces_sources or \
                options_zone_action_action or options_zone_adapt_query
 
-options_zone = a.zone or a.timeout or options_zone_ops
+options_zone = a.zone or a.timeout != "0" or options_zone_ops
 
 options_permanent = a.permanent or options_config or a.zone or options_zone_ops
 
@@ -633,13 +634,48 @@ if options_config and options_zone:
     __fail(parser.format_usage() +
            "Wrong usage of --get-zones | --get-services | --get-icmptypes.")
 
+if a.timeout != "0":
+    value = 0
+    unit = 's'
+    if len(a.timeout) < 1:
+        __fail(parser.format_usage() +
+               "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout)
+    elif len(a.timeout) == 1:
+        if a.timeout.isdigit():
+            value = int (a.timeout[0])
+        else:
+            __fail(parser.format_usage() +
+               "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout)
+    elif len(a.timeout) > 1:
+        if a.timeout.isdigit():
+            value = int(a.timeout)
+            unit = 's'
+        else:
+            if a.timeout[:-1].isdigit():
+                value = int (a.timeout[:-1])
+            else:
+                __fail(parser.format_usage() +
+                   "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout)
+            unit = a.timeout[-1:].lower()
+    if unit == 's':
+        a.timeout = value
+    elif unit == 'm':
+        a.timeout = value * 60
+    elif unit == 'h':
+        a.timeout = value * 60 * 60
+    else:
+        __fail(parser.format_usage() +
+               "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout)
+else:
+    a.timeout = 0
+
 if a.timeout and not (a.add_service or a.add_port or a.add_icmp_block or \
-                          a.add_forward_port or a.add_masquerade or \
-                          a.add_rich_rule):
+                      a.add_forward_port or a.add_masquerade or \
+                      a.add_rich_rule):
     __fail(parser.format_usage() + "Wrong --timeout usage")
 
 if a.permanent:
-    if a.timeout != 0:
+    if a.timeout:
         __fail(parser.format_usage() +
                "Can't specify timeout for permanent action.")
     if options_config and not a.zone: