Man Linux: Main Page and Category List

NAME

       ocf_heartbeat_portblock - Block and unblocks access to TCP and UDP
       ports

SYNOPSIS

       portblock [start | stop | status | monitor | meta-data | validate-all]

DESCRIPTION

       Resource script for portblock. It is used to temporarily block ports
       using iptables. In addition, it may allow for faster TCP reconnects for
       clients on failover. Use that if there are long lived TCP connections
       to an HA service. This feature is enabled by setting the tickle_dir
       parameter and only in concert with action set to unblock. Note that the
       tickle ACK function is new as of version 3.0.2 and hasn't yet seen
       widespread use.

SUPPORTED PARAMETERS

       protocol
           The protocol used to be blocked/unblocked. (required, string, no
           default)

       portno
           The port number used to be blocked/unblocked. (required, integer,
           no default)

       action
           The action (block/unblock) to be done on the protocol::portno.
           (required, string, no default)

       ip
           The IP address used to be blocked/unblocked. (optional, string,
           default 0.0.0.0/0)

       tickle_dir
           The shared or local directory (_must_ be absolute path) which
           stores the established TCP connections. (optional, string, no
           default)

       sync_script
           If the tickle_dir is a local directory, then the TCP connection
           state file has to be replicated to other nodes in the cluster. It
           can be csync2 (default), some wrapper of rsync, or whatever. It
           takes the file name as a single argument. For csync2, set it to
           "csync2 -xv". (optional, string, no default)

SUPPORTED ACTIONS

       This resource agent supports the following actions (operations):

       start
           Starts the resource. Suggested minimum timeout: 20.

       stop
           Stops the resource. Suggested minimum timeout: 20.

       status
           Performs a status check. Suggested minimum timeout: 10. Suggested
           interval: 10.

       monitor
           Performs a detailed status check. Suggested minimum timeout: 10.
           Suggested interval: 10.

       meta-data
           Retrieves resource agent metadata (internal use only). Suggested
           minimum timeout: 5.

       validate-all
           Performs a validation of the resource configuration. Suggested
           minimum timeout: 5.

EXAMPLE

       The following is an example configuration for a portblock resource
       using the crm(8) shell:

           primitive example_portblock ocf:heartbeat:portblock \
             params \
               protocol=string \
               portno=integer \
               action=string \
             op monitor depth="0" timeout="10" interval="10"

SEE ALSO

       http://www.linux-ha.org/wiki/portblock_(resource_agent)

AUTHOR

       Linux-HA contributors (see the resource agent source for information
       about individual authors)