debian man page for ocf_heartbeat_portblock

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: ocf_heartbeat_portblock

OS: debian

Section: 7

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

OCF_HEARTBEAT_PORTBL(7) 					OCF resource agents					   OCF_HEARTBEAT_PORTBL(7)


NAME

       ocf_heartbeat_portblock - Block and unblocks access to TCP and UDP ports


SYNOPSIS

       portblock [start | stop | status | monitor | meta-data | validate-all]


DESCRIPTION

       Resource script for portblock. It is used to temporarily block ports using iptables. In addition, it may allow for faster TCP reconnects
       for clients on failover. Use that if there are long lived TCP connections to an HA service. This feature is enabled by setting the
       tickle_dir parameter and only in concert with action set to unblock. Note that the tickle ACK function is new as of version 3.0.2 and
       hasn't yet seen widespread use.


SUPPORTED PARAMETERS

       protocol
	   The protocol used to be blocked/unblocked.  (required, string, no default)

       portno
	   The port number used to be blocked/unblocked.  (required, integer, no default)

       action
	   The action (block/unblock) to be done on the protocol::portno.  (required, string, no default)

       ip
	   The IP address used to be blocked/unblocked.  (optional, string, default 0.0.0.0/0)

       tickle_dir
	   The shared or local directory (_must_ be absolute path) which stores the established TCP connections.  (optional, string, no default)

       sync_script
	   If the tickle_dir is a local directory, then the TCP connection state file has to be replicated to other nodes in the cluster. It can
	   be csync2 (default), some wrapper of rsync, or whatever. It takes the file name as a single argument. For csync2, set it to "csync2
	   -xv".  (optional, string, no default)


SUPPORTED ACTIONS

       This resource agent supports the following actions (operations):

       start
	   Starts the resource. Suggested minimum timeout: 20.

       stop
	   Stops the resource. Suggested minimum timeout: 20.

       status
	   Performs a status check. Suggested minimum timeout: 10. Suggested interval: 10.

       monitor
	   Performs a detailed status check. Suggested minimum timeout: 10. Suggested interval: 10.

       meta-data
	   Retrieves resource agent metadata (internal use only). Suggested minimum timeout: 5.

       validate-all
	   Performs a validation of the resource configuration. Suggested minimum timeout: 5.


EXAMPLE

       The following is an example configuration for a portblock resource using the crm(8) shell:

	   primitive p_portblock ocf:heartbeat:portblock 
	     params 
	       protocol=string 
	       portno=integer 
	       action=string 
	     op monitor depth="0" timeout="10" interval="10"


SEE ALSO

       http://www.linux-ha.org/wiki/portblock_(resource_agent)


AUTHOR

       Linux-HA contributors (see the resource agent source for information about individual authors)

resource-agents UNKNOWN 					    03/09/2014						   OCF_HEARTBEAT_PORTBL(7)
Related Man Pages
ocf_heartbeat_xinetd(7) - centos
ocf_heartbeat_lvm(7) - debian
ocf_heartbeat_raid1(7) - debian
ocf_heartbeat_xinetd(7) - suse
ocf_heartbeat_oralsnr(7) - suse
Similar Topics in the Unix Linux Community
Suggested MacPorts to Install
Block local and remote port with iptables - Script BASH