'\" t .\" Title: ocf_heartbeat_portblock .\" Author: Linux-HA contributors (see the resource agent source for information about individual authors) .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 02/21/2014 .\" Manual: OCF resource agents .\" Source: resource-agents UNKNOWN .\" Language: English .\" .TH "OCF_HEARTBEAT_PORTBL" "7" "02/21/2014" "resource-agents UNKNOWN" "OCF resource agents" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ocf_heartbeat_portblock \- Block and unblocks access to TCP and UDP ports .SH "SYNOPSIS" .HP \w'\fBportblock\fR\ 'u \fBportblock\fR [start | stop | status | monitor | meta\-data | validate\-all] .SH "DESCRIPTION" .PP Resource script for portblock\&. It is used to temporarily block ports using iptables\&. In addition, it may allow for faster TCP reconnects for clients on failover\&. Use that if there are long lived TCP connections to an HA service\&. This feature is enabled by setting the tickle_dir parameter and only in concert with action set to unblock\&. Note that the tickle ACK function is new as of version 3\&.0\&.2 and hasn\*(Aqt yet seen widespread use\&. .SH "SUPPORTED PARAMETERS" .PP \fBprotocol\fR .RS 4 The protocol used to be blocked/unblocked\&. .sp (required, string, no default) .RE .PP \fBportno\fR .RS 4 The port number used to be blocked/unblocked\&. .sp (required, integer, no default) .RE .PP \fBaction\fR .RS 4 The action (block/unblock) to be done on the protocol::portno\&. .sp (required, string, no default) .RE .PP \fBip\fR .RS 4 The IP address used to be blocked/unblocked\&. .sp (optional, string, default "0\&.0\&.0\&.0/0") .RE .PP \fBtickle_dir\fR .RS 4 The shared or local directory (_must_ be absolute path) which stores the established TCP connections\&. .sp (optional, string, no default) .RE .PP \fBsync_script\fR .RS 4 If the tickle_dir is a local directory, then the TCP connection state file has to be replicated to other nodes in the cluster\&. It can be csync2 (default), some wrapper of rsync, or whatever\&. It takes the file name as a single argument\&. For csync2, set it to "csync2 \-xv"\&. .sp (optional, string, no default) .RE .SH "SUPPORTED ACTIONS" .PP This resource agent supports the following actions (operations): .PP \fBstart\fR .RS 4 Starts the resource\&. Suggested minimum timeout: 20\&. .RE .PP \fBstop\fR .RS 4 Stops the resource\&. Suggested minimum timeout: 20\&. .RE .PP \fBstatus\fR .RS 4 Performs a status check\&. Suggested minimum timeout: 10\&. Suggested interval: 10\&. .RE .PP \fBmonitor\fR .RS 4 Performs a detailed status check\&. Suggested minimum timeout: 10\&. Suggested interval: 10\&. .RE .PP \fBmeta\-data\fR .RS 4 Retrieves resource agent metadata (internal use only)\&. Suggested minimum timeout: 5\&. .RE .PP \fBvalidate\-all\fR .RS 4 Performs a validation of the resource configuration\&. Suggested minimum timeout: 5\&. .RE .SH "EXAMPLE" .PP The following is an example configuration for a portblock resource using the \fBcrm\fR(8) shell: .sp .if n \{\ .RS 4 .\} .nf primitive p_portblock ocf:heartbeat:portblock \e params \e protocol=\fIstring\fR \e portno=\fIinteger\fR \e action=\fIstring\fR \e op monitor depth="0" timeout="10" interval="10" .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \m[blue]\fB\%http://www.linux-ha.org/wiki/portblock_(resource_agent)\fR\m[] .SH "AUTHOR" .PP \fBLinux\-HA contributors (see the resource agent source for information about individual authors)\fR