Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OCF_HEARTBEAT_PORTBL(7)	      OCF resource agents      OCF_HEARTBEAT_PORTBL(7)

NAME
       ocf_heartbeat_portblock - Block and unblocks access to TCP and UDP
       ports

SYNOPSIS
       portblock [start	| stop | status	| monitor | meta-data |	validate-all]

DESCRIPTION
       Resource	script for portblock. It is used to temporarily	block ports
       using iptables. In addition, it may allow for faster TCP	reconnects for
       clients on failover. Use	that if	there are long lived TCP connections
       to an HA	service. This feature is enabled by setting the	tickle_dir
       parameter and only in concert with action set to	unblock. Note that the
       tickle ACK function is new as of	version	3.0.2 and hasn't yet seen
       widespread use.

SUPPORTED PARAMETERS
       protocol
	   The protocol	used to	be blocked/unblocked.

	   (required, string, no default)

       portno
	   The port number used	to be blocked/unblocked.

	   (required, string, no default)

       action
	   The action (block/unblock) to be done on the	protocol::portno.

	   (required, string, no default)

       reset_local_on_unblock_stop
	   If for some reason the long lived server side TCP sessions won't be
	   cleaned up by a reconfiguration/flush/stop of whatever services
	   this	portblock protects, they would linger in the connection	table,
	   even	after the IP is	gone and services have been switched over to
	   another node.

	   An example would be the default NFS kernel server.

	   These "known" connections may seriously confuse and delay a later
	   switchback.

	   Enabling this option	will cause this	agent to try to	get rid	of
	   these connections by	injecting a temporary iptables rule to
	   TCP-reset outgoing packets from the blocked ports, and additionally
	   tickle them locally,	just before it starts to DROP incoming packets
	   on "unblock stop".

	   (optional, boolean, default false)

       ip
	   The IP address used to be blocked/unblocked.

	   (optional, string, default "0.0.0.0/0")

       tickle_dir
	   The shared or local directory (_must_ be absolute path) which
	   stores the established TCP connections.

	   (optional, string, no default)

       sync_script
	   If the tickle_dir is	a local	directory, then	the TCP	connection
	   state file has to be	replicated to other nodes in the cluster. It
	   can be csync2 (default), some wrapper of rsync, or whatever.	It
	   takes the file name as a single argument. For csync2, set it	to
	   "csync2 -xv".

	   (optional, string, no default)

SUPPORTED ACTIONS
       This resource agent supports the	following actions (operations):

       start
	   Starts the resource.	Suggested minimum timeout: 20s.

       stop
	   Stops the resource. Suggested minimum timeout: 20s.

       status
	   Performs a status check. Suggested minimum timeout: 10s. Suggested
	   interval: 10s.

       monitor
	   Performs a detailed status check. Suggested minimum timeout:	10s.
	   Suggested interval: 10s.

       meta-data
	   Retrieves resource agent metadata (internal use only). Suggested
	   minimum timeout: 5s.

       validate-all
	   Performs a validation of the	resource configuration.	Suggested
	   minimum timeout: 5s.

EXAMPLE	CRM SHELL
       The following is	an example configuration for a portblock resource
       using the crm(8)	shell:

	   primitive p_portblock ocf:heartbeat:portblock \
	     params \
	       protocol=string \
	       portno=string \
	       action=string \
	     op	monitor	depth="0" timeout="10s"	interval="10s"

EXAMPLE	PCS
       The following is	an example configuration for a portblock resource
       using pcs(8)

	   pcs resource	create p_portblock ocf:heartbeat:portblock \
	     protocol=string \
	     portno=string \
	     action=string \
	     op	monitor	depth="0" timeout="10s"	interval="10s"

SEE ALSO
       http://clusterlabs.org/

AUTHOR
       ClusterLabs contributors	(see the resource agent	source for information
       about individual	authors)

resource-agents	4.6.1		  02/28/2021	       OCF_HEARTBEAT_PORTBL(7)

NAME | SYNOPSIS | DESCRIPTION | SUPPORTED PARAMETERS | SUPPORTED ACTIONS | EXAMPLE CRM SHELL | EXAMPLE PCS | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ocf_heartbeat_portblock&sektion=7&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help