ocf:portblock — Block and unblocks access to TCP and UDP ports
[OCF_RESKEY_protocol=string] [OCF_RESKEY_portno=integer] [OCF_RESKEY_action=string] [OCF_RESKEY_ip=string] [OCF_RESKEY_tickle_dir=string] [OCF_RESKEY_sync_script=string] portblock [start | stop | status | monitor | meta-data | validate-all]
Resource script for portblock. It is used to temporarily block ports using iptables. In addition, it may allow for faster TCP reconnects for clients on failover. Use that if there are long lived TCP connections to an HA service. This feature is enabled by setting the tickle_dir parameter and only in concert with action set to unblock. Note that the tickle ACK function is new as of version 3.0.2 and hasn't yet seen widespread use.
The protocol used to be blocked/unblocked.
The port number used to be blocked/unblocked.
The action (block/unblock) to be done on the protocol::portno.
The IP address used to be blocked/unblocked.
The shared or local directory (_must_ be absolute path) which stores the established TCP connections.
If the tickle_dir is a local directory, then the TCP connection state file has to be replicated to other nodes in the cluster. It can be csync2 (default), some wrapper of rsync, or whatever. It takes the file name as a single argument. For csync2, set it to "csync2 -xv".