[Pacemaker] iptables cluster
Florian Crouzat
gentoo at floriancrouzat.net
Mon Feb 13 10:11:05 UTC 2012
Le 13/02/2012 10:21, Karlis Kisis a écrit :
> Question #2:
> The whole clustering thingy works by stopping the service on one node
> and starting it on the other. In my case, I would not want iptables to
> be stopped but instead restarted with a "passive" config, like block
> all traffic from outside (instead of dropping firewall entirely). How
> would I go about it? Custom scripts?
Yes
In fact, I have such a setup, I created a LSB compliant initscript for
iptables (/etc/init.d/firewall) and added a lsb:firewall resource.
/etc/init.d/firewall start(): /usr/local/firewall/firewall.sh
/etc/init.d/firewall stop(): /usr/local/firewall/firewall-passive.sh
As for the status() function, you'd have to decide a way to know in
which state you are.
--
Cheers,
Florian Crouzat
More information about the Pacemaker
mailing list