[Pacemaker] iptables cluster
    Florian Crouzat 
    gentoo at floriancrouzat.net
       
    Mon Feb 13 10:11:05 UTC 2012
    
    
  
Le 13/02/2012 10:21, Karlis Kisis a écrit :
> Question #2:
> The whole clustering thingy works by stopping the service on one node
> and starting it on the other. In my case, I would not want iptables to
> be stopped but instead restarted with a "passive" config, like block
> all traffic from outside (instead of dropping firewall entirely). How
> would I go about it? Custom scripts?
Yes
In fact, I have such a setup, I created a LSB compliant initscript for 
iptables (/etc/init.d/firewall) and added a lsb:firewall resource.
  /etc/init.d/firewall start(): /usr/local/firewall/firewall.sh
  /etc/init.d/firewall stop(): /usr/local/firewall/firewall-passive.sh
As for the status() function, you'd have to decide a way to know in 
which state you are.
-- 
Cheers,
Florian Crouzat
    
    
More information about the Pacemaker
mailing list