summaryrefslogtreecommitdiffstats
path: root/heartbeat/portblock
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-05 21:04:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-05 21:04:41 +0000
commita51106ed6932423c25c7d464ef5c2d609bd62924 (patch)
treeb40cd0bcb45e9d56ee030c434e79351cfe57e1b3 /heartbeat/portblock
parentAdding upstream version 1:4.13.0. (diff)
downloadresource-agents-a51106ed6932423c25c7d464ef5c2d609bd62924.tar.xz
resource-agents-a51106ed6932423c25c7d464ef5c2d609bd62924.zip
Adding upstream version 1:4.14.0.upstream/1%4.14.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-xheartbeat/portblock12
1 files changed, 9 insertions, 3 deletions
diff --git a/heartbeat/portblock b/heartbeat/portblock
index 06fcc19..e88ecc2 100755
--- a/heartbeat/portblock
+++ b/heartbeat/portblock
@@ -266,7 +266,14 @@ active_grep_pat()
local src=$3
local dst=$any
fi
- echo "^DROP${w}${1}${w}--${w}${src}${w}${dst}${w}multiport${w}${4}ports${w}${2}$"
+ # iptables 1.8.9 briefly broke the output format, returning the
+ # numeric protocol value instead of a string. Support both variants.
+ if [ "$1" = "tcp" ]; then
+ local prot="(tcp|6)"
+ else
+ local prot="(udp|17)"
+ fi
+ echo "^DROP${w}${prot}${w}--${w}${src}${w}${dst}${w}multiport${w}${4}ports${w}${2}$"
}
#chain_isactive {udp|tcp} portno,portno ip chain
@@ -274,7 +281,7 @@ chain_isactive()
{
[ "$4" = "OUTPUT" ] && ds="s" || ds="d"
PAT=$(active_grep_pat "$1" "$2" "$3" "$ds")
- $IPTABLES $wait -n -L "$4" | grep "$PAT" >/dev/null
+ $IPTABLES $wait -n -L "$4" | grep -qE "$PAT"
}
# netstat -tn and ss -Htn, split on whitespace and colon,
@@ -321,7 +328,6 @@ save_tcp_connections()
tickle_remote()
{
[ -z "$OCF_RESKEY_tickle_dir" ] && return
- echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
[ -r $f ] || return
$TICKLETCP -n 3 < $f