Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
151152153154155156157158159160
HP-UX IPFilter and Serviceguard
Using HP-UX IPFilter with Serviceguard
Chapter 10 141
The classes of mandatory rules cover:
Intra-Cluster Communication
Quorum Server
Remote Command Execution
Cluster Object Manager
Serviceguard Manager
The following services should not be blocked:
hacl-qs 1238/tcp # High Availability (HA) Quorum Server
clvm-cfg 1476/tcp # HA LVM configuration
hacl-hb 5300/tcp # High Availability (HA) Cluster heartbeat
hacl-hb 5300/udp # High Availability (HA) Cluster heartbeat
hacl-gs 5301/tcp # HA Cluster General Services
hacl-cfg 5302/tcp # HA Cluster TCP configuration
hacl-cfg 5302/udp # HA Cluster UDP configuration
hacl-probe 5303/tcp # HA Cluster TCP probe
hacl-probe 5303/udp # HA Cluster UDP probe
hacl-local 5304/tcp # HA Cluster commands
hacl-test 5305/tcp # HA Cluster test
hacl-dlm 5408/tcp # HA Cluster distributed lock manager
NOTE This list of HA services is not exhaustive. In addition, Serviceguard also
uses dynamic ports (typically in the 49152–65535 range) for some cluster
services. If you have adjusted the dynamic port range using kernel
tunable parameters, alter your rules accordingly.
This list does not include all HA applications (such as Continental
Cluster). New HA applications might be developed that use port
numbers different from those previously listed. You must add new rules
as appropriate to ensure that all HA applications run properly. The
current list of ports used by Serviceguard are documented in the
Serviceguard Release Notes.
Intra-Cluster Communication To ensure proper operation of your
Serviceguard cluster, each of the configured Serviceguard heartbeat
subnets must allow intra-cluster communication. The following rules
must be applied to each subnet.