We are using Firewall Builder 188.8.131.5299 on an Ubuntu 12.04 to generate/install firewalls on several Oracle Linux servers. Four of these servers is running in a cluster using Oracle Clusterware 184.108.40.206. The Oracle Linux is release 5.7.
When I push new rules to the four servers we often see that the keep-alive communication between the servers is interrupted and the cluster software then thinks that one or more of the servers is down and then moves the databases from the "dead" servers to the servers that the cluster sees as still alive.
I think the problems is caused by the drop commands being called in the reset_iptables_v4 function in the firewall scripts.
Is it somehow possible to prevent this function from being executed when installing new firewall rules?
Have you tried "iptables-restore" method of activation ? There is a checkbox in firewall settings dialog for that
I have tried using the iptables-restore method a couple of times now and so far the cluster hasn't complained about anything.
I'll be making a couple of changes again at the end of this week. I'll update this thread with the results.
But so far, I can only say thank you for your help. It was very annoying that we sometimes had to restart the entire cluster to get everything up and running again. But not this time :-)
Since the last time I wrote, I have installed new rules a couple of times and everything went fine every time.