I have two servers, one acting as a standby and the other as active. From the standby pgpool constantly checking whether postgres is working on the other server. I am trying to simulate a situation where the pgpool's request to the active server times out, and trying to use iptables DROP for that.
According to what I have read, the DROP option silently drops packets without the source getting to know it and, it takes a long time to fail (for the source to know). I used the below entry in the iptables of the active server:
iptables -A INPUT -p tcp -s <standby server ip> \
-m state --state NEW,ESTABLISHED --dport 5432 -j DROP
By doing this, I could simulate a timeout but it times out too soon (not even a second).
Can anyone explain what does it mean by "take a long time to fail" in all the references? and whether there's any option that I can use to increase the time taken to fail.
I tested this again by using telnet instead of pgpool and it did wait for 60 seconds as expected. Turns out the issue is in pgpool itself but not in iptables. I am providing this as the answer for anyone who would come across this. Thanks all for the answers