Medium: portblock: Feature: reset_tcp_on_unblock_stop

If for some reason the long lived server side TCP sessions won't be
cleaned up by a reconfiguration/flush/stop of whatever services this
portblock protects, they would linger in the connection table, even
after the IP is gone and services have been switched over to an other node.

An example would be the default NFS kernel server.

These "known" connections may seriously confuse and delay a later switchback.

Enabling this option will cause this agent to try to get rid of these
connections by injecting a temporary iptables rule to TCP-reset outgoing
packets from the blocked ports, and additionally tickle them locally,
just before it starts to DROP incoming packets on "unblock stop".