Sorry to answer once again my own mail, but I found the answer so I think that might be of interest to other people.
I wasn't pleased not to undestand why my ldirectors got strange and I lost access to my web site when I added standard firewall rules, but with the default to DROP, so I did a few tests, and the problem was (at least) that when there should be a swap between them, the last one didn't stop...which means that it's for heartbeat that something special needs to be open, not for ldirector itself.
The answer is on the HA FAQ:
How to use Heartbeat with Ipchains firewall?
To make Heartbeat work with [WWW] Ipchains, you must accept incoming and outgoing traffic on 694 UDP port. Add something like:
/sbin/ipchains -A output -i ethN -p udp -s <source_IP> -d <dest_IP> -j ACCEPT
/sbin/ipchains -A input -i ethN -p udp -s <source_IP> -d <dest_IP> -j ACCEPT
having added those rules on my ldirectors, everything works fine...