SELinux - Ports (semanage)

By default, SELinux is configured to allow certain booleans access to certain ports. The semanage command can be used to list and add or remove ports. For example, the http_port_t boolean for web servers allows the following ports.

~]# semanage port -l | grep ^http_port_t
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000


Similarly, SELinux is configured to allow web servers to use the following ports for cache.

~]# semanage port -l | grep ^http_cache_port_t
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130


The following command can be used to configure SELinux to allow your web server to use port 18080.

semanage port -a -t http_port_t -p tcp 18080


You should now see that port 18080 is allowed.

~]# semanage port -l | grep -w http_port_t
http_port_t                    tcp      18080, 80, 81, 443, 488, 8008, 8009, 8443, 9000


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 86e76 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |