Bootstrap FreeKB - SELinux - Ports (semanage)
SELinux - Ports (semanage)
Updated:   |  SELinux articles

By default, SELinux is configured to allow certain booleans access to certain ports. The semanage command can be used to list and add or remove ports. For example, the http_port_t boolean for web servers allows the following ports.

~]# semanage port -l | grep ^http_port_t
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

 

Similarly, SELinux is configured to allow web servers to use the following ports for cache.

~]# semanage port -l | grep ^http_cache_port_t
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130

 

The following command can be used to configure SELinux to allow your web server to use port 18080.

semanage port -a -t http_port_t -p tcp 18080

 

You should now see that port 18080 is allowed.

~]# semanage port -l | grep -w http_port_t
http_port_t                    tcp      18080, 80, 81, 443, 488, 8008, 8009, 8443, 9000

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter b45c3a in the box below so that we can be sure you are a human.