Bootstrap FreeKB - SELinux - Ports (semanage)
SELinux - Ports (semanage)

Updated:   |  SELinux articles

By default, SELinux is configured to allow certain booleans access to certain ports. The semanage command can be used to list and add or remove ports. For example, the http_port_t boolean for web servers allows the following ports.

~]# semanage port -l | grep ^http_port_t
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000


Similarly, SELinux is configured to allow web servers to use the following ports for cache.

~]# semanage port -l | grep ^http_cache_port_t
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130


The following command can be used to configure SELinux to allow your web server to use port 18080.

semanage port -a -t http_port_t -p tcp 18080


You should now see that port 18080 is allowed.

~]# semanage port -l | grep -w http_port_t
http_port_t                    tcp      18080, 80, 81, 443, 488, 8008, 8009, 8443, 9000


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter 9582e3 in the box below so that we can be sure you are a human.