SELinux - Ports (semanage)
by
Jeremy Canfield |
Updated: July 03 2021
| SELinux articles
By default, SELinux is configured to allow certain booleans access to certain ports. The semanage command can be used to list and add or remove ports. For example, the http_port_t boolean for web servers allows the following ports.
~]# semanage port -l | grep ^http_port_t
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
Similarly, SELinux is configured to allow web servers to use the following ports for cache.
~]# semanage port -l | grep ^http_cache_port_t
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
The following command can be used to configure SELinux to allow your web server to use port 18080.
semanage port -a -t http_port_t -p tcp 18080
You should now see that port 18080 is allowed.
~]# semanage port -l | grep -w http_port_t
http_port_t tcp 18080, 80, 81, 443, 488, 8008, 8009, 8443, 9000
Did you find this article helpful?
If so, consider buying me a coffee over at