Man page - semanage-port(8)

Packages contains this manual

Package:  policycoreutils-python-utils
apt-get install policycoreutils-python-utils

Manuals in package:
• semanage-boolean(8)
• semanage-module(8)
• semanage-ibpkey(8)
• semanage(8)
• semanage-export(8)
• semanage-dontaudit(8)
• audit2allow(1)
• semanage-import(8)
• audit2why(1)
• semanage-ibendport(8)
• semanage-login(8)
• semanage-interface(8)
• chcat(8)
• semanage-node(8)
• semanage-port(8)
• semanage-fcontext(8)
• semanage-user(8)
• semanage-permissive(8)
Documentations in package:
• policycoreutils-python-utils

Manual

semanage-port

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLE
SEE ALSO
AUTHOR

---

NAME

semanage-port - SELinux Policy Management port mapping tool

SYNOPSIS

semanage port [-h] [-n] [-N] [-S STORE] [ --add -t TYPE -p PROTOCOL -r RANGE port_name | port_range | --delete -p PROTOCOL port_name | port_range | --deleteall | --extract | --list [-C] | --modify -t TYPE -p PROTOCOL -r RANGE port_name | port_range ]

DESCRIPTION

semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage port controls the port number to port type definitions.

The

port_range is 2 numbers separated by a hyphen. To enter more than one port or range of ports you need to run this command multiple times.

OPTIONS

-h, --help

Show this help message and exit

-n, --noheading

Do not print heading when listing the specified object type

-N, --noreload

Do not reload policy after commit

-S STORE, --store STORE

Select an alternate SELinux Policy Store to manage

-C, --locallist

List local customizations

-a, --add

Add a record of the specified object type

-d, --delete

Delete a record of the specified object type

-m, --modify

Modify a record of the specified object type

-l, --list

List records of the specified object type

-E, --extract

Extract customizable commands, for use within a transaction

-D, --deleteall

Remove all local customizations

-t TYPE, --type TYPE

SELinux type for the object

-r RANGE, --range RANGE

MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.

-p PROTO, --proto PROTO

Protocol for the specified port (tcp|udp|dccp|sctp) or internet protocol version for the specified node (ipv4|ipv6).

EXAMPLE

List all port definitions
# semanage port -l
Allow Apache to listen on tcp port 81 (i.e. assign tcp port 81 label http_port_t, which apache is allowed to listen on)
# semanage port -a -t http_port_t -p tcp 81
Allow sshd to listen on tcp port 8991 (i.e. assign tcp port 8991 label ssh_port_t, which sshd is allowed to listen on)
# semanage port -a -t ssh_port_t -p tcp 8991

SEE ALSO

selinux (8), semanage (8)

AUTHOR

This man page was written by Daniel Walsh <dwalsh@redhat.com>

---