semanage Allow and Delete ports in CentOS

The commands are for CentOS, but should work on Fedora and RedHat.

If semanage is not installed refer to here.

You would typically use this along with the systems firewall to allow a port through.  Guide for firewalld and iptables.  If you change it in the firewall and fail to add/edit it in semanage you can potentially get weird behavior like sshd not wanting to start after changing the port.

Add port

semanage port -a -t ssh_port_t tcp 2222

The above command allows the sshd service to start, using port 2222.

List allowed ports

semanage port -l

You can use grep to filter the results

Example:

[admin@localhost ~]# semanage port -l | grep ssh
ssh_port_t tcp 2222, 22
[admin@localhost ~]#

Delete port

semanage port -d -p tcp 2222

Other examples

Allow SNMP

semanage port -a -t snmp_port_t tcp 2222

 

Allow KDE Connect through firewall

Firewalld

sudo firewall-cmd --zone=public --permanent --add-port=1714-1764/tcp
sudo firewall-cmd --zone=public --permanent --add-port=1714-1764/udp
sudo systemctl restart firewalld.service

UFW firewall

sudo ufw allow 1714:1764/udp
sudo ufw allow 1714:1764/tcp
sudo ufw reload

More information https://community.kde.org/KDEConnect

Setting up SNMP V3 on CentOS

Install SNMP.

yum install net-snmp net-snmp-utils

Configure the SNMP V3 user by running the following command and then following the prompts it gives you.

net-snmp-create-v3-user

Example: The username is “snmpadmin” and the password is”r123456″

[root@localhost ~]# net-snmp-create-v3-user
Enter a SNMPv3 user name to create:
snmpadmin
Enter authentication pass-phrase:
r123456
Enter encryption pass-phrase:
  [press return to reuse the authentication pass-phrase]

adding the following line to /var/lib/net-snmp/snmpd.conf:
   createUser snmpadmin MD5 "r123456" DES
adding the following line to /etc/snmp/snmpd.conf:
   rwuser snmpadmin
[root@localhost ~]#

Change the syslocation and syscontact in the /etc/snmp/snmpd.conf file.

vi /etc/snmp/snmpd.conf

Start snmpd service

service snmpd start

Configure snmp to start on system boot.

chkconfig snmpd on

 

Test and make sure snmp is working

replace “password” and “username” with the ones you setup when you created the SNMP V3 user.

snmpwalk -v 3 -a MD5 -A password -l authNoPriv -u username localhost

If you receive something like “snmpwalk: Timeout” then something is not working correctly.  Check to make sure the service is started, and make sure that your firewall is not blocking SNMP.

If you are running a firewall, run the following commands to allow it through.

firewall-cmd --zone=public --add-port=161/udp --permanent
semanage port -a -t snmp_port_t -p udp 161
firewall-cmd --reload

On iptables you should be able to do

 iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT

or add it to /etc/sysconfig/iptables and then restart iptables

How to Allow a Port Through Firewalld

Note: If you have SELinux enabled you’ll need to allow the port in semanage.

Basic syntax

 firewall-cmd --zone=public --add-port=(port number)/(protocal)

So the command to allow port 80 through the firewall would be

firewall-cmd --zone=public --add-port=http/tcp
or
firewall-cmd --zone=public --add-port=80/tcp

The above command only works for the running instance of firewalld.  If you want to add the port permanetely you need to run the above command and then run it again with “–permanent” added to the end of the command.

example:

firewall-cmd --zone=public --add-port=http/tcp
firewall-cmd --zone=public --add-port=http/tcp --permanent

How to Allow Ping Through Windows Firewall

Open up Windows Firewall with Advanced Security.

You can do this by going to
Control Panel –> System and security –> Windows Firewall –> Advanced settings

Or hit the Windows key and type in firewall and hit enter

Select Inbound rules and then add a New Rule.  On the New Inbound Rule Wizard select Custom for the type of rule and hit next.  Allow All programs and then hit next again.  Select ICMPv4 as the Protocol type and if you want you can specify the ICMP types by clicking on the Customize button.  Finish running through the wizard give it a name etc. and click Finish when your done.