semanage Allow and Delete ports in CentOS

The commands are for CentOS, but should work on Fedora and RedHat.

If semanage is not installed refer to here.

You would typically use this along with the systems firewall to allow a port through.  Guide for firewalld and iptables.  If you change it in the firewall and fail to add/edit it in semanage you can potentially get weird behavior like sshd not wanting to start after changing the port.

Add port

semanage port -a -t ssh_port_t tcp 2222

The above command allows the sshd service to start, using port 2222.

List allowed ports

semanage port -l

You can use grep to filter the results

Example:

[admin@localhost ~]# semanage port -l | grep ssh
ssh_port_t tcp 2222, 22
[admin@localhost ~]#

Delete port

semanage port -d -p tcp 2222

Other examples

Allow SNMP

semanage port -a -t snmp_port_t tcp 2222

 

LibreNMS not able to ping device and can’t change device name

If your having issues in the LibreNMS web interface changing a devices IP address or you can’t add a new one because it says it can’t ping the device, it is probably because SELinux is causing issues.

As far as changing a devices ip address, it looks like SELinux is not allowing Apache write access to the /opt/librenms/rrd directory

Temporary fix is to run

setenforce 0

You can permenatly disable SElinux by opening up “/etc/selinux/config” and changing “SELINUX=enforcing” to “SELINUX=disabled” and rebooting.

How To Enable/Disable SELinux

Disable SELinux

You can manually edit the SELinux config file in /etc/selinux/config and change the variable SELINUX=enforcing to disabled

vi /etc/selinux/config
...
SELINUX=disabled
...

or you can use this little command

sed -i.bak -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

Enable SELinux

You can enable SELinux manually the same as above but set SELINUX=disabled to SELINUX=enforcing

vi /etc/selinux/config
...
SELINUX=enforcing
...

or

sed -i.bak -e 's/^SELINUX=.*/SELINUX=enforcing/g' /etc/selinux/config