semanage Allow and Delete ports in CentOS

The commands are for CentOS, but should work on Fedora and RedHat.

If semanage is not installed refer to here.

You would typically use this along with the systems firewall to allow a port through.  Guide for firewalld and iptables.  If you change it in the firewall and fail to add/edit it in semanage you can potentially get weird behavior like sshd not wanting to start after changing the port.

Add port

semanage port -a -t ssh_port_t -p tcp 2222

The above command allows the sshd service to start, using port 2222.

List allowed ports

semanage port -l

You can use grep to filter the results


[admin@localhost ~]# semanage port -l | grep ssh
ssh_port_t tcp 2222, 22
[admin@localhost ~]#

Delete port

semanage port -d -p tcp 2222

Other examples

Allow SNMP

semanage port -a -t snmp_port_t -p udp 161


LibreNMS not able to ping device and can’t change device name

If your having issues in the LibreNMS web interface changing a devices IP address or you can’t add a new one because it says it can’t ping the device, it is probably because SELinux is causing issues.

As far as changing a devices ip address, it looks like SELinux is not allowing Apache write access to the /opt/librenms/rrd directory

Temporary fix is to run

setenforce 0

You can permenatly disable SElinux by opening up “/etc/selinux/config” and changing “SELINUX=enforcing” to “SELINUX=disabled” and rebooting.


Renaming of x.x.x.x failed . Does your web server have permission to modify the rrd files?

It looks like there may be a bug where you’ll try to change the IP of a device and get the above error.  It looks like the issue has something to do with the ip address.  If your trying to change the IP on a router that has multiple IP addresses, try a different address in LibreNMS.


How To Enable/Disable SELinux

Disable SELinux

You can manually edit the SELinux config file in /etc/selinux/config and change the variable SELINUX=enforcing to disabled

vi /etc/selinux/config

or you can use this little command

sed -i.bak -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

Enable SELinux

You can enable SELinux manually the same as above but set SELINUX=disabled to SELINUX=enforcing

vi /etc/selinux/config


sed -i.bak -e 's/^SELINUX=.*/SELINUX=enforcing/g' /etc/selinux/config