Linux command
semanage-port 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
List
sudo semanage port -l
List
sudo semanage port -l -C -n
Add
sudo semanage port -a -t [ssh_port_t] -p [tcp] [22000]
Add
sudo semanage port -a -t [http_port_t] -p [tcp] [80-88]
Delete
sudo semanage port -d -p [udp] [11940]
说明
semanage port manages SELinux port type definitions. Port labels control which confined domains can bind to or connect to specific network ports. When running a service on a non-standard port, you must add a port rule so SELinux allows the service to use that port. For example, running SSH on port 22000 requires adding that port to ssh_port_t.
参数
- -l, --list
- List all port labeling rules
- -a, --add
- Add a new port rule
- -d, --delete
- Delete a port rule
- -m, --modify
- Modify an existing port rule
- -t, --type _type_
- SELinux type to assign to the port
- -p, --proto _protocol_
- Protocol (tcp or udp)
- -C, --locallist
- Show only locally customized rules
- -n, --noheading
- Omit column headings from output
FAQ
What is the semanage-port command used for?
semanage port manages SELinux port type definitions. Port labels control which confined domains can bind to or connect to specific network ports. When running a service on a non-standard port, you must add a port rule so SELinux allows the service to use that port. For example, running SSH on port 22000 requires adding that port to ssh_port_t.
How do I run a basic semanage-port example?
Run `sudo semanage port -l` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -l, --list do in semanage-port?
List all port labeling rules