CentOS - semanage - Delete range of ports
Well that was impressive, you made me go to source code to find an answer. You did stumble across the proper way to define a range with your first try: two numbers must be separated by a hyphen.
What's hanging you up is this:
(rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if not exists:
raise ValueError(_("Port %s/%s is not defined") % (proto, port))
If you specify a range of ports when adding a rule, you must specify the same range of ports when deleting a rule. For example:
sudo semanage port -l | grep ^http_port_t
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
To delete those, you must call delete once for each port or port range between the commas. They can't be a contiguous range because they weren't defined that way.
Conversely, with this example:
mysqld_port_t tcp 1186, 3306, 63132-63163
You can't individually delete 63132 or 63133. You must specify that exact range.
Example of adding and deleting a range:
semanage port --add -t http_port_t -p tcp 8899-8902
semanage port --delete -t http_port_t -p tcp 8899-8902