CentOS - semanage - Delete range of ports

linux centos selinux

Well that was impressive, you made me go to source code to find an answer. You did stumble across the proper way to define a range with your first try: two numbers must be separated by a hyphen.

What's hanging you up is this:

(rc, exists) = semanage_port_exists(self.sh, k)
if rc < 0:
    raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if not exists:
    raise ValueError(_("Port %s/%s is not defined") % (proto, port))

If you specify a range of ports when adding a rule, you must specify the same range of ports when deleting a rule. For example:

sudo semanage port -l | grep ^http_port_t
http_port_t                    tcp      80, 443, 488, 8008, 8009, 8443

To delete those, you must call delete once for each port or port range between the commas. They can't be a contiguous range because they weren't defined that way.

Conversely, with this example:

mysqld_port_t                  tcp      1186, 3306, 63132-63163

You can't individually delete 63132 or 63133. You must specify that exact range.

Example of adding and deleting a range:

semanage port --add -t http_port_t -p tcp 8899-8902
semanage port --delete -t http_port_t -p tcp 8899-8902

Related

is TCP port exhaustion real? [closed]
Trying to set up SFTP only in a chroot jail for one user
Bridge to a used eth1 card without losing connection via that card
What to do after hitting the dreaded 256 max connections Apache Limit
Forwarding access to a subset of ssh-agent identitites
What's the best way to copy deduplicated files onto a new Server 2012 drive?
Is it wise to use SSHDs (Solid state hybrid drives) on a server?
Enabling VMware EVC on Westmere E5645 CPU only accepts "Nehalem" mode
Excessive 'TCP Dup ACK' & 'TCP Fast Retransmission' causing issues on network. What's causing this?
How can I have Supervisor running my programs as another user?
ESXi standalone host cannot power on any virtual machines
How do I install the main repositories for RHEL6