SELinux can be a pain at times if you don’t have a clear understanding of what, how and why of its workings. A good chunk of resolutions around the web end up suggesting turning off SELinux completely. This, to say the least, is one of the worst things you can do to your server.
Allowing access to ports through SELinux is one of the things that came across while setting up Elasticsearch cluster on Cent OS servers and I wanted to share a quick run down of steps/commands required to allow a port through the firewall. In this example, we’ll be allowing access to port
Start with checking the port allocation and confirming the port you want to allow access to isn’t already being used,
sudo semanage port -l | grep http_port_t
Allow access to port
sudo semanage port -a -t http_port_t -p tcp 8090
Check firewall ports passthrough
sudo firewall-cmd --list-all
Add port (and make it permanent)
sudo firewall-cmd --zone=public --add-port=9443/tcp --permanent
Reload firewall for the changes to take effect
sudo firewall-cmd --reload
Please keep in mind that exposing a port, any port to internet can have some serious consiquences. It’s best that such exposed ports are well protected and is a well thought, intentional move.