SELinux can be a pain at times if you don’t have a clear understanding how it works. A good chunk of resolutions around the web end up suggesting turning off SELinux completely. This, to say the least, is one of the worst things you can do to your server.
Allowing access to ports through SELinux is one of the things that came across while setting up Elasticsearch cluster on Cent OS servers and I wanted to share a quick run down of steps/commands required to allow a port through the firewall. In this example, we’ll be allowing access to port 8090.
- Start with checking the port allocation and confirming the port you want to allow access to isn’t already being used,
1sudo semanage port -l | grep http_port_t - Allow access to port
1sudo semanage port -a -t http_port_t -p tcp 8090 - Check firewall ports passthrough
1sudo firewall-cmd --list-all - Add port (and make it permanent)
1sudo firewall-cmd --zone=public --add-port=9443/tcp --permanent - Reload firewall for the changes to take effect
1sudo firewall-cmd --reload
Good luck!
