1sepolicy-network(8) sepolicy-network(8)
2
3
4
6 sepolicy-network - Examine the SELinux Policy and generate a network
7 report
8
9
11 sepolicy network [-h] (-l | -a application [application ...] | -p PORT
12 [PORT ...] | -t TYPE [TYPE ...] | -d DOMAIN [DOMAIN ...])
13
14
16 Use sepolicy network to examine SELinux Policy and generate network re‐
17 ports.
18
19
21 -a, --application
22 Generate a report listing the ports to which the specified init
23 application is allowed to connect and or bind
24
25 -d, --domain
26 Generate a report listing the ports to which the specified do‐
27 main is allowed to connect and or bind
28
29 -l, --list
30 List all Network Port Types defined in SELinux Policy
31
32 -h, --help
33 Display help message
34
35 -t, --type
36 Generate a report listing the port numbers associate with the
37 specified SELinux port type
38
39 -p, --port
40 Generate a report listing the SELinux port types associate with
41 the specified port number
42
43
45 sepolicy network -p 22
46 22: tcp ssh_port_t 22
47 22: udp reserved_port_t 1-511
48 22: tcp reserved_port_t 1-511
49
50 sepolicy network -a /usr/sbin/sshd
51 sshd_t: tcp name_connect
52 111 (portmap_port_t)
53 53 (dns_port_t)
54 88, 750, 4444 (kerberos_port_t)
55 9080 (ocsp_port_t)
56 9180, 9701, 9443-9447 (pki_ca_port_t)
57 32768-61000 (ephemeral_port_t)
58 all ports < 1024 (reserved_port_type)
59 all ports with out defined types (port_t)
60 sshd_t: tcp name_bind
61 22 (ssh_port_t)
62 5900-5983, 5985-5999 (vnc_port_t)
63 6000-6020 (xserver_port_t)
64 32768-61000 (ephemeral_port_t)
65 all ports > 500 and < 1024 (rpc_port_type)
66 all ports with out defined types (port_t)
67 sshd_t: udp name_bind
68 32768-61000 (ephemeral_port_t)
69 all ports > 500 and < 1024 (rpc_port_type)
70 all ports with out defined types (port_t)
71
72
73
75 This man page was written by Daniel Walsh <dwalsh@redhat.com>
76
77
79 sepolicy(8), selinux(8), semanage(8)
80
81
82
83 20121005 sepolicy-network(8)