Remove port from selinux policy
Posted: 2021/04/30 16:02:38
I am trying to get the ESET AV software working on my employer's system. The firewall we have (Cisco Firepower) does not handle a generic many-to-one NAT IP, an allow list, and a country blacklist as expected. ESET is in Slovakia and their registration server is in the country blacklist.
So I need a proxy server to handle the traffic. One of the ports their software defaults to is 3128 which I cannot add to selinuix for http_port_t.
If I search for the port I get
But, if I try to remove it from squid_port_t it is forbidden.
It will work if I disable selinux but I would prefer to not do that.
Can this be fixed or should I just figure out how to change the port ESET software uses?
So I need a proxy server to handle the traffic. One of the ports their software defaults to is 3128 which I cannot add to selinuix for http_port_t.
Code: Select all
sudo semanage port -a -t http_port_t -p tcp 3128
ValueError: Port tcp/3128 already defined
Code: Select all
sudo semanage port -l | grep 3128
squid_port_t tcp 3128, 3401, 4827
Code: Select all
sudo semanage port -d -t squid_port_t -p tcp 3128
ValueError: Port tcp/3128 is defined in policy, cannot be deleted
Can this be fixed or should I just figure out how to change the port ESET software uses?