{"id":35,"date":"2025-11-15T01:49:16","date_gmt":"2025-11-15T01:49:16","guid":{"rendered":"https:\/\/blogs.giamkichsan.com\/?p=35"},"modified":"2025-11-15T02:55:02","modified_gmt":"2025-11-15T02:55:02","slug":"huong-dan-mo-port-tren-centos-bao-gom-firewall-va-selinux","status":"publish","type":"post","link":"https:\/\/blogs.giamkichsan.com\/index.php\/2025\/11\/15\/huong-dan-mo-port-tren-centos-bao-gom-firewall-va-selinux\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn m\u1edf port tr\u00ean CentOS, bao g\u1ed3m firewall v\u00e0 SELinux"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">1\ufe0f\u20e3 M\u1edf port 5000 tr\u00ean firewall<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># M\u1edf t\u1ea1m th\u1eddi (m\u1ea5t sau reboot)\nsudo firewall-cmd --zone=public --add-port=5000\/tcp\n\n# M\u1edf v\u0129nh vi\u1ec5n\nsudo firewall-cmd --zone=public --add-port=5000\/tcp --permanent\nsudo firewall-cmd --reload\n\n# Ki\u1ec3m tra\nsudo firewall-cmd --list-ports\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>K\u1ebft qu\u1ea3 s\u1ebd hi\u1ec3n th\u1ecb <code>5000\/tcp<\/code> n\u1ebfu m\u1edf th\u00e0nh c\u00f4ng.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2\ufe0f\u20e3Th\u00eam port v\u00e0o SELinux cho d\u1ecbch v\u1ee5 t\u00f9y ch\u1ec9nh<\/h2>\n\n\n\n<p>SELinux c\u1ea7n bi\u1ebft port 5000 \u0111\u01b0\u1ee3c ph\u00e9p s\u1eed d\u1ee5ng:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>T\u1ea1o type port m\u1edbi (v\u00ed d\u1ee5 <code>myapp_port_t<\/code>):<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo semanage port -a -t myapp_port_t -p tcp 5000\n<\/code><\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Ki\u1ec3m tra port \u0111\u00e3 \u0111\u01b0\u1ee3c SELinux ghi nh\u1eadn ch\u01b0a:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo semanage port -l | grep 5000\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>K\u1ebft qu\u1ea3 v\u00ed d\u1ee5:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>myapp_port_t  tcp  5000\n<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>L\u01b0u \u00fd: N\u1ebfu <code>semanage<\/code> ch\u01b0a c\u00f3, c\u00e0i b\u1eb1ng:<\/p>\n<\/blockquote>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo yum install policycoreutils-python-utils\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3\ufe0f\u20e3 Ki\u1ec3m tra port t\u1eeb ngo\u00e0i m\u1ea1ng<\/h2>\n\n\n\n<p>T\u1eeb m\u00e1y kh\u00e1c (ho\u1eb7c m\u00e1y ngo\u00e0i Internet) ch\u1ea1y:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>telnet &lt;public-ip> 5000\n<\/code><\/pre>\n\n\n\n<p>ho\u1eb7c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nc -vz &lt;public-ip> 5000\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N\u1ebfu k\u1ebft n\u1ed1i th\u00e0nh c\u00f4ng \u2192 port \u0111\u00e3 public ra Internet.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4\ufe0f\u20e3 L\u01b0u \u00fd b\u1ea3o m\u1eadt<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ch\u1ec9 m\u1edf port c\u1ea7n thi\u1ebft.<\/li>\n\n\n\n<li>N\u1ebfu d\u1ecbch v\u1ee5 nh\u1ea1y c\u1ea3m, c\u00e2n nh\u1eafc <strong>VPN ho\u1eb7c firewall n\u00e2ng cao<\/strong>.<\/li>\n\n\n\n<li>SELinux v\u1eabn n\u00ean b\u1eadt \u0111\u1ec3 b\u1ea3o v\u1ec7 server.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Script ho\u00e0n ch\u1ec9nh<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>#!\/bin\/bash\n\n# 1\ufe0f\u20e3 Hi\u1ec3n th\u1ecb IP n\u1ed9i b\u1ed9\nIP_NOI_BO=$(ip -4 addr show | grep -oP '(?&lt;=inet\\s)\\d+(\\.\\d+){3}' | grep -v '^127')\necho \"IP n\u1ed9i b\u1ed9: $IP_NOI_BO\"\n\n# 2\ufe0f\u20e3 Hi\u1ec3n th\u1ecb IP c\u00f4ng c\u1ed9ng\nIP_CONG_CONG=$(curl -s ifconfig.me)\necho \"IP c\u00f4ng c\u1ed9ng: $IP_CONG_CONG\"\n\n# 3\ufe0f\u20e3 M\u1edf port 5000 tr\u00ean firewall\necho \"M\u1edf port 5000 tr\u00ean firewall...\"\nsudo firewall-cmd --zone=public --add-port=5000\/tcp\nsudo firewall-cmd --zone=public --add-port=5000\/tcp --permanent\nsudo firewall-cmd --reload\necho \"Port 5000 \u0111\u00e3 m\u1edf tr\u00ean firewall.\"\n\n# 4\ufe0f\u20e3 Th\u00eam port 5000 v\u00e0o SELinux cho d\u1ecbch v\u1ee5 t\u00f9y ch\u1ec9nh\necho \"Th\u00eam port 5000 v\u00e0o SELinux...\"\n# Ki\u1ec3m tra n\u1ebfu semanage ch\u01b0a c\u00e0i, s\u1ebd c\u00e0i\nif ! command -v semanage &amp;&gt; \/dev\/null\nthen\n    echo \"C\u00e0i semanage...\"\n    sudo yum install -y policycoreutils-python-utils\nfi\n\n# Th\u00eam port m\u1edbi n\u1ebfu ch\u01b0a t\u1ed3n t\u1ea1i\nif ! semanage port -l | grep -q 5000; then\n    sudo semanage port -a -t myapp_port_t -p tcp 5000\n    echo \"Port 5000 \u0111\u00e3 th\u00eam v\u00e0o SELinux.\"\nelse\n    echo \"Port 5000 \u0111\u00e3 t\u1ed3n t\u1ea1i trong SELinux.\"\nfi\n\necho \"Ho\u00e0n t\u1ea5t! B\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra k\u1ebft n\u1ed1i t\u1eeb b\u00ean ngo\u00e0i b\u1eb1ng:\"\necho \"telnet $IP_CONG_CONG 5000  ho\u1eb7c nc -vz $IP_CONG_CONG 5000\"\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\u2705 C\u00e1ch s\u1eed d\u1ee5ng<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>T\u1ea1o file, v\u00ed d\u1ee5 <code>setup_port5000.sh<\/code><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>nano setup_port5000.sh\n<\/code><\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>D\u00e1n n\u1ed9i dung script v\u00e0o, l\u01b0u l\u1ea1i.<\/li>\n\n\n\n<li>Cho ph\u00e9p ch\u1ea1y:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod +x setup_port5000.sh\n<\/code><\/pre>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Ch\u1ea1y script:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/setup_port5000.sh\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Script s\u1ebd in ra IP n\u1ed9i b\u1ed9, IP c\u00f4ng c\u1ed9ng, m\u1edf port 5000 v\u00e0 th\u00eam v\u00e0o SELinux.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>1\ufe0f\u20e3 M\u1edf port 5000 tr\u00ean firewall 2\ufe0f\u20e3Th\u00eam port v\u00e0o SELinux cho d\u1ecbch v\u1ee5 t\u00f9y ch\u1ec9nh SELinux c\u1ea7n bi\u1ebft port 5000 \u0111\u01b0\u1ee3c ph\u00e9p s\u1eed d\u1ee5ng: L\u01b0u <a class=\"mh-excerpt-more\" href=\"https:\/\/blogs.giamkichsan.com\/index.php\/2025\/11\/15\/huong-dan-mo-port-tren-centos-bao-gom-firewall-va-selinux\/\" title=\"H\u01b0\u1edbng d\u1eabn m\u1edf port tr\u00ean CentOS, bao g\u1ed3m firewall v\u00e0 SELinux\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-35","post","type-post","status-publish","format-standard","hentry","category-centos-he-dieu-hanh"],"_links":{"self":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts\/35","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/comments?post=35"}],"version-history":[{"count":2,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts\/35\/revisions"}],"predecessor-version":[{"id":59,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/posts\/35\/revisions\/59"}],"wp:attachment":[{"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/media?parent=35"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/categories?post=35"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.giamkichsan.com\/index.php\/wp-json\/wp\/v2\/tags?post=35"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}