Surprisingly, could not find any clear information on how to delete a range of ports by way of semanage port. Here is a list of permutations I tried:
semanage port -d -t http_port_t -p tcp 0-60000
semanage port -d -t http_port_t -p tcp [1-60000]
semanage port -d -t http_port_t -p tcp 1,60000
semanage port -d -t http_port_t -p tcp 1-60000
semanage port -d -t http_port_t -p tcp 1 60000
semanage port -d -t http_port_t -p tcp 1,60000
semanage port -d -t http_port_t -p tcp <60000
semanage port -d -t http_port_t -p tcp '1-60000'
semanage port -d -t http_port_t -p tcp '1,60000'
semanage port -d -t http_port_t -p tcp 1000-10000
The help message wasn't clear on how to indicate a range:
root@service1 /etc/yum/pluginconf.d # -> semanage -h
/usr/sbin/semanage:
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
semanage login -{a|d|m|l|D|E} [-nrs] login_name | %groupname
semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name
semanage port -{a|d|m|l|D|E} [-nrt] [ -p proto ] port | port_range
Best Answer
Well that was impressive, you made me go to source code to find an answer. You did stumble across the proper way to define a range with your first try: two numbers must be separated by a hyphen.
What's hanging you up is this:
If you specify a range of ports when adding a rule, you must specify the same range of ports when deleting a rule. For example:
To delete those, you must call delete once for each port or port range between the commas. They can't be a contiguous range because they weren't defined that way.
Conversely, with this example:
You can't individually delete 63132 or 63133. You must specify that exact range.
Example of adding and deleting a range: