Change default ssh port and turn on firewall on CentOS 7

[root@localhost ~]# cd /etc/ssh
[root@localhost ssh]# ll
total 268
-rw-------. 1 root root 242153 Jun 9 2014 moduli
-rw-r--r--. 1 root root 2123 Jun 9 2014 ssh_config
-rw-------. 1 root root 4442 Jun 9 2014 sshd_config
-rw-r-----. 1 root ssh_keys 227 Jul 27 2014 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Jul 27 2014 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 1679 Jul 27 2014 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Jul 27 2014 ssh_host_rsa_key.pub
[root@localhost ssh]# cp sshd_config sshd_config.b2016Jan18
[root@localhost ssh]# vi sshd_config # uncomment line Port 22, change to Port 1234
[root@localhost ssh]# semanage port -a -t ssh_port_t -p tcp 1234
-bash: semanage: command not found
[root@localhost ssh]# getenforce
Enforcing
[root@localhost ssh]# yum -y install policycoreutils-python
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): extras/7/x86_64/primary_db | 90 kB 00:15
(2/4): base/7/x86_64/group_gz | 155 kB 00:16
(3/4): updates/7/x86_64/primary_db | 1.7 MB 00:19
(4/4): base/7/x86_64/primary_db | 5.3 MB 00:25
Determining fastest mirrors
* base: centos.mirror.iweb.ca
* extras: centos.mirror.iweb.ca
* updates: centos.mirrors.atwab.net
Resolving Dependencies
--> Running transaction check
---> Package policycoreutils-python.x86_64 0:2.2.5-20.el7 will be installed
--> Processing Dependency: policycoreutils = 2.2.5-20.el7 for package: policycor eutils-python-2.2.5-20.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.1.10-1 for package: policycor eutils-python-2.2.5-20.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreu tils-python-2.2.5-20.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.2.5- 20.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycore utils-python-2.2.5-20.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycore utils-python-2.2.5-20.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.2.5-2 0.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycore utils-python-2.2.5-20.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.2.5 -20.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-py thon-2.2.5-20.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-py thon-2.2.5-20.el7.x86_64
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.4.1-5.el7 will be installed
--> Processing Dependency: audit-libs = 2.4.1-5.el7 for package: audit-libs-pyth on-2.4.1-5.el7.x86_64
---> Package checkpolicy.x86_64 0:2.1.12-6.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-8.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.1.10-18.el7 will be installed
--> Processing Dependency: libsemanage = 2.1.10-18.el7 for package: libsemanage- python-2.1.10-18.el7.x86_64
---> Package policycoreutils.x86_64 0:2.2.5-11.el7 will be updated
---> Package policycoreutils.x86_64 0:2.2.5-20.el7 will be an update
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.7-46.el7 will be installed
--> Running transaction check
---> Package audit-libs.x86_64 0:2.3.3-4.el7 will be updated
--> Processing Dependency: audit-libs = 2.3.3-4.el7 for package: audit-2.3.3-4.e l7.x86_64
---> Package audit-libs.x86_64 0:2.4.1-5.el7 will be an update
---> Package libsemanage.x86_64 0:2.1.10-16.el7 will be updated
---> Package libsemanage.x86_64 0:2.1.10-18.el7 will be an update
--> Running transaction check
---> Package audit.x86_64 0:2.3.3-4.el7 will be updated
---> Package audit.x86_64 0:2.4.1-5.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
policycoreutils-python x86_64 2.2.5-20.el7 base 435 k
Installing for dependencies:
audit-libs-python x86_64 2.4.1-5.el7 base 69 k
checkpolicy x86_64 2.1.12-6.el7 base 247 k
libcgroup x86_64 0.41-8.el7 base 64 k
libsemanage-python x86_64 2.1.10-18.el7 base 94 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.7-46.el7 base 485 k
Updating for dependencies:
audit x86_64 2.4.1-5.el7 base 234 k
audit-libs x86_64 2.4.1-5.el7 base 80 k
libsemanage x86_64 2.1.10-18.el7 base 123 k
policycoreutils x86_64 2.2.5-20.el7 base 803 k

Transaction Summary
================================================================================
Install 1 Package (+6 Dependent packages)
Upgrade ( 4 Dependent packages)

Total download size: 2.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/11): audit-libs-python-2.4.1-5.el7.x86_64.rpm | 69 kB 00:09
(2/11): checkpolicy-2.1.12-6.el7.x86_64.rpm | 247 kB 00:09
(3/11): libcgroup-0.41-8.el7.x86_64.rpm | 64 kB 00:09
(4/11): audit-libs-2.4.1-5.el7.x86_64.rpm | 80 kB 00:09
(5/11): libsemanage-python-2.1.10-18.el7.x86_64.rpm | 94 kB 00:00
(6/11): libsemanage-2.1.10-18.el7.x86_64.rpm | 123 kB 00:00
(7/11): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00
(8/11): audit-2.4.1-5.el7.x86_64.rpm | 234 kB 00:09
(9/11): setools-libs-3.3.7-46.el7.x86_64.rpm | 485 kB 00:00
(10/11): policycoreutils-2.2.5-20.el7.x86_64.rpm | 803 kB 00:00
(11/11): policycoreutils-python-2.2.5-20.el7.x86_64.rpm | 435 kB 00:00
--------------------------------------------------------------------------------
Total 255 kB/s | 2.6 MB 00:10
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : audit-libs-2.4.1-5.el7.x86_64 1/15
Updating : libsemanage-2.1.10-18.el7.x86_64 2/15
Updating : policycoreutils-2.2.5-20.el7.x86_64 3/15
Installing : libsemanage-python-2.1.10-18.el7.x86_64 4/15
Installing : audit-libs-python-2.4.1-5.el7.x86_64 5/15
Installing : python-IPy-0.75-6.el7.noarch 6/15
Installing : checkpolicy-2.1.12-6.el7.x86_64 7/15
Installing : libcgroup-0.41-8.el7.x86_64 8/15
Installing : setools-libs-3.3.7-46.el7.x86_64 9/15
Installing : policycoreutils-python-2.2.5-20.el7.x86_64 10/15
Updating : audit-2.4.1-5.el7.x86_64 11/15
Cleanup : policycoreutils-2.2.5-11.el7.x86_64 12/15
Cleanup : libsemanage-2.1.10-16.el7.x86_64 13/15
Cleanup : audit-2.3.3-4.el7.x86_64 14/15
Cleanup : audit-libs-2.3.3-4.el7.x86_64 15/15
Verifying : setools-libs-3.3.7-46.el7.x86_64 1/15
Verifying : libsemanage-2.1.10-18.el7.x86_64 2/15
Verifying : libcgroup-0.41-8.el7.x86_64 3/15
Verifying : checkpolicy-2.1.12-6.el7.x86_64 4/15
Verifying : policycoreutils-2.2.5-20.el7.x86_64 5/15
Verifying : python-IPy-0.75-6.el7.noarch 6/15
Verifying : audit-libs-2.4.1-5.el7.x86_64 7/15
Verifying : libsemanage-python-2.1.10-18.el7.x86_64 8/15
Verifying : audit-2.4.1-5.el7.x86_64 9/15
Verifying : policycoreutils-python-2.2.5-20.el7.x86_64 10/15
Verifying : audit-libs-python-2.4.1-5.el7.x86_64 11/15
Verifying : policycoreutils-2.2.5-11.el7.x86_64 12/15
Verifying : audit-libs-2.3.3-4.el7.x86_64 13/15
Verifying : libsemanage-2.1.10-16.el7.x86_64 14/15
Verifying : audit-2.3.3-4.el7.x86_64 15/15

Installed:
policycoreutils-python.x86_64 0:2.2.5-20.el7

Dependency Installed:
audit-libs-python.x86_64 0:2.4.1-5.el7
checkpolicy.x86_64 0:2.1.12-6.el7
libcgroup.x86_64 0:0.41-8.el7
libsemanage-python.x86_64 0:2.1.10-18.el7
python-IPy.noarch 0:0.75-6.el7
setools-libs.x86_64 0:3.3.7-46.el7

Dependency Updated:
audit.x86_64 0:2.4.1-5.el7 audit-libs.x86_64 0:2.4.1-5.el7
libsemanage.x86_64 0:2.1.10-18.el7 policycoreutils.x86_64 0:2.2.5-20.el7

Complete!
[root@localhost ssh]# semanage port -a -t ssh_port_t -p tcp 1234
[root@localhost ssh]#
[root@localhost ssh]# firewall-cmd --permanent --zone=public --add-port=1234/tcp
FirewallD is not running
[root@localhost ssh]#
[root@localhost ssh]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service' '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ssh]# systemctl start firewalld
[root@localhost ssh]# firewall-cmd --permanent --zone=public --add-port=1234/tcp
success
[root@localhost ssh]# firewall-cmd --reload
success
[root@localhost ssh]#
[root@localhost ssh]# systemctl restart sshd.service
[root@localhost ssh]#
[root@localhost ssh]#
[root@localhost ssh]#
[root@localhost ssh]# ss -tnlp | grep ssh
LISTEN 0 128 *:1234 *:* users:(("sshd",24327,3))
LISTEN 0 128 :::1234 :::* users:(("sshd",24327,4))
[root@localhost ssh]#