Skip to content

Instantly share code, notes, and snippets.

@nickwesselman
Created July 8, 2020 04:51
Show Gist options
  • Save nickwesselman/e1ce6d3420a5c109cfbc75cfb242dcf1 to your computer and use it in GitHub Desktop.
Save nickwesselman/e1ce6d3420a5c109cfbc75cfb242dcf1 to your computer and use it in GitHub Desktop.
Docker for Windows Process Isolation Firewall Test
Param(
$isolation="process",
$port=8765
)
Write-Host "Opening incoming connections on port $port" -ForegroundColor Green
netsh advfirewall firewall add rule name="Docker Test Open Port $port" dir=in action=allow protocol=TCP localport=$port
Write-Host "Turning on firewall logging" -ForegroundColor Green
auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:enable /success:enable
auditpol /set /subcategory:"Filtering Platform Connection" /failure:enable /success:enable
Write-Host "Starting ASP.NET Core Sample on Port $port" -ForegroundColor Green
docker run --rm --network nat --name aspnetcore_sample --env ASPNETCORE_URLS=http://+:$port --isolation $isolation -d mcr.microsoft.com/dotnet/core/samples:aspnetapp
Start-Sleep -Seconds 5
Write-Host "Testing network call from another container" -ForegroundColor Green
docker run --rm --network nat --name net_test --isolation $isolation mcr.microsoft.com/windows/nanoserver:1909 cmd /s /c curl.exe -m 5 http://aspnetcore_sample:$port
Write-Host "Checking event log" -ForegroundColor Green
(Get-EventLog -LogName Security -Newest 1000 | ? {$_.Message.Contains("Filtering") -and $_.Message.Contains("Destination Port: $port")} | select -first 1).Message
Write-Host "Cleaning up" -ForegroundColor Green
docker stop aspnetcore_sample
auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:disable
auditpol /set /subcategory:"Filtering Platform Connection" /failure:disable
netsh advfirewall firewall delete rule name="Docker Test Open Port $port"
Param(
$isolation="process",
$port=80
)
# Note no firewall changes here
Write-Host "Turning on firewall logging" -ForegroundColor Green
auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:enable /success:enable
auditpol /set /subcategory:"Filtering Platform Connection" /failure:enable /success:enable
Write-Host "Starting IIS Sample on Port $port" -ForegroundColor Green
docker run --rm --network nat --name aspnet_sample --isolation $isolation -d mcr.microsoft.com/dotnet/framework/samples:aspnetapp
docker exec aspnet_sample powershell.exe -Command "Set-WebBinding -Name 'Default Web Site' -BindingInformation "*:80:" -PropertyName Port -Value $port"
Start-Sleep -Seconds 5
Write-Host "Testing network call from another container" -ForegroundColor Green
docker run --rm --network nat --name net_test --isolation $isolation mcr.microsoft.com/windows/nanoserver:1909 cmd /s /c curl.exe -m 5 http://aspnet_sample:$port
Write-Host "Checking event log" -ForegroundColor Green
(Get-EventLog -LogName Security -Newest 1000 | ? {$_.Message.Contains("Filtering") -and $_.Message.Contains("Destination Port: $port")} | select -first 1).Message
Write-Host "Cleaning up" -ForegroundColor Green
docker stop aspnet_sample
auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:disable /success:disable
auditpol /set /subcategory:"Filtering Platform Connection" /failure:disable /success:disable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment