Created
July 8, 2020 04:51
-
-
Save nickwesselman/e1ce6d3420a5c109cfbc75cfb242dcf1 to your computer and use it in GitHub Desktop.
Docker for Windows Process Isolation Firewall Test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| $isolation="process", | |
| $port=8765 | |
| ) | |
| Write-Host "Opening incoming connections on port $port" -ForegroundColor Green | |
| netsh advfirewall firewall add rule name="Docker Test Open Port $port" dir=in action=allow protocol=TCP localport=$port | |
| Write-Host "Turning on firewall logging" -ForegroundColor Green | |
| auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:enable /success:enable | |
| auditpol /set /subcategory:"Filtering Platform Connection" /failure:enable /success:enable | |
| Write-Host "Starting ASP.NET Core Sample on Port $port" -ForegroundColor Green | |
| docker run --rm --network nat --name aspnetcore_sample --env ASPNETCORE_URLS=http://+:$port --isolation $isolation -d mcr.microsoft.com/dotnet/core/samples:aspnetapp | |
| Start-Sleep -Seconds 5 | |
| Write-Host "Testing network call from another container" -ForegroundColor Green | |
| docker run --rm --network nat --name net_test --isolation $isolation mcr.microsoft.com/windows/nanoserver:1909 cmd /s /c curl.exe -m 5 http://aspnetcore_sample:$port | |
| Write-Host "Checking event log" -ForegroundColor Green | |
| (Get-EventLog -LogName Security -Newest 1000 | ? {$_.Message.Contains("Filtering") -and $_.Message.Contains("Destination Port: $port")} | select -first 1).Message | |
| Write-Host "Cleaning up" -ForegroundColor Green | |
| docker stop aspnetcore_sample | |
| auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:disable | |
| auditpol /set /subcategory:"Filtering Platform Connection" /failure:disable | |
| netsh advfirewall firewall delete rule name="Docker Test Open Port $port" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param( | |
| $isolation="process", | |
| $port=80 | |
| ) | |
| # Note no firewall changes here | |
| Write-Host "Turning on firewall logging" -ForegroundColor Green | |
| auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:enable /success:enable | |
| auditpol /set /subcategory:"Filtering Platform Connection" /failure:enable /success:enable | |
| Write-Host "Starting IIS Sample on Port $port" -ForegroundColor Green | |
| docker run --rm --network nat --name aspnet_sample --isolation $isolation -d mcr.microsoft.com/dotnet/framework/samples:aspnetapp | |
| docker exec aspnet_sample powershell.exe -Command "Set-WebBinding -Name 'Default Web Site' -BindingInformation "*:80:" -PropertyName Port -Value $port" | |
| Start-Sleep -Seconds 5 | |
| Write-Host "Testing network call from another container" -ForegroundColor Green | |
| docker run --rm --network nat --name net_test --isolation $isolation mcr.microsoft.com/windows/nanoserver:1909 cmd /s /c curl.exe -m 5 http://aspnet_sample:$port | |
| Write-Host "Checking event log" -ForegroundColor Green | |
| (Get-EventLog -LogName Security -Newest 1000 | ? {$_.Message.Contains("Filtering") -and $_.Message.Contains("Destination Port: $port")} | select -first 1).Message | |
| Write-Host "Cleaning up" -ForegroundColor Green | |
| docker stop aspnet_sample | |
| auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:disable /success:disable | |
| auditpol /set /subcategory:"Filtering Platform Connection" /failure:disable /success:disable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment