How to use Gremlin to blackhole an external address from a container

In this tutorial, we’ll be using Gremlin to run a blackhole attack that blocks an external address. In this example, we’ll block access to example.com.

First, we’ll launch our container, a simple ubuntu container:

sudo docker run -l service=curl --name curl -d nginx

Obtain the container id, in this example it is 30d570653c9f

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
30d570653c9f nginx “/docker-entrypoint.…” 22 seconds ago Up 21 seconds 80/tcp curl

Now we’ll hop in the container to run curl and confirm the blackhole is working as expected:

docker exec -it 30d570653c9f /bin/bash

Curl to get example.com

curl example.com

The result from curling example.com

<!doctype html>
<html>
<head>
    <title>Example Domain</title>
....

Now we’ll block the ability to reach example.com.

In this example I am spinning up a gremlin agent to run an attack on the container we created, it is then blocking the ability for that container to reach example.com for 3000 seconds:

sudo docker run -it     --cap-add=NET_ADMIN     -e GREMLIN_TEAM_ID="${GREMLIN_TEAM_ID}"     -e GREMLIN_TEAM_SECRET="${GREMLIN_TEAM_SECRET}"     -v /var/run/docker.sock:/var/run/docker.sock     gremlin/gremlin attack-container 30d570653c9f blackhole -l 3000 -h example.com