jschipp-r7
commented
5 years ago Hey @zoomequipd,
You could keep track of them by writing support in theisletd script, it runs in the background as a daemon and is meant for doing tasks where you need to keep track of things.
Docker has the ability to set a range of ports, so the training env config file and container generation code could be updated to allow a custom or dynamically generated range. If Docker doesn't have a master list of ports (haven't checked), you could change the non-privileged range in Linux across the OS, or you can could probably do some iptables magic to only forward or allow a specific range.
I think what you're trying to achieve is doable though it might not be elegant.
My use case is enabling a platform to test with metasploit, but catching reverse shells present a problem. Would it be possible to set a master range of ports (say 10000-2000) and then configure a "ports per container" setting (say 5). Each time a new user signs up, they are assigned a static range of 5 ports selected from "available" ports.
There'd have to be some process to keep track of which ports are assigned/released (when the container expires?)
Just thinking out loud a bit.