Feature Request - Ability to dynamically map network ports to docker containers

[zoomequipd]

My use case is enabling a platform to test with metasploit, but catching reverse shells present a problem. Would it be possible to set a master range of ports (say 10000-2000) and then configure a "ports per container" setting (say 5). Each time a new user signs up, they are assigned a static range of 5 ports selected from "available" ports.

There'd have to be some process to keep track of which ports are assigned/released (when the container expires?)

Just thinking out loud a bit.

[jschipp-r7]

Hey @zoomequipd,

You could keep track of them by writing support in theisletd script, it runs in the background as a daemon and is meant for doing tasks where you need to keep track of things.

Docker has the ability to set a range of ports, so the training env config file and container generation code could be updated to allow a custom or dynamically generated range. If Docker doesn't have a master list of ports (haven't checked), you could change the non-privileged range in Linux across the OS, or you can could probably do some iptables magic to only forward or allow a specific range.

I think what you're trying to achieve is doable though it might not be elegant.