Applying ACLPolicy for HNSEndpoint is broken in WindowsServer2025

[winkingturtle-vmw]

Describe the bug
When I create an ACLPolicy for HNSEndpoint, it fails to apply in Windows Server 2025 Containers. This behavior works as expected in Windows Server 2019. It's unclear what has changed in the latest version of Windows Server to break this behavior. The lack of being able to apply ACLPolicy for NAT indicates that containers on Windows Server 2025 can talk to any internal IP. For context, we have been able to shield containers from reaching internal IPs in Windows Server 2019, but we've lost this ability in Windows Server 2025.

To Reproduce

1. Create container-1 in docker, capture the IP-Address, and run a simple web server on port 8080
2. Create container-2 in docker, capture the IP-Address
3. If you curl.exe container-1:8080 (from inside container-2), you should see the response from the server. That's expected because by default there is not ACLPolicy.
4. Run Get-HNSEndpoint on the host to get the Endpoint-ID for container-2
5. Execute acl-policy.exe (a simple binary that sets ACLPolicy) e.g. c:\acl-policy.exe endoint-id-from-step-4 ip-address-for-container-2 ip-address-for-container-1. This will create an ACLPolicy to Block Outgoing traffic from container-2 to container-1.
6. Re-run the curl.exe from step 3 and you still see container-2 is able to talk to container-1

Expected behavior
When I re-run the curl.exe in container-2 I expect to see an error after setting the ACLPolicy

Configuration:

• Edition: Windows Server
• Base Image being used: Windows Server Core
• Container engine: docker
• Container Engine version N/A

Additional context
Simple acl-policy binary:

package main

import (
	"fmt"
	"os"
	"encoding/json"
	"github.com/Microsoft/hcsshim"
)

func main() {
	endpointId := os.Args[1]
	source := os.Args[2]
	dest := os.Args[3]

	endpoint, err := hcsshim.GetHNSEndpointByID(endpointId)
	if err != nil {
		fmt.Printf("ERR GetHNSEndpointByID: %+v\n", err.Error())
		os.Exit(1)
	}

	acl := &hcsshim.ACLPolicy{
		Type: hcsshim.ACL,
		Action: hcsshim.Block,
		Direction: hcsshim.Out,
		Protocol: uint16(256),
		LocalAddresses: source,
		RemoteAddresses: dest,
	}
	policy, err := json.Marshal(acl)
	if err != nil {
		fmt.Printf("ERR json.Marshal: %+v\n", err.Error())
		os.Exit(1)
	}
	endpoint.Policies = append(endpoint.Policies, policy)
	_, err = endpoint.Update()
	if err != nil {
		fmt.Printf("ERR endpoint.Update: %+v\n", err.Error())
		os.Exit(1)
	}
	fmt.Printf("Updated endpoint to BLOCK %s from %s\n", dest, source)
}

Simple WebServer in powershell for container-1:

$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add("http://+:8080/")
$listener.Start()
Write-Host "Listening on http://+:8080/"

while ($listener.IsListening) {
    $context = $listener.GetContext()
    $request = $context.Request
    $response = $context.Response

    $response.ContentType = "text/plain"
    $response.StatusCode = 200
    $response.StatusDescription = "OK"

    $output = $response.OutputStream
    $writer = New-Object System.IO.StreamWriter($output)
    $writer.Write("Hello from PowerShell Server!")
    $writer.Flush()
    $writer.Close()
}
$listener.Stop()

[github-actions]

Thank you for creating an Issue. Please note that GitHub is not an official channel for Microsoft support requests. To create an official support request, please open a ticket here. Microsoft and the GitHub Community strive to provide a best effort in answering questions and supporting Issues on GitHub.

[winkingturtle-vmw]

@ntrappe-msft Can you please triage this issue ? This is quite an important issue with Windows Server 2025.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
no assignees, please provide an update or close this issue.

[winkingturtle-vmw]

Pinging to keep this issue open

[winkingturtle-vmw]

Pining to keep this issue open