Validate networking lines of sight
08 Jan 2026
Table of Contents
So, you think set up your firewall correctly? Want to double-check? Below I wrote 2 little PowerShell/Pester scripts to help validate actual lines of sight, once you know what you intended to implement.
For example, if you think you’ve locked down a privately networked GitHub Actions CI/CD pipeline runner to only have access to GitHub.com and NpmJS.com, you might want to run these snippets from within a GitHub Action CI/CD pipeline’s YAML file, validating that it can reach NPM but can’t reach NuGet.org.
Validate a URL is actually reachable
This one makes sure you actually can, networking-wise, reach https://secured-server.example.com/something_or_other (replace it with your own expected-allowed URL, of course).
- Note: The code below presumes it’s supposed to return a
200status code once you make it past network filtering. If that’s not how your URL behaves, you might need to edit the code to better match your reality.
Describe "Expected-allowed server works" {
BeforeAll {
$expected_yes_http_response = $null
$expected_yes_http_request_splat = @{
'Method' = 'GET'
'Uri' = 'https://secured-server.example.com/something_or_other' # The expected-ALLOWED (reachable) URL
}
$expected_yes_http_response = Invoke-WebRequest @expected_yes_http_request_splat |
Select-Object -Property @('StatusCode')
}
# Validate
It "should return a status code of 200" {
$expected_yes_http_response.StatusCode | Should -Be 200
}
}
Validate a URL is actually blocked
This one makes sure you are blocked, networking-wise, from trying to reach http://10.255.255.1/test (replace it with your own expected-allowed URL, of course).
Describe "Expected-denied server fails" {
BeforeAll {
# Make a request against expected DENIED
$expected_no_socket_exception_message = $null
$expected_no_http_request_splat = @{
'Method' = 'GET'
'Uri' = 'http://10.255.255.1/test' # The expected-DENIED (blocked) URL
}
try {
Invoke-WebRequest @expected_no_http_request_splat
}
catch [System.Net.Sockets.SocketException] {
$expected_no_socket_exception_message = $_.ErrorDetails.Message
}
}
# Validate
It "should timeout because no line of sight" {
$expected_no_socket_exception_message | Should -Not -BeNullOrEmpty
}
}