Search documentation
Fault Injection

Blackhole Experiment

The Blackhole experiment blocks inbound and outbound network traffic. It works by dropping IP packets at the transport layer (Layer 4) of the OSI model. You can specify the types of traffic to impact using additional arguments, including port, hostname, and IP address.


The Blackhole Gremlin uses existing traffic policing features in the Linux Kernel to drop targeted IP packets.

This Gremlin does not interact with iptables, and so it does not interfere with any existing iptables rulesets.

This Gremlin requires the NET_ADMIN capability, which is enabled for Gremlin by default at installation time. See capabilities(7)


The Blackhole Gremlin uses the Windows Filtering Platform to drop targeted IP packets.


IP Addresses-i IP addressFalse0.0.1Only impact traffic to these IP addresses. Also accepts CIDR values (i.e.
Device-d interfacesFalseDevice discovery0.0.1Impact traffic over these network interfaces. Comma separated lists and multiple arguments supported. You can define multiple interfaces starting with agent version 2.30.0.
Hostnames-h hostnamesFalse^api.gremlin.com0.0.1Only impact traffic to these hostnames.
Remote Ports-p port numbersFalse^530.0.1Impact outgoing and incoming traffic to and from these remote ports. Also accepts port ranges (e.g. 8080-8085).
Local Ports-n port numbersFalse0.0.1Impact outgoing and incoming traffic to and from these local ports. Also accepts port ranges (e.g. 8080-8085).
Protocol-P {TCP, UDP, ICMP}Falseall1.5.3Only impact a specific protocol.
ProvidersWebUI and API OnlyFalse0.0.1External service providers to affect.
TagsWebUI and API OnlyFalse0.0.1Only impact traffic to hosts running Gremlin clients associated with these tags.
Length-l intFalse600.0.1The length of the experiment (seconds).