Hey there, is there any way to block ports or change them for containers in a macvlan?

Use case 1: adguard home should serve it’s web UI only via traefik, not via the macvlan IP. The DNS service shall be offered on the macvlan IP.

Use case 2: Other containers like home assistant offer their web UI on ports like 8123. It might be nice to have them serve on port 80.

Of course I could do without a port blocking/change feature, but if there was a chance, it’d be nice to know.

kind regards!

I am afraid both of your use cases are not supported by container macvlan child interfaces. You want bridge/overlay network behavior (support of dns, port publishing) with a network driver that doesn’t support that features.

Either you want to have the containers to use a standalone mac/ip and have them network-wise behave like they are dedicated machines on your network or you don’t.

If the container does not provide a configuration to run its web frontend on port 80, then you have to live with whatever port the applications runs in the container.

When it commes to dns: home grade wan-routers should have a build in dns that allows to set hostnames for the devices in the network - the macvlan containers are just that.

thanks for the quick clarification!