I have a user-defined bridge network with a CIDR block that allocates a few IPs. I’ve attached some static IPs to my services like NGINX and a custom app.

I created a busybox container in host network mode on my machine and realize I’m able to ping and connect to the services running in the user-defined bridge network, despite this container running on the host. Is this normal? For some reason, I was thinking that the isolation would prevent this, but maybe all host communication is allowed into all bridge networks by default?

The host has an ip in every bridge network, that’s right.
As such, (only!) the host can access every ip in every local bridge networks.

Though, you can not communicate from one bridge network to other bridge networks - a container must be attached to the networks to reach another container within that network.

Phew, thanks for clarifying, that makes so much more sense!