Docker Community Forums

Share and learn in the Docker community.

Connect containers only to host - no nat

I am new to working with docker and I cant come up with a solution to the following problem:

I am using Docker Desktop for Windows with windows containers and I want to create a network in which multiple containers can see each other and the host. The host also needs to see the containers.
So far, NAT is working for me as networking mode. But there is one big problem:
I dont want the containers to see anything ‘behind’ the host. They must not see the network my host is connected to and they must not see the internet.
I searched the internet for hours and I cant find a working solution for this. At first I thought, l2bridge was made for what I am aiming for. But I cant get the containers to see the host anymore and vice versa.
It would be fine for me if I could just make some simple rule using the windows firewall, but somehow, the traffic of the containers is not going through the firewall on the host. I can create a rule in the windows firewall to block all traffic and the containers can still ping google.
Does anyone have an idea how I can resolve my problem?
Thanks in advance!