Create custom interface (network bridge) and use that for a container network

peterparker1337 · April 8, 2023, 8:05am

Hey there!

I have been trying to wrap my head around how I could add a rule to iptables that only affects a specific or a group of selected containers.

Let’s say I want to DROP all UDP packets from docker1.
I need this rule to be configured on the host system.

I thought adding a custom bridge (bridge1) to my Ubuntu system and creating a docker network on top of that bridge would be a good idea.

I think I almost got it working.

What are the required steps to give bridge1 the same capabilities like the default bridge0.

I am talking about giving containers internet access again.

This is what I have been trying:

# create bridge
brctl addbr docker1

# assign address to interface
ip addr add 172.20.0.1/20 dev docker1

# Create new docker network
docker network create --driver bridge --subnet 172.20.0.1/20 --opt "com.docker.network.bridge.name"="docker1" mynet

# create container
# docker run —network=mynet ….

# Container has no internet access, no DNS, etc