Not sure if this is the best place for this.

I have an app on a multi-homed system. Let’s call is ssh. I want to isolate the app to a physical nic.
I’m assuming I want a custom bridge or macvlan network. but I cannot seem to get either to work.

Abstract:

• host system with multiple nics
• docker container run --network=netA ssh
  • ssh to system A over nic A
  • cannot access system B on nic B
• docker container run --network=netb ssh
  • ssh to system B over nic B
  • cannot access system A on nic A

Any help would be greatly appreciated

I don’t think you can do that. as the docker Host is the gateway to the containers. I’m not aware of a way to run multiple virtual gateways at the same time on the same docker host.

If I understand your quest correctly, I think the thing you want to do is to bind the container’s ssh port to a physical nic. You can effectively do that with the command:

docker container run -p "<ip address of nic A>:22:22" ssh

or

docker container run -p "<ip address of nic B>:22:22" ssh

Now this won’t by itself necessarily prevent access from system B as possibly system B can route to ip address of nic A. If so, then you’d need to update your firewall (either network firewall or host firewall) to prevent such traffic.

If there isn’t any routing between the two networks, you should be fine.

See https://docs.docker.com/engine/userguide/networking/default_network/binding/ for details.