Hey, hello guys,

I have to deal with L2 VLAN tagged traffic between some container and an ipsec tunnel. The tunnel create a tap interface in my host machine and I initialy though that it would have been a good idea to create a macvlan network to conect the container with the tap interface :

docker network create -d macvlan -o parent=tap0 --subnet=x.x.x.x/y --gateway=z.z.z.z L2traffic
docker run -itd --ip=r.r.r.r --network=L2traffic --name=L2_test alpine

This setup worked fine, but didn’t allow me to control the network traffic between the tap adapter and the container.

At the end, for my specific need, it would be nice to setup a container with a virtual ethernet veth attached and no bridge/macvlan device configured, just a plain veth that connects the container to the host system, so that i can manually manage traffic by setting up rules with iptables in the host system.
Is it possible to create such a setup with docker? do i need to manually deal with the net namespace that docker create?

Thanks you and have a nice day!
Elia