Hello,

On my Centos 7.6, kernel 3.10.0-957.1.3, docker 1.13.1-88-git07f3373, I want to implement this network configuration with docker.

I want to have an external system that can communicate only with a dedicated container hosted on the CentOS.

I have the external system connected to the port 5 in the vlan 5 to a switch.

I have the CentOS server connected to the port 1 of the switch, this port is in trunk mode (802.1q).

On the CentOS server I have these interfaces:

eth1 physical interface connected to the switch trunk (802.1q) with no ip.
eth1.5 with no ip for the 802.1q.
veth1.5 interface of the container with no ip
virbr1.5 a bridge with eth1.5 and veth1.5

The container have the ip.

I have arptables and iptables rules applied on the bridge interfaces, to authorise only the external system to communicate with the container.

How can I implement this with docker ?

Best regards.

Francis