Issues with firewalling docker using docker-user

I try to make the access to docker containers available only from specific nodes

therefore I added a rule to the docker-user chain like this:

The problem is that now access from another host is restricted, but from containers on the same host I can still access

I tried out the following commands alternatively:

iptables -I DOCKER-USER -i enp0s8  -m set ! --match-set white_list src -j DROP
iptables -I DOCKER-USER  ! -s -j DROP
iptables -I DOCKER-USER   -m set ! --match-set white_list src -j DROP

And I disabled icc

Any ideas why this is still not blocked?