Issues with firewalling docker using docker-user

Hello,
I try to make the access to docker containers available only from specific nodes

therefore I added a rule to the docker-user chain like this:


The problem is that now access from another host is restricted, but from containers on the same host I can still access

I tried out the following commands alternatively:

iptables -I DOCKER-USER -i enp0s8  -m set ! --match-set white_list src -j DROP
iptables -I DOCKER-USER  ! -s 192.168.65.90 -j DROP
iptables -I DOCKER-USER   -m set ! --match-set white_list src -j DROP

And I disabled icc

Any ideas why this is still not blocked?