I have just started experimenting a bit with
ipvlan(l2) as it might be useful in some parts of my homelab. I have done a bit of research, but there are some questions I am struggling to find an answer to.
I am wondering about the security aspect of using
bridge network. Is it correct to say that a container with
macvlan is less isolated than one on a
bridge network (even though it might have mapped ports)?
As I understand Docker handles firewall rules (
iptables) on the host when exposing container ports on a
bridge network. Are containers with
ipvlan fully exposed externally without any firewall protection and more vulnerable to attack? If so are the there additional security hardening measures one should do when a container is using either of those network drivers?