I have just started experimenting a bit with macvlan and ipvlan(l2) as it might be useful in some parts of my homelab. I have done a bit of research, but there are some questions I am struggling to find an answer to.

I am wondering about the security aspect of using macvlan/ipvlan vs bridge network. Is it correct to say that a container with macvlan is less isolated than one on a bridge network (even though it might have mapped ports)?

As I understand Docker handles firewall rules (iptables) on the host when exposing container ports on a bridge network. Are containers with macvlan/ipvlan fully exposed externally without any firewall protection and more vulnerable to attack? If so are the there additional security hardening measures one should do when a container is using either of those network drivers?