The semantic of parent in network devices and attributing ipv4 address

Hi,
For example I have a container container which is connected to two networks networkbr0 via a bridge device called net0 (where networkbr0 is its parent) and networkbr1 via a bridge device called net1container now has two nic devices.

Say that networkbr0 ipv4.addres : 10.96.164.1/24 ; logically, net0 normally would have an ipv4.address that belongs to that subnet contrary to what I could do by re-configuring it to an ipv4.address of another network – 196.1.1.5 as an example.

Can someone clear these concepts to me?

I think you’re asking whether there is anything stopping you from configuring an arbitrary IP inside a container on an interface connected to a bridge network?

Normally the configured address and subnet on a managed LXD bridged network is used to run a DHCP service on the LXD host so that containers can get an IP in the same subnet and reach the host as the default gateway in order to reach the wider network via NAT.

However there is nothing to stop the container changing its IP in the default configuration.

If you want to filter such traffic you may want to look at the filtering features on bridged NICs:

https://linuxcontainers.org/lxd/docs/master/instances#nictype-bridged

security.mac_filtering	boolean	false	no	Prevent the instance from spoofing another's MAC address
security.ipv4_filtering	boolean	false	no	Prevent the instance from spoofing another's IPv4 address (enables mac_filtering)
security.ipv6_filtering	boolean	false	no	Prevent the instance from spoofing another's IPv6 address (enables mac_filtering)