@Strum355 I haven’t used a VLAN filtering bridge before, but I had a quick look at the docs.
But my understanding is that in order for the containers on the VLANs to communicate with the host you would need the host to have a VLAN interface in each VLAN. Is this your understanding too?
This would also mean you’d need the DHCP server to be listening on all of those host-side interfaces too.
In effect I believe you’re proposing a peer-to-peer link between host and container using a single bridge and multiple VLANs?
If this is the case, I’d be tempted to explore using plain bridged mode with an LXD managed bridge, and then adding additional firewall rules to the bridge (using ebtables or bridge aware iptables) to isolate container traffic so they can only talk to the host and vice versa.
We’ve recently added IP spoof protection to LXD (see LXD 3.15 has been released) which would do some of the job for you. We’ve talked about adding isolation mode too in the future.
An alternative to this would be to use the p2p NIC type, and then setup IP addresses inside the containers manually, and setup host routes and ARP proxy entries manually. As this would provide a private peer-to-peer link between each container to the host (not bridged), and then you can control whether the host routes packets between interfaces or not.
We are looking to automate this sort of setup in a future version of LXD, called “routed” mode, and we added initial support for it in LXC recently (Weekly Status #106).