So, If I’m not mistakenly reading this through: we need to additionally create and assign ACLs to the per-project bridges (as demonstrated in Network Isolation by Project on Single Server Incus Host - #4 by stgraber) to stop instances on different projects/bridges from communicating with each other.
Does this mean that incus-user
instances of different users on a single host are not network isolated from each other by default?