Docker containers not using vlan (or a tleast no exclusively)

[gav]

I have a Unraid server with two NICs. Interface eth0 is set to LAN on subnet 192.168.1.0/24 and eth1 set to a VLAN (4) on subnet 17.16.100.0/24. In Docker settings I have IPv4 custom network set to interface br1.4 (eh1's bridge). To test I have all firewall traffic for the interface dedicated to VLAN 4 blocked. But if run one of the docker containers interactively in console and test a curl I can still hit the web. However, if I block the 192.168.1.0/24 assigned IP address on my firewall, the same curl will not go through. I have turned off bonding and I am sure docker is only set to use b1.4. Although the internal IP for the docker container is outside the subnet (17.17.0.2), but i assume that is normal. Maybe I am misunderstanding something about how docker networks work. If anyone could help with any leads, it would be appreciated.

Edited November 9, 2019 by gav
missing words added for clarity

[gav]

 

When I check docker networks i see the macvlan dirver being used on br1.4. But when i look at the docker run command it is using `bridge`. Is there a way to manually override the bridge. I thought this is what the "IPv4 custom network" setting did. I have it only set to br1.4 . Any ideas?

 

/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='ubuntu' --net='bridge' --log-opt max-size='50m' --log-opt max-file='1' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'MAXMEM'='512' -e 'PUID'='99' -e 'PGID'='100'

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
b729fb813bc4        br1.4               macvlan             local
be200b9d7395        bridge              bridge              local