Bind Rancher managed network to a specific eth interface on the host?

Let’s say I have a Rancher agent with two network interfaces

  • eth0: (public network interface)
  • eth1: (private network interface)

I would like for the exposed port on the container to only be available in the private network interface. Currently I can accomplish this by setting --ip=$eth1 in the docker daemon and run the docker image in Rancher with network set to bridge.

Ex of what I want:
curl $eth0 <- doesn’t work
curl $eth1 <- works

Is it possible to accomplish the same thing with network set to managed? I tried but the container is accessible via both interfaces.

For a single container I guess I can put in the source ip address directly into docker-compose/ui, but how would I do that if I want to scale out the container across multiple hosts? Thanks