Anyway I found a way to isolate my container into the stack
such as an example app running into managed network
while db running into host network with a scheduling of :
the host must have a service with the name value ${stack}/%{service_name}
so in that case only this app could communicate to this database