Hi!

Since version 4.18 of the Linux kernel [1], bridges support the 
BR_ISOLATED flag which allows to disable communications between ports 
declared as private (similar to PVLANs).

This feature is already supported by libvirt [2].

Would you be interested in adding support for this feature?
If so, I have a short patch (probably not tested enough, but it could be 
a good start nonetheless) to add support in the web manager, LXC and 
QEMU (by adding a private=1 property in the net definition).

Best regards,

[1]: 
https://patchwork.ozlabs.org/project/netdev/patch/20180524085648.5934-1-nikolay@cumulusnetworks.com/
[2]: https://www.redhat.com/archives/libvir-list/2020-February/msg00596.html

-- 
Tom Barthe