It’s implemented by a systemd-nspawn option: --network-bridge=. The bridge device is required to allow connections
- to/from the container
- to/from the host
- to/from the rest of the network
it is like sharing the physical network interface with the host.