While the use of containerization technologies for virtual application deployment has grown at an astonishing rate, the question of the robustness of container networking has not been well scrutinized from a security perspective, even though inter-container networking is indispensable for microservices. Thus, this paper first analyzes container networks from a security perspective, discussing the implications based on their architectural limitations. Then, it presents Bastion+, a secure inter-container communication bridge. Bastion+ introduces ( $i$ ) a network security enforcement stack that provides fine-grained control per container application and securely isolates inter- container traffic in a point-to-point manner. Bastion+ also supports ( $ii$ ) selective security function chaining, enabling various security functions to be chained between containers for further security inspections (e.g., deep packet inspection) according to the container’s network context. Bastion+ incorporates ( $iii$ ) a security policy assistant that helps an administrator discover inter-container networking dependencies correctly. Our evaluation demonstrates how Bastion+ can effectively mitigate several adversarial attacks in container networks while improving the overall performance up to 25.4% within single-host containers and 17.7% for cross-host container communications.