How to simulate network drops for each individual Docker container at will?

I want to perform some stress-test for the applications that are run inside docker containers. Simple scenarios like turn on/off dropping all the packets for a specified IP address.

I’ve tried some tools, but none of them seem to satisfy me:

  1. Disconnecting containers from the bridge network – sadly it drops all connections, not only to the specified ips.

  2. Setting up iptables rules from inside a container – it requires a container to be launched in privileged mode, which is not a great practice (I’d like to have an approach that is suitable even for production environments).

  3. Modifying the host’s iptables also doesn’t look like an option – I’d like to create network issues for a specific container, not for all the containers on the host.

What are some possible ways I should look into?
Are there any chaos engineering tools that are to-go options for such needs?

Source: StackOverflow