diff --git a/libnetwork/netavark/config.go b/libnetwork/netavark/config.go
index 8b43a787e..33ef26acf 100644
--- a/libnetwork/netavark/config.go
+++ b/libnetwork/netavark/config.go
@@ -207,6 +207,10 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 				if len(value) == 0 {
 					return nil, errors.New("invalid vrf name")
 				}
+			case types.ModeOption:
+				if !slices.Contains(types.ValidBridgeModes, value) {
+					return nil, fmt.Errorf("unknown bridge mode %q", value)
+				}
 			default:
 				return nil, fmt.Errorf("unsupported bridge network option %s", key)
 			}
diff --git a/libnetwork/types/const.go b/libnetwork/types/const.go
index a91618200..a90e0aeeb 100644
--- a/libnetwork/types/const.go
+++ b/libnetwork/types/const.go
@@ -53,6 +53,9 @@ const (
 	Netavark NetworkBackend = "netavark"
 )
 
+// ValidBridgeModes is the list of valid mode options for the bridge driver
+var ValidBridgeModes = []string{IPVLANModeL2, IPVLANModeL3}
+
 // ValidMacVLANModes is the list of valid mode options for the macvlan driver
 var ValidMacVLANModes = []string{MacVLANModeBridge, MacVLANModePrivate, MacVLANModeVepa, MacVLANModePassthru}