Docker Network firewalling for Kasm Worskpace

Hello, I recently installed an instance of Kasm Workspace on my Ubuntu server and created an account for a friend. However, the containers on the Kasm network can access the other containers, the host, the Internet and the LAN machines on my network, which I don’t want.

How can I severely restrict what containers can do in this network? I’d like them to be able to do only the following things:

  1. Access the Internet
  2. Not access the host hosting my containers (192.168.1.200) except by DNS on UDP port 53.
  3. No access to any LAN machine (192.168.1.0/24)

I don’t have the means or infrastructure to set up a firewall with a DMZ… I’ve already done some research on IPtables but haven’t found anything convincing.

Thanks for the help!

My configuration:
Docker release: Docker version 27.1.1, build 6312585
My current OS:
PRETTY_NAME=“Debian GNU/Linux 12 (bookworm)”
NAME=“Debian GNU/Linux”
VERSION_ID=“12”
VERSION=“12 (bookworm)”
VERSION_CODENAME=bookworm
ID=debian