You probably replied to an AI, so I would not expect many new replies, but when using a rootless Docker, the Docker daemon is isolated and has its own network namespace, so even communicating with the host is tricky as far as I remember, depending on the network driver chosen for rootless kit.
If you want to access a container port from the outside through a web browser, but you don’t want to allow the container to have internet access, you could use a solution that I made for Docker Desktop, but a rootless Docker is similar. You can run a web browser in a container to access another container that has only an “internal” network without internet access. You can still acesss the webbrowser container, because that has a public docker network.
I tested it with rootless Docker now.
This web browser is just one tool that you can use if you want, but the proxy also forward the request directly to the app container instead of a web-based remote desktop, so you could use curl from the host to acess an API for example, but the app container would not be able to send requests to the internet, only to the proxy container, which would not forward it to the internet.
If you want communication from the container to the host only, I never tried it, but my first idea is what I wrote for using host.docker.internal with Docker CE. I would probbaly try to use another container on an internal network s a poxy for the outside world which forwards requests to a unix socket. Another container would run on the host network which would only forward the requests coming through the socket to the actual host’s loopback IP on a specific port.
https://forums.docker.com/t/host-docker-internal-in-production-environment/137507/4?u=rimelek