Searching for a method to restrict a container's internet access, while still allowing port binds

I've recently discovered that my Podman containers are able to access my Wireguard interface which runs on the host. Since the containers don't require access to the internet, I thought that I could just set the network to none in the container's configuration, but that prevents me from binding a port within the container to the host.

I was wondering if any of you know of a relatively easy way to either prevent my Podman containers from accessing other network interfaces on the host, or to restrict all connectivity from the container while preserving the ability to bind ports. In case it isn't obvious yet, I've never been able to wrap my head around networking.

I'm using Podman version 4.3.1 on Debian 12, and all of my containers are rootless.

Thanks