security – How to prevent docker container from accessing my local network?

I have some website in Docker containers running on my NAS and exposed to the outside world via port forwarding. I thought that is rather save, because even if the container gets hacked, no big deal. But I noticed that when I get access to my docker containers, I am basically inside my local network. I can then use different less secure ports on my computers or NAS, which I purposely have not exposed to the outside world.

Is there a way to prevent my docker containers from accessing my local network?

Preferably a solution with onboard tools from Synology DSM or Docker.