Block container access to internet but still have a port open for access

Question

What I am trying is to create a container isolated otherwise but having a port open for access from outside. I'd like to keep it so that container can't access internet.

I have internal network and container that has a single port open for accessing the service.

example docker-compose.yml:

version: '3.8'

networks:
  vaultwarden:
    driver: default
    internal: true

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    ports:
      - 8050:80
    stdin_open: true
    tty: true
    volumes:
      - /home/user/password_test:/data/
    environment:
      - WEBSOCKET_ENABLED=true
      - ROCKET_WORKERS=8
    networks:
      - vaultwarden

It seems to work, service is accessible in localhost:8050 and from the container I can't access internet.

Still I am wondering is this right way to do it?

EDIT: I'm using podman-compose where this works but in docker-compose I have to put bridge instead of default. And it seems with docker this solution does not work at all