Podman containers can be started with --network=none to deny any network access. Running containers can be denied network access by disconnecting all networks according to podman-network-disconnect(1). However, for rootless containers this fails due to slirp4netns not being supported. This article says the podman network commands are for rootful containers only. (podman-network(1) does not.)
How can a running rootless container be denied network access?
