Let Docker Containers access the internet and nothing else

I am running a number of Docker Containers with untrusted code.

I would like to allow those Containers to access the internet, but do not want them to be able to access any other part of the network. They should also not be able to access each other.

Ideally, I would also like to be able to restrict them to only particular websites.

Source: StackOverflow