LXD Firewall on host / blocks container


I installed on my debian machine over snap lxd.
I have two containers, one a nginx proxy the second a nginx webserver with some static content.
Everything works perfectly and I reached my site from outside over port 80 and 443.
Now I tried to enable my firewall (ufw) with this commands:

ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw enable

When I do this, I can still reach my site but in the container I can not update the system with apt-get update or reach the internet.
What am I missing here? And how can I fix it to use a firewall on my host system.

UFW’s policies block the needed traffic. These extra firewall rules (on the host) allow it in my case:

iptables -I ufw-user-input   1 -i lxdbr0 -j ACCEPT
iptables -I ufw-user-output  1 -i lxdbr0 -j ACCEPT
iptables -I ufw-user-forward 1 -i lxdbr0 -j ACCEPT