after rereading Nftables vs dockerd a few more times
ip a | grep :\ br- to list all existing bridges
docker network create my_network
ip a | grep :\ br- look for a new bridge device in my case br-09996da2c762
service dockerd stop
service dockerd uciadd myNetwork br-09996da2c762 myzone
service dockerd start
in /etc/config/firewall
config zone
option name myzone
list device br-09996da2c762 << add this line
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
config forwarding
option src myzone
option dest wan
reboot and now internet inside the docker container works