Don’t you have a firewall/router in front of the host, anyway? Using a bridge and separate IPs allows to use a single dhcp server, and use default ports (like http ports 80 and 443) to all the IPs without conflicts (at least locally if behind a NAT).
But it could be that the iptables that the freedombox usually manages locally don’t work in an LXC container?
If needed it may still be possible to configure some bridge based packet filtering on the host.