Docker and UFW
From OISecWiki
When running docker on a host and trying to secure it with UFW, i've ran into some problems where the docker exposed ports supersede UFW. Thus making these ports available for everyone.
To fix this do the following.
Add the following lines in /etc/ufw/after.rules, just before the final COMMIT line.
:DOCKER-USER - [0:0] :ufw-user-input - [0:0] -A DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A DOCKER-USER -m conntrack --ctstate INVALID -j DROP -A DOCKER-USER -i ens3 -j ufw-user-input -A DOCKER-USER -i ens3 -j DROP
Now reactivate UFW by running ufw reload