[bobuk]

There's no problem if you use only basic iptables rules but ufw use iptables in a very complicated way. If you want ufw and docker to play well together, you have to disable docker's iptables manipulations or use ufw-docker as the author. More about that at ufw-docker documentation https://github.com/chaifeng/ufw-docker

[nirui]

The solution mentioned in chaifeng/ufw-docker is not beautiful too, because now you have to configure UFW each time after you deployed a new container since the IP address of each container is different. And you probably don't want to use an IP range for UFW because that will bring you right back to square one.

A better solution is to use an ingress controller such as Trafik and expose it to the Internet. Then when deploy later containers, don't use `-p` at all, instead, ask Trafik to route the traffic to the container.