[Dylan16807]

-p explicitly asks for forwarding, it doesn't ask for it to be applied before firewall rules.

[masom]

The issue is UFW ignoring other firewall rules, Docker just adds itself to iptables, but UFW actively ignores other chains. The bug is on UFW being insecure by design.