Why isn't UFW blocking my PostgreSQL service running in a Docker container?
I've set UFW to allow only 22, 80, and 443. Why is my PostgreSQL container still accessible?
UFW and nmap can sometimes have a discrepancy in which ports they show as open, as stated in this StackExchange post. With Docker, though, it's also worth noting that Docker makes changes directly to iptables. UFW is a wrapper program for iptables, so if iptables is directly changed, your UFW output will differ from the output of services like nmap. Use of the -p flag (to publish services to ports) with your Docker containers will result in these ports being shown as open. Something you may want to try if you want to continue using -p is to edit your
/etc/docker/daemon.json file so that it does not affect iptables.