Docker has a `DOCKER-USER` chain where the user can inject their own rules before docker's rules are run.
But even then, the user flat out should not be using `-p` unless they want to expose the service outside of the machine. That is the well documented networking model of docker. Docker also includes a network abstraction that should have been used here to give access to other services that need it and isolate it from the things that don't.
Docker has a `DOCKER-USER` chain where the user can inject their own rules before docker's rules are run.
But even then, the user flat out should not be using `-p` unless they want to expose the service outside of the machine. That is the well documented networking model of docker. Docker also includes a network abstraction that should have been used here to give access to other services that need it and isolate it from the things that don't.