Docker networking defaults have been tightened up but per https://github.com/moby/moby/issues/22054#issuecomment-28714...:
the default binding address is still 0.0.0.0.
There are now rules in raw-PREROUTING to drop packets sent from outside the host to container addresses, and to ports mapped to the loopback address. Rules in the filter-FORWARD chain no longer depend on its default policy.
Docker networking defaults have been tightened up but per https://github.com/moby/moby/issues/22054#issuecomment-28714...:
the default binding address is still 0.0.0.0.
There are now rules in raw-PREROUTING to drop packets sent from outside the host to container addresses, and to ports mapped to the loopback address. Rules in the filter-FORWARD chain no longer depend on its default policy.