I consider myself pretty docker savvy. I had no idea about this footgun, and my brain is full of all kinds of docker minutiae.

Everyone knows docker runs as root, and therefore be careful using it, just as you would sudo. It seems this is a major fail in docs.

I kinda get why it's the default, but it needs to be made way better known that by default -p punches a hole through ufw.