Blocking ports on a running Docker container can be a bit tricky, it took me some time to figure out how to do it, basically, Docker assumes control of the IP Tables of the host system, this is why UFW will not work to block ports etc. Also many people say to commit the container to the image and simply restart it and forward the proper ports. However, this solution was not something we could do, as it was running a crucial service, that we needed to control. Essentially you write a couple of custom rules for the IP tables. See below:
# sudo iptables -I DOCKER -p tcp --dport 22 -j DROP
This rule will block the ssh port from your host machine to the running container.
# sudo iptables -I DOCKER -p tcp -s 192.168.0.10 --dport 22 -j ACCEPT
This rule will allow the ssh port from your host machine to the running container from a specific IP Address.
# sudo iptables -I DOCKER -p tcp —dport 22 ACCEPT
this rule reverses the port block that we did earlier.
As you can see its actually fairly simple to do, this will block ports on running docker containers.