Issue: I’ve seen suggested that binding ports to specific local interfaces in order to limit availability, is said to not work in macOS 14.8.3. I did that anyway.

While developing I had suspicious calls coming from somewhere, which I thought strange at first (before learning a bit about how Docker sets this up) as I had two fw blocking, macOS and router, and one service was only on a docker network. 3 ports showed open when scanned, including http and https.

What I did:
I noticed ports were closed if I removed them from the main web service, but once put back, which I kind of had to, as I couldn’t get to the web server locally either, these 2 ports were open. Why the third now was closed I don’t know.

Despite advice and, I think, documentation I bound the ports
ports:
- ‘127.0.0.1:80:80’
- ‘127.0.0.1:443:443’

and web service is now available locally and ports are closed to the rest of the external world. Maybe this was already known, but if so there this is again.

I am trying to understand the topic. Is it a bug report, a question or you just wanted to let us know how you managed to forward requests to containers only from the loopback IP (127.0.0.1) of the Mac host?

You can indeed do that. I’m not sure, what you found in the documentation that indicated the opposit. Cany ou share the link to that page in the documentation?

What you cannot do with Docker Desktop is using a real host network and make a process in containers actually listen on the physical host. 127.0.0.1 always points back (= loop back) to the local environment. If it is a container than to the container in the virtual machine. When host network is used, that to the virtual machine (part of Docker Desktop) and Docker Desktop’ host network just routes traffic between the loopback IPs of the host and the containers.