I think you will need to do this with your firewall/iptables as opposed to relying on docker. I had to setup something similar due to VPN requirements. If you’re interested my recent post may be of use to you.

Basically you turn off docker’s iptable manipulation and then configure your own rules to keep things running without the hidden black magic.