I tried to understand the question, but I couldn’t. Especially the part about blocking ports which in my opinion has nothing to do with firefox running in a container. I could be wrong, if I misunderstand the question, but when everyone misunderstoods the question, it is good to consider that the question might be unclear, instead of insulting everyone else who tries to help. In fact, after reading the posts multiple times I got an idea, but still guess…
Since it was the second time, I removed the last post and hope a different attitude after two weeks.
By the way I wrote an entire tutorial about running firefox in a container using a different approach that works even with Docker Desktop. It is similar to what @bluepuma77 already suggested.
https://learn-docker.it-sziget.hu/en/latest/pages/advanced/kernel-namespaces-network.html#running-a-web-browser-in-a-net-namespace-in-a-vm-docker-desktop
When I’m on Linux and using Docker CE, if I want to run a web browser that has access to a service which is not puvblicly available, only in a container, I usually just run the firefox on my host machine, but as an argument of nsenter
so it runs in the network namespace of the container. That works only with a firefox that was not installed as a Snap package.
container_name="mycontainer"
network_namespace="$(docker container inspect "$container_name" --format '{{ .NetworkSettings.SandboxKey }}')"
nsenter --net=$network_namespace firefox
Of course this is not what was asked, but what could be a solution to the original problem which we don’t know.
If we are talking about the original post, just setting an environment variable will not connect the container to the graphical interface of the host. That is why you would mount a specific unix socket unless it is Docker Desktop where it is not possible so that the GUI in the container could be forwarded to a specific IP address, which I tried long time ago and I wouldn’t try to find it out again for now.
A container don’t use host ports automatically unless you forward a port from the host to the container or in case of MacVLAN or IPVLan. Even then it is not the container that uses the port, but the application that listens on it. So it would be pretty hard to suggest anything without knowing What Docker image we are talking about.
For blocking requests from other machines when using MacVLAN or IPVlan, firewalls can be used.