UFW not working with EE4 docker setup

UFW does not block outside access on EE4. Can we get a change in the next EE release that isolates the containers so they are not accessible outside the VM?

The goal is to have every site use CloudFlare as a proxy, then block all external 80/443 traffic except for CloudFlare.

Also would like a solution for this. It seems an important security issue.