Docker EXPOSE a port only to Host

Is docker capable of exposing a port only to the host and not to the outside.

I need to put a docker running with a mongo database, and I wanted that it was only accessible from the host, but I need to link the host port 27017.

Is this possible, or do the only possible way is to change firewall definitions?


Sure, just bind it to localhost, like this:

docker run -p 127.0.0.1:27017:27017

Also: Your host can also talk to each container normally over its IP. Use docker inspect $ID to get a json dump (beside other stuff) containing the network IP.