Typical setup:
$ ufw default deny incoming
$ ufw allow 22 # SSH
$ ufw allow 80 # HTTP
$ ufw allow from 10.0.1.25 to any port 5432
In multi host environment you need to publish ports:
$ docker run -d -p 5432:5432 postgres:9.5
You still can access the host from unrestricted machines:
$ psql -h ip-address mydb
Docker and UFW