Docker needs to be configured to prevent leaking container ports to the outside world and there are two approaches, depending on your version of Ubuntu installed.
For sysvinit and upstart based systems, you can edit /etc/default/docker and change the docker options ENV var to DOCKER_OPTS="-r=false --iptables=false".
Since I'm using Ubuntu v16.x LTS running systemd I performed the following
$ mkdir /etc/systemd/system/docker.service.d
$ cat << EOF > /etc/systemd/system/docker.service.d/noiptables.conf
[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// --iptables=false
EOF
$ service docker restart
Initially, nmap reported this port as open 6379/tcp open unknown, however, with the above service drop-in activated by restarting the docker service and ensuring ufw is active, this port is now shown as filtered (since ufw blocks all non-whitelisted inbound access) —
-> % ufw allow 22/tcp
-> % ufw enable
-> % nmap -P0 128.xxx.xxx.xx -p 6379
Starting Nmap 7.12 ( https://nmap.org ) at 2017-03-01 18:32 IST
Nmap scan report for 128.xxx.xxx.xx
Host is up.
PORT STATE SERVICE
6379/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds