[DOCS] Add warning about Docker port exposure (#50169)

Docker bypasses the Uncomplicated Firewall (UFW) on Linux by editing the `iptables` config directly, which leads to the exposure of port 9200, even if you blocked it via UFW.

This adds a warning along with work-arounds to the docs.

Signed-off-by: Kovah <[email protected]>

Author: Kovah

docs/reference/setup/install/docker.asciidoc

@@ -87,6 +87,12 @@ endif::[]
 This sample Docker Compose file brings up a three-node {es} cluster.
 Node `es01` listens on `localhost:9200` and `es02` and `es03` talk to `es01` over a Docker network.
 
+Please note that this configuration exposes port 9200 on all network interfaces, and given how 
+Docker manipulates `iptables` on Linux, this means that your {es} cluster is publically accessible, 
+potentially ignoring any firewall settings. If you don't want to expose port 9200 and instead use 
+a reverse proxy, replace `9200:9200` with `127.0.0.1:9200:9200` in the docker-compose.yml file.
+{es} will then only be accessible from the host machine itself.
+
 The  https://docs.docker.com/storage/volumes[Docker named volumes]
 `data01`, `data02`, and `data03` store the node data directories so the data persists across restarts.
 If they don't already exist, `docker-compose` creates them when you bring up the cluster.