UFW confusion (or linode?)

Soo I signed up for linode, created an ubuntu server and trying to nail down the firewall. Issue is definitely me - I think - not understanding UFW. Sudo ufw status verbose, shows the below. Yet from home, when I run nmap against it, I see one of my container’s port exposed (9091 - authelia). At first blush, it looks like ti’s default deny.

Or when I run nmap, am I scanning their equipment instead of my own (because of some black magic being used to share that public IP)? When I stop the authelia container, 9091 is no longer open so this leads me to believe it’s my server?

What am I missing?

(51820 is for wireguard but is connecting another server separate from where I ran nmap)

docker@linode:~/containers/security$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To Action From


51820/udp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
(SSH)/tcp ALLOW IN Anywhere
51820/udp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
(SSH)/tcp (v6) ALLOW IN Anywhere (v6)