Hi,
for your information, it is not yet possible to communicate only via some private network interfaces (Is it possible to select on which network interface open ports?).
One option is to restrict access via some configuration external to docker (ufw ou iptable directly), and you must set the --iptables=false option in your /etc/default/docker config file (but you will have to manage every docker communication ).
Hope it helps,
Charles.