TIL :

Note: With hairpin NAT enabled (--userland-proxy=false), containers port exposure is achieved purely through iptables rules, and no attempt to bind the exposed port is ever made. This means that nothing prevents shadowing a previously listening service outside of Docker through exposing the same port for a container. In such conflicting situation, Docker created iptables rules will take precedence and route to the container.

So in my usecase, it had a really awful side effect. A gossiping application was getting the server's interface as side effect of a loopback communication.