At some level docker has to do this because it creates an abstraction that your containers are their own little devices with their own IP address. For your host machine to talk to them and vice/versa it has to be able to route traffic to them. I don't think docker flips on routing globally for all interfaces though.