What else are you running on your server? VPN?
This happens - for example- when you mess with iptables rules (firewalld, ufw, VPN, etc.).
Sounds like something is messing with the netfilter rules after Docker created the rules. When you run an update, the rules are back in order, but something changes them later on. Like masquerading everything via postrouting on every interface.