I do not understand what you mean by "priority over the system ones"
A docker container can have internal ports exposed explicitly, or use host networking. In any case these are ports exposed by the docker-proxy executable - an executable like any other on the system.
Then come the iptables rules of the system (which open or not data flow to the ports exposed by docker-proxy).
Taking precedence was not the ideal word - it uses the same ip tables, but it inserts its own table as the first one. Therefore it 'ignores' system rules, which might come at a surprise.
A docker container can have internal ports exposed explicitly, or use host networking. In any case these are ports exposed by the docker-proxy executable - an executable like any other on the system.
Then come the iptables rules of the system (which open or not data flow to the ports exposed by docker-proxy).
Or is it different?