@Sascha_B's post clearly explains the odd leftover Docker interface, but not why Unraid chose to split the address space for shim interface routing rules in half. My home network is a /16 and for some reason, just like in @tknx's case, I have two /17 rules rather than a single /16. This being the default behavior is also confirmed by this guide I was following, which "fixes" the fact that Unraid often fails to create the shim interfaces altogether with a script to automatically create the routes on array start—the poster also splits the /24 route into two /25s in his script.
I haven't tested what will happen if you use a single /16 rule, although I can't see why it shouldn't work all the same—this is all but clearly the doing of some spaghetti code on Unraid's part. Besides, the only difference should be that this way a container with its IP at exactly half the address space (network address of the 2nd subnet, or the bogus "broadcast" IP of the 1st subnet preceding it) will not route properly.
I doubt the "Host access to custom networks" option does anything more than create this interface and the two weird rules, so it should probably be safe to set the option to Disabled and replace it with the solution linked above but using a single forwarding rule. I'll do a few tests and report on my findings, probably create a bug report.