Merge pull request #3842 from jpoimboe/iptables-insert-masq

network: insert masq rule

network.go

@@ -327,7 +327,7 @@ func newNetworkManager(config *DaemonConfig) (*NetworkManager, error) {
 		natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}
 
 		if !iptables.Exists(natArgs...) {
-			if output, err := iptables.Raw(append([]string{"-A"}, natArgs...)...); err != nil {
+			if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {
 				return nil, fmt.Errorf("Unable to enable network bridge NAT: %s", err)
 			} else if len(output) != 0 {
 				return nil, fmt.Errorf("Error iptables postrouting: %s", output)