Serialize non-atomic jump rule programming in bridge

Signed-off-by: Alessandro Boch <aboch@docker.com>

libnetwork/controller.go

@@ -714,7 +714,9 @@ func (c *controller) NewNetwork(networkType, name string, id string, options ...
 
 	joinCluster(network)
 	if !c.isDistributedControl() {
+		c.Lock()
 		arrangeIngressFilterRule()
+		c.Unlock()
 	}
 
 	return network, nil

libnetwork/drivers/bridge/setup_ip_tables.go

@@ -114,7 +114,10 @@ func (n *bridgeNetwork) setupIPTables(config *networkConfiguration, i *bridgeInt
 		n.portMapper.SetIptablesChain(natChain, n.getNetworkBridgeName())
 	}
 
-	if err := ensureJumpRule("FORWARD", IsolationChain); err != nil {
+	d.Lock()
+	err = ensureJumpRule("FORWARD", IsolationChain)
+	d.Unlock()
+	if err != nil {
 		return err
 	}