diff --git a/libnetwork/iptables/iptables.go b/libnetwork/iptables/iptables.go
index 03c10745fd..a74ac572fb 100644
--- a/libnetwork/iptables/iptables.go
+++ b/libnetwork/iptables/iptables.go
@@ -89,19 +89,32 @@ func (e ChainError) Error() string {
 	return fmt.Sprintf("Error iptables %s: %s", e.Chain, string(e.Output))
 }
 
-func probe() {
+func detectIptables() {
 	path, err := exec.LookPath("iptables")
 	if err != nil {
-		logrus.Warnf("Failed to find iptables: %v", err)
+		logrus.WithError(err).Warnf("failed to find iptables")
 		return
 	}
-	if out, err := exec.Command(path, "--wait", "-t", "nat", "-L", "-n").CombinedOutput(); err != nil {
-		logrus.Warnf("Running iptables --wait -t nat -L -n failed with message: `%s`, error: %v", strings.TrimSpace(string(out)), err)
+	iptablesPath = path
+
+	if out, err := exec.Command(path, "--wait", "-L", "-n").CombinedOutput(); err != nil {
+		logrus.WithError(err).Infof("unable to detect if iptables supports xlock: 'iptables --wait -L -n': `%s`", strings.TrimSpace(string(out)))
+	} else {
+		supportsXlock = true
 	}
-	_, err = exec.LookPath("ip6tables")
+
+	mj, mn, mc, err := GetVersion()
 	if err != nil {
-		logrus.Warnf("Failed to find ip6tables: %v", err)
-		return
+		logrus.Warnf("Failed to read iptables version: %v", err)
+	} else {
+		supportsCOpt = supportsCOption(mj, mn, mc)
+	}
+
+	path, err = exec.LookPath("ip6tables")
+	if err != nil {
+		logrus.WithError(err).Warnf("unable to find ip6tables")
+	} else {
+		ip6tablesPath = path
 	}
 }
 
@@ -113,35 +126,11 @@ func initFirewalld() {
 		return
 	}
 	if err := FirewalldInit(); err != nil {
-		logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
-	}
-}
-
-func detectIptables() {
-	path, err := exec.LookPath("iptables")
-	if err != nil {
-		return
-	}
-	iptablesPath = path
-
-	supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
-	mj, mn, mc, err := GetVersion()
-	if err != nil {
-		logrus.Warnf("Failed to read iptables version: %v", err)
-		return
-	}
-	supportsCOpt = supportsCOption(mj, mn, mc)
-
-	path, err = exec.LookPath("ip6tables")
-	if err != nil {
-		return
-	} else {
-		ip6tablesPath = path
+		logrus.WithError(err).Debugf("unable to initialize firewalld; using raw iptables instead")
 	}
 }
 
 func initDependencies() {
-	probe()
 	initFirewalld()
 	detectIptables()
 }
@@ -554,6 +543,9 @@ func (iptable IPTable) raw(args ...string) ([]byte, error) {
 	path := iptablesPath
 	commandName := "iptables"
 	if iptable.Version == IPv6 {
+		if ip6tablesPath == "" {
+			return nil, fmt.Errorf("ip6tables is missing")
+		}
 		path = ip6tablesPath
 		commandName = "ip6tables"
 	}