From d438fd59cdb647e57cc4d7913fa11bc78f857cac Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@docker.com>
Date: Wed, 29 Apr 2015 11:46:36 -0700
Subject: [PATCH] Port PR #11526 to libnetwork

Signed-off-by: Alessandro Boch <aboch@docker.com>
---
 libnetwork/drivers/bridge/setup_ip_tables.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libnetwork/drivers/bridge/setup_ip_tables.go b/libnetwork/drivers/bridge/setup_ip_tables.go
index e2fe7658e3..f54887bf2e 100644
--- a/libnetwork/drivers/bridge/setup_ip_tables.go
+++ b/libnetwork/drivers/bridge/setup_ip_tables.go
@@ -129,7 +129,7 @@ func setIcc(bridgeIface string, iccEnable, insert bool) error {
 			iptables.Raw(append([]string{"-D", chain}, acceptArgs...)...)
 
 			if !iptables.Exists(table, chain, dropArgs...) {
-				if output, err := iptables.Raw(append([]string{"-I", chain}, dropArgs...)...); err != nil {
+				if output, err := iptables.Raw(append([]string{"-A", chain}, dropArgs...)...); err != nil {
 					return fmt.Errorf("Unable to prevent intercontainer communication: %s", err.Error())
 				} else if len(output) != 0 {
 					return fmt.Errorf("Error disabling intercontainer communication: %s", output)
@@ -139,7 +139,7 @@ func setIcc(bridgeIface string, iccEnable, insert bool) error {
 			iptables.Raw(append([]string{"-D", chain}, dropArgs...)...)
 
 			if !iptables.Exists(table, chain, acceptArgs...) {
-				if output, err := iptables.Raw(append([]string{"-I", chain}, acceptArgs...)...); err != nil {
+				if output, err := iptables.Raw(append([]string{"-A", chain}, acceptArgs...)...); err != nil {
 					return fmt.Errorf("Unable to allow intercontainer communication: %s", err.Error())
 				} else if len(output) != 0 {
 					return fmt.Errorf("Error enabling intercontainer communication: %s", output)