diff --git a/libnetwork/controller.go b/libnetwork/controller.go
index e9389487a3..f6619ecafd 100644
--- a/libnetwork/controller.go
+++ b/libnetwork/controller.go
@@ -882,9 +882,7 @@ addToStore:
 		c.Unlock()
 	}
 
-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
+	c.arrangeUserFilterRule()
 
 	return network, nil
 }
diff --git a/libnetwork/firewall_linux.go b/libnetwork/firewall_linux.go
index b2232ac7a5..54f9621f81 100644
--- a/libnetwork/firewall_linux.go
+++ b/libnetwork/firewall_linux.go
@@ -7,6 +7,17 @@ import (
 
 const userChain = "DOCKER-USER"
 
+func (c *controller) arrangeUserFilterRule() {
+	c.Lock()
+	arrangeUserFilterRule()
+	c.Unlock()
+	iptables.OnReloaded(func() {
+		c.Lock()
+		arrangeUserFilterRule()
+		c.Unlock()
+	})
+}
+
 // This chain allow users to configure firewall policies in a way that persists
 // docker operations/restarts. Docker will not delete or modify any pre-existing
 // rules from the DOCKER-USER filter chain.
diff --git a/libnetwork/firewall_others.go b/libnetwork/firewall_others.go
index c41b3e049f..901f568fed 100644
--- a/libnetwork/firewall_others.go
+++ b/libnetwork/firewall_others.go
@@ -2,5 +2,5 @@
 
 package libnetwork
 
-func arrangeUserFilterRule() {
+func (c *controller) arrangeUserFilterRule() {
 }