diff --git a/libnetwork/controller.go b/libnetwork/controller.go
index e9389487a3254c224b14bf47dfcc7d28485e7f67..f6619ecafd871647c4300b751b64f25c6b2c7d40 100644
--- a/libnetwork/controller.go
+++ b/libnetwork/controller.go
@@ -882,9 +882,7 @@ addToStore:
 		c.Unlock()
 	}
 
-	c.Lock()
-	arrangeUserFilterRule()
-	c.Unlock()
+	c.arrangeUserFilterRule()
 
 	return network, nil
 }
diff --git a/libnetwork/firewall_linux.go b/libnetwork/firewall_linux.go
index b2232ac7a53841abe0e3637972ab00490dc0f5c3..54f9621f8131cea8b54fa79dc376a79a2f396c81 100644
--- a/libnetwork/firewall_linux.go
+++ b/libnetwork/firewall_linux.go
@@ -7,6 +7,17 @@ import (
 
 const userChain = "DOCKER-USER"
 
+func (c *controller) arrangeUserFilterRule() {
+	c.Lock()
+	arrangeUserFilterRule()
+	c.Unlock()
+	iptables.OnReloaded(func() {
+		c.Lock()
+		arrangeUserFilterRule()
+		c.Unlock()
+	})
+}
+
 // This chain allow users to configure firewall policies in a way that persists
 // docker operations/restarts. Docker will not delete or modify any pre-existing
 // rules from the DOCKER-USER filter chain.
diff --git a/libnetwork/firewall_others.go b/libnetwork/firewall_others.go
index c41b3e049f7ad10f2b812a4b51658d60e412c0b8..901f568fed41c1e993d3443d612e15d2b37e36a9 100644
--- a/libnetwork/firewall_others.go
+++ b/libnetwork/firewall_others.go
@@ -2,5 +2,5 @@
 
 package libnetwork
 
-func arrangeUserFilterRule() {
+func (c *controller) arrangeUserFilterRule() {
 }