From 9487241f5c208df2f348b692c6679fc68fcd5591 Mon Sep 17 00:00:00 2001
From: Chun Chen <ramichen@tencent.com>
Date: Mon, 13 Jul 2015 16:23:02 +0800
Subject: [PATCH] Fix duplicate POSTROUTING MASQUERADE rules

Signed-off-by: Chun Chen <ramichen@tencent.com>
---
 libnetwork/drivers/bridge/setup_ip_tables.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libnetwork/drivers/bridge/setup_ip_tables.go b/libnetwork/drivers/bridge/setup_ip_tables.go
index 70e4df652b..11605a03c5 100644
--- a/libnetwork/drivers/bridge/setup_ip_tables.go
+++ b/libnetwork/drivers/bridge/setup_ip_tables.go
@@ -25,7 +25,12 @@ func (n *bridgeNetwork) setupIPTables(config *networkConfiguration, i *bridgeInt
 	if err != nil {
 		return fmt.Errorf("Failed to setup IP tables, cannot acquire Interface address: %s", err.Error())
 	}
-	if err = setupIPTablesInternal(config.BridgeName, addrv4, config.EnableICC, config.EnableIPMasquerade, hairpinMode, true); err != nil {
+	ipnet := addrv4.(*net.IPNet)
+	maskedAddrv4 := &net.IPNet{
+		IP:   ipnet.IP.Mask(ipnet.Mask),
+		Mask: ipnet.Mask,
+	}
+	if err = setupIPTablesInternal(config.BridgeName, maskedAddrv4, config.EnableICC, config.EnableIPMasquerade, hairpinMode, true); err != nil {
 		return fmt.Errorf("Failed to Setup IP tables: %s", err.Error())
 	}