From 90a8e45604f42d60d58b4cefa37a5e5d3112b64a Mon Sep 17 00:00:00 2001
From: Gosuke Miyashita <gosukenator@gmail.com>
Date: Sat, 21 Mar 2015 01:52:05 +0900
Subject: [PATCH] Append icc related iptables rules, not INSERT

Signed-off-by: Gosuke Miyashita <gosukenator@gmail.com>
---
 daemon/networkdriver/bridge/driver.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/daemon/networkdriver/bridge/driver.go b/daemon/networkdriver/bridge/driver.go
index 8f240ef598..0ea4d5dca4 100644
--- a/daemon/networkdriver/bridge/driver.go
+++ b/daemon/networkdriver/bridge/driver.go
@@ -340,7 +340,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
 
 		if !iptables.Exists(iptables.Filter, "FORWARD", dropArgs...) {
 			logrus.Debugf("Disable inter-container communication")
-			if output, err := iptables.Raw(append([]string{"-I", "FORWARD"}, dropArgs...)...); err != nil {
+			if output, err := iptables.Raw(append([]string{"-A", "FORWARD"}, dropArgs...)...); err != nil {
 				return fmt.Errorf("Unable to prevent intercontainer communication: %s", err)
 			} else if len(output) != 0 {
 				return fmt.Errorf("Error disabling intercontainer communication: %s", output)
@@ -351,7 +351,7 @@ func setupIPTables(addr net.Addr, icc, ipmasq bool) error {
 
 		if !iptables.Exists(iptables.Filter, "FORWARD", acceptArgs...) {
 			logrus.Debugf("Enable inter-container communication")
-			if output, err := iptables.Raw(append([]string{"-I", "FORWARD"}, acceptArgs...)...); err != nil {
+			if output, err := iptables.Raw(append([]string{"-A", "FORWARD"}, acceptArgs...)...); err != nil {
 				return fmt.Errorf("Unable to allow intercontainer communication: %s", err)
 			} else if len(output) != 0 {
 				return fmt.Errorf("Error enabling intercontainer communication: %s", output)