From 8c00e9378e4d680b9db8b1fd08d5c72fd1604864 Mon Sep 17 00:00:00 2001
From: Tim Rozet <trozet@redhat.com>
Date: Fri, 1 Jul 2016 16:55:11 -0400
Subject: [PATCH] Apex, Functest: Fixes iptables rule

Something in Apex is pushing the RETURN rule down the chain, and adding
REJECT reject-with icmp-port-unreachable.  This enhances the check to
make sure not only does the rule exist, but it is at the top of the
chain.

Change-Id: I527bc45c30008aaf30d5bc9e1d474a14065b3fdf
Signed-off-by: Tim Rozet <trozet@redhat.com>
---
 jjb/functest/set-functest-env.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jjb/functest/set-functest-env.sh b/jjb/functest/set-functest-env.sh
index 3cbb4a515..d2e232de5 100755
--- a/jjb/functest/set-functest-env.sh
+++ b/jjb/functest/set-functest-env.sh
@@ -37,7 +37,7 @@ elif [[ ${INSTALLER_TYPE} == 'joid' ]]; then
 fi
 
 # Set iptables rule to allow forwarding return traffic for container
-if ! sudo iptables -C FORWARD -j RETURN 2> ${redirect}; then
+if ! sudo iptables -C FORWARD -j RETURN 2> ${redirect} || ! sudo iptables -L FORWARD | awk 'NR==3' | grep RETURN 2> ${redirect}; then
     sudo iptables -I FORWARD -j RETURN
 fi
 
-- 
2.16.6