Apex, Functest: Fixes iptables rule

Something in Apex is pushing the RETURN rule down the chain, and adding
REJECT reject-with icmp-port-unreachable.  This enhances the check to
make sure not only does the rule exist, but it is at the top of the
chain.

Change-Id: I527bc45c30008aaf30d5bc9e1d474a14065b3fdf
Signed-off-by: Tim Rozet <trozet@redhat.com>

diff --git a/jjb/functest/set-functest-env.sh b/jjb/functest/set-functest-env.sh
index 3cbb4a5..d2e232d 100755 (executable)
--- a/jjb/functest/set-functest-env.sh
+++ b/jjb/functest/set-functest-env.sh
@@ -37,7 +37,7 @@ elif [[ ${INSTALLER_TYPE} == 'joid' ]]; then
 fi
 
 # Set iptables rule to allow forwarding return traffic for container
-if ! sudo iptables -C FORWARD -j RETURN 2> ${redirect}; then
+if ! sudo iptables -C FORWARD -j RETURN 2> ${redirect} || ! sudo iptables -L FORWARD | awk 'NR==3' | grep RETURN 2> ${redirect}; then
     sudo iptables -I FORWARD -j RETURN
 fi