Something in Apex is pushing the RETURN rule down the chain, and adding
REJECT reject-with icmp-port-unreachable. This enhances the check to
make sure not only does the rule exist, but it is at the top of the
chain.
Change-Id: I527bc45c30008aaf30d5bc9e1d474a14065b3fdf
Signed-off-by: Tim Rozet <trozet@redhat.com>
fi
# Set iptables rule to allow forwarding return traffic for container
-if ! sudo iptables -C FORWARD -j RETURN 2> ${redirect}; then
+if ! sudo iptables -C FORWARD -j RETURN 2> ${redirect} || ! sudo iptables -L FORWARD | awk 'NR==3' | grep RETURN 2> ${redirect}; then
sudo iptables -I FORWARD -j RETURN
fi