From fe5cf1b018951f0cace71109b0cfe6c7a6172caa Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Sat, 7 Oct 2017 09:06:06 -0400
Subject: [PATCH] Disable hostname lookup on chain exists check

Without `-n`, iptables will attempt to lookup hostnames for IP
addresses, which can slow down the call dramatically.
Since we don't need this, and generally don't even care about the
output, use the `-n` flag to disable this.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 8dce207dddc3f805b852088a60cc27bfe54b065e)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
---
 iptables/iptables.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables/iptables.go b/iptables/iptables.go
index eb3af5d769..f0691e9235 100644
--- a/iptables/iptables.go
+++ b/iptables/iptables.go
@@ -456,7 +456,7 @@ func RawCombinedOutputNative(args ...string) error {
 
 // ExistChain checks if a chain exists
 func ExistChain(chain string, table Table) bool {
-	if _, err := Raw("-t", string(table), "-L", chain); err == nil {
+	if _, err := Raw("-t", string(table), "-nL", chain); err == nil {
 		return true
 	}
 	return false