From aab8097bb75059ce96cf9cdd6d46f9d71d52899e Mon Sep 17 00:00:00 2001
From: Brian Goff <cpuguy83@gmail.com>
Date: Sat, 7 Oct 2017 09:06:06 -0400
Subject: [PATCH] Disable hostname lookup on chain exists check

Without `-n`, iptables will attempt to lookup hostnames for IP
addresses, which can slow down the call dramatically.
Since we don't need this, and generally don't even care about the
output, use the `-n` flag to disable this.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 8dce207dddc3f805b852088a60cc27bfe54b065e)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
---
 iptables/iptables.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables/iptables.go b/iptables/iptables.go
index 9537dffa5a..3ae26d6c7e 100644
--- a/iptables/iptables.go
+++ b/iptables/iptables.go
@@ -423,7 +423,7 @@ func RawCombinedOutputNative(args ...string) error {
 
 // ExistChain checks if a chain exists
 func ExistChain(chain string, table Table) bool {
-	if _, err := Raw("-t", string(table), "-L", chain); err == nil {
+	if _, err := Raw("-t", string(table), "-nL", chain); err == nil {
 		return true
 	}
 	return false