Make sure iptables chains are recreated on firewall reload

[aboch]

Signed-off-by: Alessandro Boch aboch@docker.com

[mrjana]

LGTM

[mavenugo]

LGTM.

Is there a consistent way to reproduce the issue & is it possible to possible to write an IT for this ?
(either in libnetwork or docker/docker ? )

[aboch]

@mavenugo
Have firewalld running, start docker daemon, reload firewalld service, verify the docker chains are in the iptables o/p.

I verified the fix in an ubuntu VM with firewalld and in a fedora one, after a firewalld restart the chains are reinstalled (the daemon iptables logs are also very useful in showing what is being probed and then installed).

Please note the other issue, where the rules are sometimes wiped out is still there.
It can happen on system events firewalld reacts on, unrelated to docker.
For this second issue, I am sometime able to reproduce just running some commands on firewalld, like firewalld --debug 10. Unfortuantely I can confirm firewalld signalHandler in iptables does not receive any notification when the rules are wiped out.

[mavenugo]

@aboch thanks for the clarification.