added check before deletion attempt

srl-labs · Feb 22, 2022 · 3dfd3bb · 3dfd3bb
1 parent f44213c
commit 3dfd3bb
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/runtime/docker/iptables.go b/runtime/docker/iptables.go
@@ -55,6 +55,15 @@ func (d *DockerRuntime) deleteIPTablesFwdRule(br string) (err error) {
 		return
 	}
 
+	// first check if a rule exists before trying to delete it
+	v4checkCmd := "iptables -vL DOCKER-USER"
+
+	res, _ := exec.Command("sudo", strings.Split(v4checkCmd, " ")...).Output()
+	if !bytes.Contains(res, []byte(d.mgmt.Bridge)) {
+		log.Debugf("external access iptables rule doesn't exist. Skipping deletion", d.mgmt.Bridge)
+		return nil
+	}
+
 	_, err = utils.BridgeByName(br)
 	if err == nil {
 		// nil error means the bridge interface was found, hence we don't need to delete the fwd rule, as the bridge is still in use