From 0ee67fcdecac39cb0a6aa4586ec5883b5e2ec1b5 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 14 Dec 2016 19:01:23 +0000
Subject: [PATCH] Let's be even more obnoxious

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 files/osbs/fix-docker-iptables.production | 2 ++
 files/osbs/fix-docker-iptables.staging    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/files/osbs/fix-docker-iptables.production b/files/osbs/fix-docker-iptables.production
index a30f414271..7d5fc56bd5 100644
--- a/files/osbs/fix-docker-iptables.production
+++ b/files/osbs/fix-docker-iptables.production
@@ -17,6 +17,8 @@ fi
 if [ "`iptables -nL | grep 'FILTER_FORWARD  all'`" == "" ];
 then
     iptables -I FORWARD 1 -j FILTER_FORWARD
+    iptables -I FORWARD 2 -j REJECT
+    iptables -I DOCKER-ISOLATION 1 -j FILTER_FORWARD
 fi
 
 # Delete all old rules
diff --git a/files/osbs/fix-docker-iptables.staging b/files/osbs/fix-docker-iptables.staging
index 7b4b6aee22..75675631e0 100644
--- a/files/osbs/fix-docker-iptables.staging
+++ b/files/osbs/fix-docker-iptables.staging
@@ -17,6 +17,8 @@ fi
 if [ "`iptables -nL | grep 'FILTER_FORWARD  all'`" == "" ];
 then
     iptables -I FORWARD 1 -j FILTER_FORWARD
+    iptables -I FORWARD 2 -j REJECT
+    iptables -I DOCKER-ISOLATION 1 -j FILTER_FORWARD
 fi
 
 # Delete all old rules