From 1bec864a8a946dde39b193ba280931d2f311313f Mon Sep 17 00:00:00 2001
From: Murali Reddy <muralimmreddy@gmail.com>
Date: Mon, 15 Jun 2020 16:34:48 +0530
Subject: [PATCH] avoide listing a chain if the rule already exists

---
 pkg/controllers/netpol/network_policy_controller.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/controllers/netpol/network_policy_controller.go b/pkg/controllers/netpol/network_policy_controller.go
index 10c9c6fee..48a8ba1a0 100644
--- a/pkg/controllers/netpol/network_policy_controller.go
+++ b/pkg/controllers/netpol/network_policy_controller.go
@@ -200,11 +200,6 @@ func (npc *NetworkPolicyController) ensureTopLevelChains() {
 	}
 
 	ensureRuleAtposition := func(chain string, ruleSpec []string, position int) {
-		rules, err := iptablesCmdHandler.List("filter", chain)
-		if err != nil {
-			glog.Fatalf("failed to list rules in filter table %s chain due to %s", chain, err.Error())
-		}
-
 		exists, err := iptablesCmdHandler.Exists("filter", chain, ruleSpec...)
 		if err != nil {
 			glog.Fatalf("Failed to verify rule exists in %s chain due to %s", chain, err.Error())
@@ -216,6 +211,11 @@ func (npc *NetworkPolicyController) ensureTopLevelChains() {
 			}
 			return
 		}
+		rules, err := iptablesCmdHandler.List("filter", chain)
+		if err != nil {
+			glog.Fatalf("failed to list rules in filter table %s chain due to %s", chain, err.Error())
+		}
+
 		var ruleNo int
 		for i, rule := range rules {
 			rule = strings.Replace(rule, "\"", "", 2) //removes quote from comment string