diff --git a/go.mod b/go.mod
index 112d3be926c..3ca5321b951 100644
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/containernetworking/plugins v0.8.7
 	github.com/contiv/libOpenflow v0.0.0-20210521033357-6b49eccb12e0
 	github.com/contiv/ofnet v0.0.0-00010101000000-000000000000
-	github.com/coreos/go-iptables v0.4.5
+	github.com/coreos/go-iptables v0.6.0
 	github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 // indirect
 	github.com/go-openapi/spec v0.19.5
 	github.com/gogo/protobuf v1.3.2
diff --git a/go.sum b/go.sum
index fc4ff1a7b91..4175fc44a28 100644
--- a/go.sum
+++ b/go.sum
@@ -128,8 +128,9 @@ github.com/contiv/libovsdb v0.0.0-20170227191248-d0061a53e358/go.mod h1:+qKEHaNV
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
+github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
+github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
diff --git a/pkg/agent/util/iptables/iptables.go b/pkg/agent/util/iptables/iptables.go
index 6840cf2d6f9..2c6a3fb74b4 100644
--- a/pkg/agent/util/iptables/iptables.go
+++ b/pkg/agent/util/iptables/iptables.go
@@ -102,12 +102,12 @@ func isRestoreWaitSupported(ipt *iptables.IPTables) bool {
 func (c *Client) EnsureChain(table string, chain string) error {
 	for idx := range c.ipts {
 		ipt := c.ipts[idx]
-		oriChains, err := ipt.ListChains(table)
+		exists, err := ipt.ChainExists(table, chain)
 		if err != nil {
-			return fmt.Errorf("error listing existing chains in table %s: %v", table, err)
+			return fmt.Errorf("error checking if chain %s exists in table %s: %v", chain, table, err)
 		}
-		if contains(oriChains, chain) {
-			return nil
+		if exists {
+			continue
 		}
 		if err := ipt.NewChain(table, chain); err != nil {
 			return fmt.Errorf("error creating chain %s in table %s: %v", chain, table, err)
@@ -120,11 +120,11 @@ func (c *Client) EnsureChain(table string, chain string) error {
 // ChainExists checks if a chain already exists in a table
 func (c *Client) ChainExists(table string, chain string) (bool, error) {
 	for idx := range c.ipts {
-		allChains, err := c.ipts[idx].ListChains(table)
+		exists, err := c.ipts[idx].ChainExists(table, chain)
 		if err != nil {
-			return false, fmt.Errorf("error listing existing chains in table %s: %v", table, err)
+			return false, fmt.Errorf("error checking if chain %s exists in table %s: %v", chain, table, err)
 		}
-		if contains(allChains, chain) {
+		if exists {
 			return true, nil
 		}
 	}
@@ -292,15 +292,6 @@ func (c *Client) Save() ([]byte, error) {
 	return output, nil
 }
 
-func contains(chains []string, targetChain string) bool {
-	for _, val := range chains {
-		if val == targetChain {
-			return true
-		}
-	}
-	return false
-}
-
 func MakeChainLine(chain string) string {
 	return fmt.Sprintf(":%s - [0:0]", chain)
 }
diff --git a/plugins/octant/go.sum b/plugins/octant/go.sum
index c8ae946d5da..47fd9090eed 100644
--- a/plugins/octant/go.sum
+++ b/plugins/octant/go.sum
@@ -141,6 +141,7 @@ github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkE
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
+github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=