From e1783a72d1b84bc3e32470c468d14445e5fba8db Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 6 Nov 2018 12:33:50 +0100
Subject: [PATCH] [18.09 backport] update libnetwork to fix iptables
 compatibility on debian

Fixes a compatibility issue on recent debian versions, where iptables now uses
nft by default.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 hack/dockerfile/install/proxy.installer                  | 2 +-
 vendor.conf                                              | 2 +-
 vendor/github.com/docker/libnetwork/iptables/iptables.go | 9 +++++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer
index f1d3f935077ee..1027edf823c60 100755
--- a/hack/dockerfile/install/proxy.installer
+++ b/hack/dockerfile/install/proxy.installer
@@ -3,7 +3,7 @@
 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
 # updating the binary version, consider updating github.com/docker/libnetwork
 # in vendor.conf accordingly
-LIBNETWORK_COMMIT=6da50d1978302f04c3e2089e29112ea24812f05b
+LIBNETWORK_COMMIT=8bc51fd276b549b106dbc7bf8ab18b3a01d66e64 # bump_18.09 branch
 
 install_proxy() {
 	case "$1" in
diff --git a/vendor.conf b/vendor.conf
index b822620bd3941..4bee6cbbe0279 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -37,7 +37,7 @@ github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b
 #get libnetwork packages
 
 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy accordingly
-github.com/docker/libnetwork 6da50d1978302f04c3e2089e29112ea24812f05b
+github.com/docker/libnetwork 8bc51fd276b549b106dbc7bf8ab18b3a01d66e64 # bump_18.09 branch
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/github.com/docker/libnetwork/iptables/iptables.go b/vendor/github.com/docker/libnetwork/iptables/iptables.go
index 4b8d8832e9035..6a108e93d0c57 100644
--- a/vendor/github.com/docker/libnetwork/iptables/iptables.go
+++ b/vendor/github.com/docker/libnetwork/iptables/iptables.go
@@ -87,11 +87,16 @@ func initFirewalld() {
 }
 
 func detectIptables() {
-	path, err := exec.LookPath("iptables")
+	path, err := exec.LookPath("iptables-legacy") // debian has iptables-legacy and iptables-nft now
 	if err != nil {
-		return
+		path, err = exec.LookPath("iptables")
+		if err != nil {
+			return
+		}
 	}
+
 	iptablesPath = path
+
 	supportsXlock = exec.Command(iptablesPath, "--wait", "-L", "-n").Run() == nil
 	mj, mn, mc, err := GetVersion()
 	if err != nil {