From ad7e36ba85d859a4df0bcc3bf25fdcb6d3a21d8a Mon Sep 17 00:00:00 2001
From: abdosi <58047199+abdosi@users.noreply.github.com>
Date: Wed, 24 Jun 2020 14:05:29 -0700
Subject: [PATCH] Fix Ported for 201811 for master (#1814)

PR: https://github.com/Azure/sonic-mgmt/pull/1810/files
---
 ansible/roles/test/tasks/qos_sai.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/test/tasks/qos_sai.yml b/ansible/roles/test/tasks/qos_sai.yml
index 09c4eb212a5..3b0258623a0 100644
--- a/ansible/roles/test/tasks/qos_sai.yml
+++ b/ansible/roles/test/tasks/qos_sai.yml
@@ -62,12 +62,12 @@
         ansible_shell_type: docker
         ansible_python_interpreter: docker exec -i bgp python
     
-    - name: Add iptables rule to drop BGP SYN Packet from peer so that we do not ACK back
-      shell: "iptables -A INPUT -j DROP -p tcp --destination-port bgp"
+    - name: Add iptables rule to drop BGP SYN Packet from peer so that we do not ACK back. Add at top so existing rules don't have precedence over it.
+      shell: "iptables -I INPUT 1 -j DROP -p tcp --destination-port bgp"
       become: true
 
-    - name: Add ip6tables rule to drop BGP SYN Packet from peer so that we do not ACK back
-      shell: "ip6tables -A INPUT -j DROP -p tcp --destination-port bgp"
+    - name: Add ip6tables rule to drop BGP SYN Packet from peer so that we do not ACK back. Add at top so existing rules don't have precedence over it.
+      shell: "ip6tables -I INPUT 1 -j DROP -p tcp --destination-port bgp"
       become: true
 
     - meta: flush_handlers