Fix duplicate POSTROUTING MASQUERADE rules

[chenchun]

Signed-off-by: Chun Chen ramichen@tencent.com

[root@c182 /data/home/gaia]# iptables -S POSTROUTING -t nat
-P POSTROUTING ACCEPT
-A POSTROUTING -s 192.168.1.0/24 ! -o docker0 -j MASQUERADE 
-A POSTROUTING -s 192.168.1.0/24 ! -o docker0 -j MASQUERADE 
-A POSTROUTING -s 192.168.1.0/24 ! -o docker0 -j MASQUERADE 

//docker log
time="2015-07-13T16:01:07.998115730+08:00" level=debug msg="/sbin/iptables, [-t nat -C POSTROUTING -s 192.168.1.1/24 ! -o docker0 -j MASQUERADE]" 
time="2015-07-13T16:01:08.000518242+08:00" level=debug msg="/sbin/iptables, [-t nat -I POSTROUTING -s 192.168.1.1/24 ! -o docker0 -j MASQUERADE]" 

moby/moby#12437 removed regexp from Exists function and it has side effects on creating these duplicate rules with old iptable version.
Since iptables -S POSTROUTING -t nat print masked ip address, we should use masked ip address to check if POSTROUTING MASQUERADE rule exits.

[aboch]

Thanks for taking care of this. We had it on our list.

LGTM

[mavenugo]

LGTM.