Comment 40 for bug 930962

I'd be ok with adding a /usr/share/lxc/hooks/network-bootpc-checksum script which does the iptables add, and having the debian template add that to lxc.hook.pre-start. However, in that hook script we'd want to avoid having one rule added per container start. What's the cleanest and most robust way to detect if the rule has already been inserted? We can do a iptables -t mangle -L and look for

CHECKSUM udp -- anywhere anywhere udp dpt:bootpc CHECKSUM fill

but that feels fragile. Any better ideas?