diff --git a/netflow/iptables.sh b/netflow/iptables.sh
index f1e3bd8..4270a3c 100644
--- a/netflow/iptables.sh
+++ b/netflow/iptables.sh
@@ -7,7 +7,7 @@ __get_mount_paths_cgroup_id() {
 	docker ps -q --no-trunc | while read -r cid; do
 		_path=$(docker inspect "$cid" --format '{{range .Mounts}}{{.Source}}{{"\n"}}{{end}}' 2>/dev/null)
 		if grep -q "$CACHE/$FILE_PATH_START" <<<"$_path"; then
-			_cmd="find /sys/fs/cgroup/ -type d -name $cid | grep net_cls 2>/dev/null"
+			_cmd="find /sys/fs/cgroup/ -maxdepth 2 -type d -name $cid | grep net_cls 2>/dev/null"
 			_cgroup_path=$(nsenter --mount=/host/proc/1/ns/mnt --net=/host/proc/1/ns/net sh -c "$_cmd")
 			_cmd_classid="cat $_cgroup_path/net_cls.classid 2>/dev/null"
 			_cgroup_id=$(nsenter --mount=/host/proc/1/ns/mnt --net=/host/proc/1/ns/net sh -c "$_cmd_classid")