diff --git a/netflow/iptables.sh b/netflow/iptables.sh
index 7807a40..28496af 100644
--- a/netflow/iptables.sh
+++ b/netflow/iptables.sh
@@ -53,10 +53,13 @@ __main() {
 	done
 
 	for cgid in "${_cgroup_ids[@]}"; do
+		if [[ $cgid -eq 0 ]]; then
+			continue
+		fi
 		for cmd in iptables ip6tables; do
 			$cmd -t mangle -N "$_chain" 2>/dev/null || true
-			if ! $cmd -t mangle -C OUTPUT -o '!lo' -m cgroup --cgroup "$cgid" -j "$_chain" 2>/dev/null; then
-				$cmd -t mangle -I OUTPUT 1 -o '!lo' -m cgroup --cgroup "$cgid" -j "$_chain"
+			if ! $cmd -t mangle -C OUTPUT ! -o 'lo' -m cgroup --cgroup "$cgid" -j "$_chain" 2>/dev/null; then
+				$cmd -t mangle -I OUTPUT 1 ! -o 'lo' -m cgroup --cgroup "$cgid" -j "$_chain"
 			fi
 			if ! $cmd -t mangle -C "$_chain" -j RETURN 2>/dev/null; then
 				$cmd -t mangle -A "$_chain" -j RETURN