diff --git a/netflow/iptables.sh b/netflow/iptables.sh
index 4270a3c..971c4cf 100644
--- a/netflow/iptables.sh
+++ b/netflow/iptables.sh
@@ -56,7 +56,7 @@ __main() {
 		for cmd in iptables ip6tables; do
 			$cmd -t mangle -N "$_chain" 2>/dev/null || true
 			if ! $cmd -t mangle -C OUTPUT -o '!lo' -m cgroup --cgroup "$cgid" -j "$_chain" 2>/dev/null; then
-				$cmd -t mangle -A OUTPUT -o '!lo' -m cgroup --cgroup "$cgid" -j "$_chain"
+				$cmd -t mangle -I OUTPUT 1 -o '!lo' -m cgroup --cgroup "$cgid" -j "$_chain"
 			fi
 			if ! $cmd -t mangle -C "$_chain" -j RETURN 2>/dev/null; then
 				$cmd -t mangle -A "$_chain" -j RETURN