diff --git a/criu/net.c b/criu/net.c
index 7109e6876a..33a8ed6e4f 100644
--- a/criu/net.c
+++ b/criu/net.c
@@ -3180,17 +3180,32 @@ static inline int nftables_network_unlock(void)
 
 static int iptables_network_unlock_internal(void)
 {
-	char conf[] = "*filter\n"
-		      ":CRIU - [0:0]\n"
-		      "-D INPUT -j CRIU\n"
-		      "-D OUTPUT -j CRIU\n"
-		      "-X CRIU\n"
-		      "COMMIT\n";
+	char delete_jump_targets[] = "*filter\n"
+				":CRIU - [0:0]\n"
+				"-D INPUT -j CRIU\n"
+				"-D OUTPUT -j CRIU\n"
+				"COMMIT\n";
+
+	char delete_criu_chain[] = "*filter\n"
+				":CRIU - [0:0]\n"
+				"-X CRIU\n"
+				"COMMIT\n";
+
 	int ret = 0;
 
-	ret |= iptables_restore(false, conf, sizeof(conf) - 1);
+	ret |= iptables_restore(false, delete_jump_targets, sizeof(delete_jump_targets) -1);
 	if (kdat.ipv6)
-		ret |= iptables_restore(true, conf, sizeof(conf) - 1);
+		ret |= iptables_restore(true, delete_jump_targets, sizeof(delete_jump_targets) -1);
+
+	if (!system("iptables -C INPUT -j CRIU")) {
+		ret |= iptables_restore(false, delete_jump_targets, sizeof(delete_jump_targets) -1);
+		if (kdat.ipv6)
+			ret |= iptables_restore(true, delete_jump_targets, sizeof(delete_jump_targets) -1);
+	}
+
+	ret |= iptables_restore(false, delete_criu_chain, sizeof(delete_criu_chain) -1);
+	if (kdat.ipv6)
+		ret |= iptables_restore(true, delete_criu_chain, sizeof(delete_criu_chain) -1);
 
 	return ret;
 }