# udp dport 53 masquerade [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": null } ] # udp dport 53 masquerade random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": "random" } } ] # udp dport 53 masquerade random,persistent [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "random", "persistent" ] } } ] # udp dport 53 masquerade random,persistent,fully-random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "random", "fully-random", "persistent" ] } } ] # udp dport 53 masquerade random,fully-random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "random", "fully-random" ] } } ] # udp dport 53 masquerade random,fully-random,persistent [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "random", "fully-random", "persistent" ] } } ] # udp dport 53 masquerade persistent [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": "persistent" } } ] # udp dport 53 masquerade persistent,random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "persistent", "random" ] } } ] # udp dport 53 masquerade persistent,random,fully-random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "persistent", "random", "fully-random" ] } } ] # udp dport 53 masquerade persistent,fully-random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "persistent", "fully-random" ] } } ] # udp dport 53 masquerade persistent,fully-random,random [ { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "masquerade": { "flags": [ "persistent", "fully-random", "random" ] } } ] # meta l4proto 6 masquerade to :1024 [ { "match": { "left": { "meta": { "key": "l4proto" } }, "op": "==", "right": 6 } }, { "masquerade": { "port": 1024 } } ] # meta l4proto 6 masquerade to :1024-2048 [ { "match": { "left": { "meta": { "key": "l4proto" } }, "op": "==", "right": 6 } }, { "masquerade": { "port": { "range": [ 1024, 2048 ] } } } ] # tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade [ { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": { "set": [ 1, 2, 3, 4, 5, 6, 7, 8, 101, 202, 303, 1001, 2002, 3003 ] } } }, { "masquerade": null } ] # ip6 daddr fe00::1-fe00::200 udp dport 53 counter masquerade [ { "match": { "left": { "payload": { "field": "daddr", "protocol": "ip6" } }, "op": "==", "right": { "range": [ "fe00::1", "fe00::200" ] } } }, { "match": { "left": { "payload": { "field": "dport", "protocol": "udp" } }, "op": "==", "right": 53 } }, { "counter": null }, { "masquerade": null } ] # iifname "eth0" ct state established,new tcp dport vmap {22 : drop, 222 : drop } masquerade [ { "match": { "left": { "meta": { "key": "iifname" } }, "op": "==", "right": "eth0" } }, { "match": { "left": { "ct": { "key": "state" } }, "op": "in", "right": [ "established", "new" ] } }, { "vmap": { "key": { "payload": { "field": "dport", "protocol": "tcp" } }, "data": { "set": [ [ 22, { "drop": null } ], [ 222, { "drop": null } ] ] } } }, { "masquerade": null } ]