# udp dport 53 masquerade ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq ] # udp dport 53 masquerade random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x4 ] # udp dport 53 masquerade random,persistent ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0xc ] # udp dport 53 masquerade random,persistent,fully-random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x1c ] # udp dport 53 masquerade random,fully-random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x14 ] # udp dport 53 masquerade random,fully-random,persistent ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x1c ] # udp dport 53 masquerade persistent ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x8 ] # udp dport 53 masquerade persistent,random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0xc ] # udp dport 53 masquerade persistent,random,fully-random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x1c ] # udp dport 53 masquerade persistent,fully-random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x18 ] # udp dport 53 masquerade persistent,fully-random,random ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ masq flags 0x1c ] # tcp dport { 1,2,3,4,5,6,7,8,101,202,303,1001,2002,3003} masquerade set%d test-ip6 3 set%d test-ip6 0 element 00000100 : 0 [end] element 00000200 : 0 [end] element 00000300 : 0 [end] element 00000400 : 0 [end] element 00000500 : 0 [end] element 00000600 : 0 [end] element 00000700 : 0 [end] element 00000800 : 0 [end] element 00006500 : 0 [end] element 0000ca00 : 0 [end] element 00002f01 : 0 [end] element 0000e903 : 0 [end] element 0000d207 : 0 [end] element 0000bb0b : 0 [end] ip6 test-ip6 postrouting [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set set%d ] [ masq ] # ip6 daddr fe00::1-fe00::200 udp dport 53 counter packets 0 bytes 0 masquerade ip6 test-ip6 postrouting [ payload load 16b @ network header + 24 => reg 1 ] [ cmp gte reg 1 0x000000fe 0x00000000 0x00000000 0x01000000 ] [ cmp lte reg 1 0x000000fe 0x00000000 0x00000000 0x00020000 ] [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00003500 ] [ counter pkts 0 bytes 0 ] [ masq ] # iifname eth0 ct state new,established tcp dport vmap {22 : drop, 222 : drop } masquerade map%d test-ip6 b map%d test-ip6 0 element 00001600 : 0 [end] element 0000de00 : 0 [end] ip6 test-ip6 postrouting [ meta load iifname => reg 1 ] [ cmp eq reg 1 0x30687465 0x00000000 0x00000000 0x00000000 ] [ ct load state => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x0000000a ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ lookup reg 1 set map%d dreg 0 ] [ masq ] # meta l4proto 6 masquerade to :1024 ip6 test-ip6 postrouting [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00000004 ] [ masq proto_min reg 1 proto_max reg 0 ] # meta l4proto 6 masquerade to :1024-2048 ip6 test-ip6 postrouting [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 1 0x00000004 ] [ immediate reg 2 0x00000008 ] [ masq proto_min reg 1 proto_max reg 2 ]