Hi, Right now when selecting a source address to use for MASQUERADE it looks like netfilter uses a different function (inet_select_addr) for determining the source address for the traffic than what is used in general for IP traffic (ip_rt_get_source) which means, for example, the use of route source hints is not considered when selecting the source address for the MASQUERADE'd traffic. I’m wondering if changing MASQUERADE’s behavior, adding an option to run the other function when selecting the source address, or adding another target with the specified behavior has been considered as I think this would be a very helpful addition for certain use cases and is likely what users want as a default. Max
