diff --git a/target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..1eb23afacc
--- /dev/null
+++ b/target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+  - link-local scoped packets sent by neighbor discovery
+  - multicast packets sent by MLD host
+  - multicast packets send by MLD proxy daemon that sets outgoing
+    interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -25,7 +25,8 @@ int ip6_route_me_harder(struct net *net,
+ 	unsigned int hh_len;
+ 	struct dst_entry *dst;
+ 	struct flowi6 fl6 = {
+-		.flowi6_oif = sk ? sk->sk_bound_dev_if : 0,
++		.flowi6_oif = sk && sk->sk_bound_dev_if ? sk->sk_bound_dev_if :
++			rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ 		.flowi6_mark = skb->mark,
+ 		.flowi6_uid = sock_net_uid(net, sk),
+ 		.daddr = iph->daddr,
diff --git a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
index 458ddd4172..a73256a2c9 100644
--- a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
+++ b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
@@ -116,7 +116,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	.saveroute		= nf_ip_saveroute,
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -193,12 +193,12 @@ static __sum16 nf_ip6_checksum_partial(s
+@@ -194,12 +194,12 @@ static __sum16 nf_ip6_checksum_partial(s
  static const struct nf_ipv6_ops ipv6ops = {
  	.chk_addr	= ipv6_chk_addr,
  	.route_input    = ip6_route_input,
diff --git a/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch b/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch
index 19a0aacb45..6ef0928257 100644
--- a/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch
+++ b/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch
@@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	.reroute		= nf_ip_reroute,
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -191,15 +191,15 @@ static __sum16 nf_ip6_checksum_partial(s
+@@ -192,15 +192,15 @@ static __sum16 nf_ip6_checksum_partial(s
  };
  
  static const struct nf_ipv6_ops ipv6ops = {
diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
index 75de3c84fe..2b44066f1a 100644
--- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
+++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
@@ -125,7 +125,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -69,31 +69,6 @@ int ip6_route_me_harder(struct net *net,
+@@ -70,31 +70,6 @@ int ip6_route_me_harder(struct net *net,
  }
  EXPORT_SYMBOL(ip6_route_me_harder);
  
@@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
  			  const struct nf_queue_entry *entry)
  {
-@@ -201,7 +176,6 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -202,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops
  static const struct nf_afinfo nf_ip6_afinfo = {
  	.family			= AF_INET6,
  	.route			= nf_ip6_route,
diff --git a/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch b/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch
index b98aac0fff..eb3e29349a 100644
--- a/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch
+++ b/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch
@@ -114,7 +114,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  };
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -171,11 +171,11 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -172,11 +172,11 @@ static const struct nf_ipv6_ops ipv6ops
  	.fragment		= ip6_fragment,
  	.checksum		= nf_ip6_checksum,
  	.checksum_partial	= nf_ip6_checksum_partial,
diff --git a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
index 5dbd1a4cea..d45c4ef85b 100644
--- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
+++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
@@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -69,7 +69,7 @@ int ip6_route_me_harder(struct net *net,
+@@ -70,7 +70,7 @@ int ip6_route_me_harder(struct net *net,
  }
  EXPORT_SYMBOL(ip6_route_me_harder);
  
@@ -147,7 +147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  			  const struct nf_queue_entry *entry)
  {
  	struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
-@@ -79,7 +79,7 @@ static int nf_ip6_reroute(struct net *ne
+@@ -80,7 +80,7 @@ static int nf_ip6_reroute(struct net *ne
  		if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
  		    !ipv6_addr_equal(&iph->saddr, &rt_info->saddr) ||
  		    skb->mark != rt_info->mark)
@@ -156,7 +156,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  	}
  	return 0;
  }
-@@ -172,11 +172,11 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -173,11 +173,11 @@ static const struct nf_ipv6_ops ipv6ops
  	.checksum		= nf_ip6_checksum,
  	.checksum_partial	= nf_ip6_checksum_partial,
  	.route			= nf_ip6_route,
diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
index 21381b7e6b..270379346a 100644
--- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
+++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
@@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  static int __init ipv4_netfilter_init(void)
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -177,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -178,7 +178,6 @@ static const struct nf_ipv6_ops ipv6ops
  
  static const struct nf_afinfo nf_ip6_afinfo = {
  	.family			= AF_INET6,
diff --git a/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch b/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch
index 0ca58f9988..381b99721a 100644
--- a/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch
+++ b/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch
@@ -102,7 +102,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 -subsys_initcall(ipv4_netfilter_init);
 --- a/net/ipv6/netfilter.c
 +++ b/net/ipv6/netfilter.c
-@@ -175,14 +175,10 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -176,14 +176,10 @@ static const struct nf_ipv6_ops ipv6ops
  	.reroute		= nf_ip6_reroute,
  };
  
@@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  }
  
  /* This can be called from inet6_init() on errors, so it cannot
-@@ -191,5 +187,4 @@ int __init ipv6_netfilter_init(void)
+@@ -192,5 +188,4 @@ int __init ipv6_netfilter_init(void)
  void ipv6_netfilter_fini(void)
  {
  	RCU_INIT_POINTER(nf_ipv6_ops, NULL);
diff --git a/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..3f5267eb75
--- /dev/null
+++ b/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+  - link-local scoped packets sent by neighbor discovery
+  - multicast packets sent by MLD host
+  - multicast packets send by MLD proxy daemon that sets outgoing
+    interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net,
+ 	unsigned int hh_len;
+ 	struct dst_entry *dst;
+ 	struct flowi6 fl6 = {
+-		.flowi6_oif = sk ? sk->sk_bound_dev_if : 0,
++		.flowi6_oif = sk && sk->sk_bound_dev_if ? sk->sk_bound_dev_if :
++			rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ 		.flowi6_mark = skb->mark,
+ 		.flowi6_uid = sock_net_uid(net, sk),
+ 		.daddr = iph->daddr,
diff --git a/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..bfb7690dec
--- /dev/null
+++ b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+  - link-local scoped packets sent by neighbor discovery
+  - multicast packets sent by MLD host
+  - multicast packets send by MLD proxy daemon that sets outgoing
+    interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net,
+ 	unsigned int hh_len;
+ 	struct dst_entry *dst;
+ 	struct flowi6 fl6 = {
+-		.flowi6_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
++		.flowi6_oif = skb->sk && skb->sk->sk_bound_dev_if ? skb->sk->sk_bound_dev_if :
++			rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ 		.flowi6_mark = skb->mark,
+ 		.daddr = iph->daddr,
+ 		.saddr = iph->saddr,