diff --git a/configure.ac b/configure.ac
index 7ea1607b7..317ca0a6c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([Jool], [4.0.5], [jool@nic.mx])
+AC_INIT([Jool], [4.0.6], [jool@nic.mx])
 AC_CONFIG_SRCDIR([src/common/xlat.h])
 AM_INIT_AUTOMAKE([subdir-objects])
 
diff --git a/docs/_config.yml b/docs/_config.yml
index 8ecce7cf9..d976342ff 100644
--- a/docs/_config.yml
+++ b/docs/_config.yml
@@ -3,7 +3,7 @@ baseurl: /Jool
 repository-url: https://github.com/NICMx/Jool
 downloads-url: https://github.com/NICMx/releases/raw/master/Jool
 downloads-url-2: https://github.com/NICMx/Jool/releases/download
-latest-version: 4.0.1
+latest-version: 4.0.6
 
 rfc-siit: https://tools.ietf.org/html/rfc7915
 draft-siit-eam: https://tools.ietf.org/html/rfc7757
diff --git a/docs/en/debian.md b/docs/en/debian.md
index f37d78da2..624e56040 100644
--- a/docs/en/debian.md
+++ b/docs/en/debian.md
@@ -9,6 +9,7 @@ title: Debian
 
 # Jool in Debian and its derivatives
 
+<!--
 The Debian package is maintained by the Jool team. It should always be up-to-date.
 
 ## Installation
@@ -16,5 +17,61 @@ The Debian package is maintained by the Jool team. It should always be up-to-dat
 {% highlight bash %}
 $ sudo apt install jool-dkms jool-tools
 {% endhighlight %}
+-->
+
+## Uninstalling old versions (installed from source)
+
+If you already installed a previous version of Jool from source, know that it will conflict with the userspace clients installed in the next section. To uninstall the old userspace clients, run `make uninstall` in the directory where you compiled them:
+
+```bash
+user@T:~$ cd jool-4.0.5/
+user@T:~# make uninstall
+```
+
+If you no longer have the directory where you compiled it, download it again and do this instead:
+
+<div class="distro-menu">
+	<span class="distro-selector" onclick="showDistro(this);">tarball</span>
+	<span class="distro-selector" onclick="showDistro(this);">git clone</span>
+</div>
+
+<!-- iptables Jool -->
+{% highlight bash %}
+user@T:~$ cd jool-4.0.5/
+user@T:~$
+user@T:~$ ./configure
+user@T:~# make uninstall
+{% endhighlight %}
+
+<!-- Netfilter Jool -->
+{% highlight bash %}
+user@T:~$ cd Jool/
+user@T:~$ ./autogen.sh
+user@T:~$ ./configure
+user@T:~# make uninstall
+{% endhighlight %}
+
+This can be done before or after the commands in the next section. (But if you did it later, restart your terminal.)
+
+You might also want to detach the old running modules while you're at it:
+
+```bash
+user@T:~# modprobe -r jool_siit
+user@T:~# modprobe -r jool
+```
+
+## Installing the Debian packages
+
+The official Debian package is currently [queued for approval into `unstable`](https://github.com/NICMx/Jool/issues/243#issuecomment-517779741). In the meantime, if you're using amd64, you can download standalone `.deb` packages from [Downloads](#downloads.html) and install them like so:
+
+{% highlight bash %}
+user@T:~# apt install ./jool-dkms_{{ site.latest-version }}-1_all.deb ./jool-tools_{{ site.latest-version }}-1_amd64.deb
+{% endhighlight %}
+
+> Sorry; I can't provide packages for other architectures because I don't have any hardware to try them on. If you'd like to help, [contact us](contact.html).
+
+They are tested in Debian 10 and Ubuntu 18.04.
+
+Please note that these packages do not update automatically. This feature will not be available until Jool reaches `unstable`.
 
 Here's a quick link back to the [basic tutorials list](documentation.html#basic-tutorials).
diff --git a/docs/en/documentation.md b/docs/en/documentation.md
index 979b6f5ca..2bc3d2a2a 100644
--- a/docs/en/documentation.md
+++ b/docs/en/documentation.md
@@ -20,11 +20,10 @@ See [RFC 6586](https://tools.ietf.org/html/rfc6586) for deployment experiences u
 
 ## Installation
 
-1. [Installation on OpenWRT](openwrt.html)
-2. [Installation on openSUSE](opensuse.html)
-2. [Installation on most other distros](install.html)
-
-<!-- 2. [Installation on Debian and derivatives](debian.html) -->
+1. [Installation in OpenWRT](openwrt.html)
+2. [Installation in openSUSE](opensuse.html)
+3. [Installation in Debian and its derivatives](debian.html)
+4. [Installation in most other distros](install.html) (Installing from source)
 
 ## Basic Tutorials
 
@@ -32,6 +31,7 @@ See [RFC 6586](https://tools.ietf.org/html/rfc6586) for deployment experiences u
 2. [SIIT + EAM](run-eam.html)
 3. [Stateful NAT64](run-nat64.html)
 4. [DNS64](dns64.html)
+5. [Persistence](run-persistent.html)
 
 ## IP/ICMP Translation in Detail
 
diff --git a/docs/en/download.md b/docs/en/download.md
index e0134e9c9..eec218068 100644
--- a/docs/en/download.md
+++ b/docs/en/download.md
@@ -21,30 +21,24 @@ Results [here](index.html#survey).
 
 Jool 4.0 is a [compliant SIIT and Stateful NAT64](intro-jool.html#compliance).
 
-4.0.1 is the latest version. It is also considered the most mature version of Jool.
-
-| Release Date | Version | .tar.gz | Git commit |
-|--------------|---------|---------|------------|
-| 2019-04-26   | **4.0.1**            | [Download]({{ site.downloads-url-2 }}/v4.0.1/jool_4.0.1.tar.gz) | <a href="{{ site.repository-url }}/tree/v4.0.1" target="_blank">Link</a> |
-| 2019-01-17   | <del>4.0.0</del>     | [Download]({{ site.downloads-url-2 }}/v4.0.0/jool_4.0.0.tar.gz) | <a href="{{ site.repository-url }}/tree/v4.0.0" target="_blank">Link</a> |
-| 2019-01-09   | <del>4.0.0-rc5</del> | [Download]({{ site.downloads-url-2 }}/v4.0.0-rc5/jool_4.0.0-rc5.tar.gz) | <a href="{{ site.repository-url }}/tree/v4.0.0-rc5" target="_blank">Link</a> |
-| 2019-01-04   | <del>3.6.0-rc4</del> | [Download]({{ site.downloads-url-2 }}/v3.6.0-rc4/jool_3.6.0-rc4.tar.gz) | <a href="{{ site.repository-url }}/tree/v3.6.0-rc4" target="_blank">Link</a> |
-| 2018-12-26   | <del>3.6.0-rc3</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc3.tar.gz) | <a href="{{ site.repository-url }}/tree/v3.6.0-rc3" target="_blank">Link</a> |
-| 2018-12-14   | <del>3.6.0-rc2</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc2.tar.gz) | <a href="{{ site.repository-url }}/tree/v3.6.0-rc2" target="_blank">Link</a> |
-| 2018-11-24   | <del>3.6.0-rc1</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc1.tar.gz) | <a href="{{ site.repository-url }}/tree/v3.6.0-rc1" target="_blank">Link</a> |
-
-"rc" stands for "Release Candidate."
-
-Transitional packages:
-
-| Release Date | Version | .tar.gz | Signature | Git commit |
-|--------------|---------|---------|-----------|------------|
-| 2019-08-20   | 4.0.5   | [Download]({{ site.downloads-url-2 }}/v4.0.5/jool-4.0.5.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.5/jool-4.0.5.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.5" target="_blank">Link</a> |
-| 2019-07-31   | 4.0.4   | [Download]({{ site.downloads-url-2 }}/v4.0.4/jool-4.0.4.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.4/jool-4.0.4.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.4" target="_blank">Link</a> |
-| 2019-07-19   | 4.0.3   | [Download]({{ site.downloads-url-2 }}/v4.0.3/jool-4.0.3.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.3/jool-4.0.3.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.3" target="_blank">Link</a> |
-| 2019-07-11   | <del>4.0.2</del>   | [Download]({{ site.downloads-url-2 }}/v4.0.2/jool-4.0.2.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.2/jool-4.0.2.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.2" target="_blank">Link</a> |
-
-[This](http://keys.gnupg.net/pks/lookup?op=get&search=0x72160FD57B242967) is my public key. It is not yet certified, so the Signature column is mostly just theater for now.
+4.0.6 is the latest and most mature version of Jool.
+
+| Release Date | Version | .tar.gz | .tar.gz Signature | Git commit | .deb |
+|--------------|---------|---------|-------------------|------------|------|
+| 2019-10-24   | **4.0.6** | [Download]({{ site.downloads-url-2 }}/v4.0.6/jool-4.0.6.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.6/jool-4.0.6.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.6" target="_blank">Link</a> | [Kernel modules]({{ site.downloads-url-2 }}/v{{ site.latest-version }}/jool-dkms_{{ site.latest-version }}-1_all.deb)<br />[Userspace tools]({{ site.downloads-url-2 }}/v{{ site.latest-version }}/jool-tools_{{ site.latest-version }}-1_amd64.deb) (amd64 only) |
+| 2019-08-20   | 4.0.5 | [Download]({{ site.downloads-url-2 }}/v4.0.5/jool-4.0.5.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.5/jool-4.0.5.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.5" target="_blank">Link</a> | - |
+| 2019-07-31   | <del>4.0.4</del> | [Download]({{ site.downloads-url-2 }}/v4.0.4/jool-4.0.4.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.4/jool-4.0.4.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.4" target="_blank">Link</a> | - |
+| 2019-07-19   | <del>4.0.3</del> | [Download]({{ site.downloads-url-2 }}/v4.0.3/jool-4.0.3.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.3/jool-4.0.3.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.3" target="_blank">Link</a> | - |
+| 2019-07-11   | <del>4.0.2</del> | [Download]({{ site.downloads-url-2 }}/v4.0.2/jool-4.0.2.tar.gz) | [Signature]({{ site.downloads-url-2 }}/v4.0.2/jool-4.0.2.tar.gz.asc) | <a href="{{ site.repository-url }}/tree/v4.0.2" target="_blank">Link</a> | - |
+| 2019-04-26   | 4.0.1                | [Download]({{ site.downloads-url-2 }}/v4.0.1/jool_4.0.1.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v4.0.1" target="_blank">Link</a> | - |
+| 2019-01-17   | <del>4.0.0</del>     | [Download]({{ site.downloads-url-2 }}/v4.0.0/jool_4.0.0.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v4.0.0" target="_blank">Link</a> | - |
+| 2019-01-09   | <del>4.0.0-rc5</del> | [Download]({{ site.downloads-url-2 }}/v4.0.0-rc5/jool_4.0.0-rc5.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v4.0.0-rc5" target="_blank">Link</a> | - |
+| 2019-01-04   | <del>3.6.0-rc4</del> | [Download]({{ site.downloads-url-2 }}/v3.6.0-rc4/jool_3.6.0-rc4.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v3.6.0-rc4" target="_blank">Link</a> | - |
+| 2018-12-26   | <del>3.6.0-rc3</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc3.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v3.6.0-rc3" target="_blank">Link</a> | - |
+| 2018-12-14   | <del>3.6.0-rc2</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc2.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v3.6.0-rc2" target="_blank">Link</a> | - |
+| 2018-11-24   | <del>3.6.0-rc1</del> | [Download]({{ site.downloads-url }}/jool_3.6.0-rc1.tar.gz) | - | <a href="{{ site.repository-url }}/tree/v3.6.0-rc1" target="_blank">Link</a> | - |
+
+"rc" stands for "Release Candidate." [This](http://keys.gnupg.net/pks/lookup?op=get&search=0x72160FD57B242967) is my public key. It is not yet certified, so the Signature column is mostly just theater for now.
 
 ## 3.5.x
 
diff --git a/docs/en/faq.md b/docs/en/faq.md
index 02acf8703..0dbec4006 100644
--- a/docs/en/faq.md
+++ b/docs/en/faq.md
@@ -12,7 +12,7 @@ title: FAQ
 ## Index
 
 1. [Why is Jool not doing anything?](#why-is-jool-not-doing-anything)
-2. [Why in my ping not working?](#why-in-my-ping-not-working)
+2. [Why is my ping not working?](#why-is-my-ping-not-working)
 3. [Jool is intermitently unable to translate traffic.](#jool-is-intermitently-unable-to-translate-traffic)
 4. [The throughput is terrible!](#the-throughput-is-terrible)
 
@@ -49,7 +49,7 @@ Given the output above, for example, I'd try looking into the routing table.
 
 If `stats` proves insufficient, you can [enable debug logging](logging.html).
 
-## Why in my ping not working?
+## Why is my ping not working?
 
 Probably because you started the ping on the same machine (or rather, network namespace) your translator instance is attached to.
 
diff --git a/docs/en/index.md b/docs/en/index.md
index f296385c3..03ca4c7e7 100644
--- a/docs/en/index.md
+++ b/docs/en/index.md
@@ -22,7 +22,7 @@ Jool is an Open Source [SIIT and NAT64](intro-xlat.html) for Linux.
 
 As far as we know, Jool is a [compliant](intro-jool.html#compliance) SIIT and Stateful NAT64.
 
-Its most mature version is [4.0.1]({{ site.repository-url }}/milestone/43).
+Its most mature version is [4.0.6]({{ site.repository-url }}/milestone/45).
 
 -------------------
 
@@ -34,6 +34,23 @@ Its most mature version is [4.0.1]({{ site.repository-url }}/milestone/43).
 
 ## News
 
+### 2019-10-24
+
+[Jool 4.0.6](download.html) has been released.
+
+Development since 4.0.1 has been generally focused on [Debian packaging](https://github.com/NICMx/Jool/issues/243#issuecomment-517779741) and [systemd scripts](https://github.com/NICMx/Jool/issues/250#issuecomment-517790775). To make sure the build was sane I was planning to wait until Debian approved it before announcing a new version, but since it's been [queued for more than two months](https://ftp-master.debian.org/new.html) I guess it's time to force ourselves out of the "transitional phase."
+
+In particular, I had to revert the single `make && make install` installation hack from [#163](https://github.com/NICMx/Jool/issues/163). Kernel modules and userspace applications need to be [installed separately](https://jool.mx/en/install.html#compilation-and-installation) again. I also removed Kbuild from the documentation because it induces too many user headaches; Please use DKMS instead.
+
+The following additional changes have been applied since 4.0.1:
+
+1. Add support for kernels 5.1, 5.2, 5.3, 5.4, RHEL7.7 and RHEL8.0.
+2. `.deb` packages are now available in [Downloads](download.html). (See [Debian](debian.html).)
+3. [#287](https://github.com/NICMx/Jool/issues/287): [`address query`](usr-flags-address.html)
+4. [#297](https://github.com/NICMx/Jool/issues/297#issuecomment-540080336): Mirror Netfilter packet return mechanism on iptables mode. (By the way: This means that you're no longer required to include matches in iptables rules. See the [tutorials](run-vanilla.html#jool).)
+
+The OpenWRT version has also been [updated](https://github.com/openwrt/packages/issues/9349).
+
 ### 2019-04-26
 
 [Jool 4.0.1](download.html) has been released.
diff --git a/docs/en/intro-jool.md b/docs/en/intro-jool.md
index 093cd2e70..d36f40329 100644
--- a/docs/en/intro-jool.md
+++ b/docs/en/intro-jool.md
@@ -15,6 +15,9 @@ title: Introduction to Jool
 2. [Compliance](#compliance)
 3. [Compatibility](#compatibility)
 4. [Design](#design)
+	1. [Netfilter](#netfilter)
+	2. [iptables](#iptables)
+5. [Untranslatable packets](#untranslatable-packets)
 
 ## Overview
 
@@ -46,7 +49,7 @@ Please [let us know]({{ site.repository-url }}/issues) if you find additional co
 | Jool version                        | Supported Linux kernels (mainline)   | Supported Linux kernels (RHEL) |
 |-------------------------------------|--------------------------------------|--------------------------------|
 | [master]({{ site.repository-url }}) | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.4 | RHEL 7.0 - RHEL 7.7,<br />RHEL 8.0 |
-| [4.0.5](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.3 | RHEL 7.0 - RHEL 7.6            |
+| [4.0.6](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 - 5.4 | RHEL 7.0 - RHEL 7.7,<br />RHEL 8.0 |
 | [4.0.1](download.html#40x)          | 3.13 - 3.19,<br />4.0 - 4.20,<br />5.0 | RHEL 7.0 - RHEL 7.5            |
 | [3.5.8](download.html#35x)          | 3.2 - 3.19,<br />4.0 - 4.18           | RHEL 7.0 - RHEL 7.4            |
 
@@ -69,7 +72,7 @@ Netfilter Jool instances are simple to configure. However, they are also _greedy
 
 There can only be **one** Netfilter SIIT Jool instance and **one** Netfilter NAT64 instance per network namespace.
 
-Netfilter Jool instances start packet translation as soon as they are created. They drop packets deemed corrupted, translate packets which _can_ be translated (according to their configuration) and return everything else to the kernel.
+Netfilter Jool instances start packet translation as soon as they are created. They drop packets deemed corrupted, translate packets which _can_ be translated (according to their configuration) and return [everything else](#untranslatable-packets) to the kernel.
 
 Netfilter plugins are not allowed to change the network protocol of their packets. Additionally, the kernel API does not export a means to post packets in the `FORWARD` chain. For these reasons, successfully translated packets skip `FORWARD`, going straight to `POSTROUTING`:
 
@@ -101,8 +104,36 @@ adds a _rule_ to iptables's _mangle_ table, which "Jools" all packets headed tow
 
 There can be any number of iptables Jool instances in any namespace, and any number of iptables rules can reference them.
 
-iptables Jool instances sit idle until some iptables rule sends packets to them. (Of course, only packets that [match the rule's conditions](https://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html#ss7.3) are sent.) As of version 4.0.6, iptables instances function the same as Netfilter instances: They drop packets deemed corrupted, translate packets which _can_ be translated (according to their configuration) and return everything else to the kernel. (In this context, "return to the kernel" means that the packet will go back to the iptables chain, right after the Jool rule that matched it.)
+iptables Jool instances sit idle until some iptables rule sends packets to them. (Of course, only packets that [match the rule's conditions](https://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html#ss7.3) are sent.) As of version 4.0.6, iptables instances function the same as Netfilter instances: They drop packets deemed corrupted, translate packets which _can_ be translated (according to their configuration) and return [everything else](#untranslatable-packets) to the kernel. (In this context, "return to the kernel" means that the packet will go back to the iptables chain, right after the Jool rule that matched it.)
 
 iptables Jool has a quirk similar to Netfilter Jool that you should be aware of: iptables rules are also not allowed to change the network protocol of their packets, so iptables Jool rules also send their matched and successfully translated packets straight to `POSTROUTING`. Packets which do not match the rule continue through the chain normally.
 
 iptables Jool first became available in Jool 4.0.0.
+
+## Untranslatable packets
+
+As of version 4.0.6, both Netfilter Jool and iptables Jool return the packet to the kernel if any of these conditions are met:
+
+- An iptables rule's `--instance` parameter does not match any existing iptables instances. (ie. user created the iptables rule but hasn't yet created the instance.)
+- The packet was translated successfully, but the translated packet cannot be routed. (Most of the time, this is because its destination address does not match any entries in the routing table.)
+- The translator is [disabled by configuration](https://jool.mx/en/usr-flags-global.html#manually-enabled).
+
+SIIT Jool also returns the packet to the kernel when at least one of these conditions are met:
+
+- The packet is IPv4 and at least one of its addresses cannot be translated. An IPv4 address cannot be translated when
+	- it's subnet-scoped,
+	- belongs to one of the translator's interfaces,
+	- is [blacklist4ed](https://jool.mx/en/usr-flags-blacklist4.html), or
+	- cannot be translated by any of the populated address translation strategies (EAMT, pool6 and rfc6791).
+- The packet is IPv6 and at least one of its addresses cannot be translated. An IPv6 address cannot be translated when
+	- it cannot be translated by any of the populated address translation strategies (EAMT, pool6 and rfc6791),
+	- its IPv4 counterpart is blacklist4ed,
+	- its IPv4 counterpart is subnet-scoped, or
+	- its IPv4 counterpart belongs to a local interface.
+
+Stateful NAT64 Jool also returns the packet to the kernel when at least one of these conditions are met:
+
+- The packet's transport protocol is unsupported. (NAT64 Jool only supports TCP, UDP and ICMP as of now.)
+- The packet is IPv6 and its destination address does not match pool6. (ie. packet is not meant to be translated.)
+- The packet is IPv4 and its destination transport address (address + port) does not match any BIB entries. (ie. packet lacks IPv6 destination.)
+- Untranslatable/unknown ICMPv4 and ICMPv6 types.
diff --git a/docs/en/run-eam.md b/docs/en/run-eam.md
index 06fd981a1..8e4f64052 100644
--- a/docs/en/run-eam.md
+++ b/docs/en/run-eam.md
@@ -37,7 +37,7 @@ user@A:~# service network-manager stop
 user@A:~# /sbin/ip link set eth0 up
 user@A:~# # Replace "::8" depending on which node you're on.
 user@A:~# /sbin/ip addr add 2001:db8:6::8/96 dev eth0
-user@A:~# /sbin/ip route add default via 2001:db8:6::1
+user@A:~# /sbin/ip route add 2001:db8:4::/120 via 2001:db8:6::1
 {% endhighlight %}
 
 Nodes _V_ through _Z_ have the exact same configuration from the previous document.
@@ -47,7 +47,7 @@ user@V:~# service network-manager stop
 user@V:~# /sbin/ip link set eth0 up
 user@V:~# # Replace ".16" depending on which node you're on.
 user@V:~# /sbin/ip addr add 192.0.2.16/24 dev eth0
-user@V:~# /sbin/ip route add default via 192.0.2.1
+user@V:~# /sbin/ip route add 198.51.100.0/24 via 192.0.2.1
 {% endhighlight %}
 
 Node _T_:
@@ -180,6 +180,6 @@ user@T:~# /sbin/modprobe -r jool_siit
 ## Afterwords
 
 1. More complex setups might require you to consider the [MTU notes](mtu.html).
-3. Please note that none of what was done in this tutorial survives reboots! Documentation on persistence will be released in the future.
+3. Please note that none of what was done in this tutorial survives reboots! [Here](run-persistent.html)'s documentation on persistence.
 
 The [next tutorial](run-nat64.html) is a [Stateful NAT64](intro-xlat.html#stateful-nat64) run.
diff --git a/docs/en/run-nat64.md b/docs/en/run-nat64.md
index 46853f53a..e3dfbad28 100644
--- a/docs/en/run-nat64.md
+++ b/docs/en/run-nat64.md
@@ -35,7 +35,7 @@ user@A:~# service network-manager stop
 user@A:~# /sbin/ip link set eth0 up
 user@A:~# # Replace "::8" depending on which node you're on.
 user@A:~# /sbin/ip address add 2001:db8::8/96 dev eth0
-user@A:~# /sbin/ip route add default via 2001:db8::1
+user@A:~# /sbin/ip route add 64:ff9b::/96 via 2001:db8::1
 {% endhighlight %}
 
 Nodes _V_ through _Z_:
@@ -99,7 +99,7 @@ user@T:~# jool instance add "example" --netfilter --pool6 64:ff9b::/96
  
 {% endhighlight %}
 
-The iptables configuration, on the other hand, needs to use the `JOOL` target and match more specific transport addresses in the IPv4 side. Ports 61001-65535 of _T_'s owned IPv4 addresses are Jool's default reserved mask range. More information can be found in [pool4](pool4.html).
+The iptables configuration, on the other hand, needs to use the `JOOL` target.
 
 ## Testing
 
@@ -152,6 +152,6 @@ user@T:~# /sbin/modprobe -r jool
 ## Afterwords
 
 1. More complex setups might require you to consider the [MTU notes](mtu.html).
-3. Please note that none of what was done in this tutorial survives reboots! Documentation on persistence will be released in the future.
+3. Please note that none of what was done in this tutorial survives reboots! [Here](run-persistent.html)'s documentation on persistence.
 
 The [next tutorial](dns64.html) explains DNS64.
diff --git a/docs/en/run-persistent.md b/docs/en/run-persistent.md
new file mode 100644
index 000000000..6fcc09d09
--- /dev/null
+++ b/docs/en/run-persistent.md
@@ -0,0 +1,114 @@
+---
+language: en
+layout: default
+category: Documentation
+title: Persistence
+---
+
+# Persistence
+
+## Index
+
+1. [Introduction](#introduction)
+2. [Debian](#debian)
+3. [Not Debian](#not-debian)
+
+## Introduction
+
+If you installed Jool's [Debian package](debian.html), chances are your distribution manages daemons by way of systemd or System V. Jool's Debian package ships with systemd unit files and System V scripts you can use to enable Jool automatically after every boot.
+
+If you did not install Jool's Debian package, you're in for a bit more trouble. You can download our Debian unit files or scripts and adapt them to your needs.
+
+This document explains how to do both of these.
+
+## Debian
+
+First, provide a [configuration file](config-atomic.html) in `/etc/jool/`. You can find some examples in `/usr/share/doc/jool-tools/examples/`:
+
+<div class="distro-menu">
+	<span class="distro-selector" onclick="showDistro(this);">SIIT</span>
+	<span class="distro-selector" onclick="showDistro(this);">NAT64</span>
+</div>
+
+<!-- SIIT -->
+{% highlight bash %}
+mkdir /etc/jool
+cp /usr/share/doc/jool-tools/examples/jool_siit.conf /etc/jool
+nano /etc/jool/jool_siit.conf
+{% endhighlight %}
+
+<!-- NAT64 -->
+{% highlight bash %}
+mkdir /etc/jool
+cp /usr/share/doc/jool-tools/examples/jool.conf      /etc/jool
+nano /etc/jool/jool.conf
+{% endhighlight %}
+
+Once you're set, try your service out:
+
+<div class="distro-menu">
+	<span class="distro-selector" onclick="showDistro(this);">SIIT Debian</span>
+	<span class="distro-selector" onclick="showDistro(this);">NAT64 Debian</span>
+	<span class="distro-selector" onclick="showDistro(this);">SIIT Ubuntu</span>
+	<span class="distro-selector" onclick="showDistro(this);">NAT64 Ubuntu</span>
+</div>
+
+<!-- SIIT Debian -->
+{% highlight bash %}
+systemctl start jool_siit
+{% endhighlight %}
+
+<!-- NAT64 Debian -->
+{% highlight bash %}
+systemctl start jool
+{% endhighlight %}
+
+<!-- SIIT Ubuntu -->
+{% highlight bash %}
+service jool_siit start
+{% endhighlight %}
+
+<!-- NAT64 Ubuntu -->
+{% highlight bash %}
+service jool      start
+{% endhighlight %}
+
+The service creates the instance in the global network namespace. It's a perfectly average instance, so you can query or further tweak it normally:
+
+<div class="distro-menu">
+	<span class="distro-selector" onclick="showDistro(this);">SIIT</span>
+	<span class="distro-selector" onclick="showDistro(this);">NAT64</span>
+</div>
+
+<!-- SIIT -->
+{% highlight bash %}
+jool_siit instance display
+jool_siit -i "init" global display
+jool_siit -i "init" eamt display
+# etc
+{% endhighlight %}
+
+<!-- NAT64 -->
+{% highlight bash %}
+jool      instance display
+jool      -i "init" global display
+jool      -i "init" pool4 display
+# etc
+{% endhighlight %}
+
+(But any changes meant to be persistent need to be included in the configuration file.)
+
+That's all. If the service is configured correctly, it will start automatically on every boot.
+
+## Not Debian
+
+First, figure out whether you're using systemd or System V, and whether you need an SIIT or a NAT64.
+
+- [This](https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool_siit.service) is Debian's SIIT systemd unit file. (It probably needs to be renamed as `/lib/systemd/system/jool_siit.service`.)
+- [This](https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool.service) is Debian's NAT64 systemd unit file. (It probably needs to be renamed as `/lib/systemd/system/jool.service`.)
+- [This](https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool_siit.init) is Debian's SIIT System V script. (It probably needs to be renamed as `/etc/init.d/jool_siit`.)
+- [This](https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/jool-tools.jool.init) is Debian's NAT64 System V script.  (It probably needs to be renamed as `/etc/init.d/jool_siit`.)
+
+Grab the one you need and adapt it to your needs. To wit, the only thing you might need to modify is the path to the jool userspace client binary. In the files above it's `/usr/bin/jool_siit` and `/usr/bin/jool`, but your installation might have likely placed them in `/usr/local/bin` instead.
+
+Once that's done, simply follow the [Debian directions above](#debian). [This](https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/examples/jool_siit.conf) is the sample SIIT sample configuration file, and [this](https://raw.githubusercontent.com/ydahhrk/packaging/master/Jool/debian/examples/jool.conf) is the NAT64 sample configuration file.
diff --git a/docs/en/run-vanilla.md b/docs/en/run-vanilla.md
index b20e4740a..51a171b65 100644
--- a/docs/en/run-vanilla.md
+++ b/docs/en/run-vanilla.md
@@ -38,8 +38,6 @@ Jool requires _T_ to be Linux. The rest can be anything you want, as long as it
 
 For the sake of simplicity however, the examples below assume every node is Linux and everything is being configured statically using the well-known `ip` command (and friends). Depending on your distro, your mileage might vary on how to get the network manager out of the way (assuming that's what you want). Just to clarify, the point of `service network-manager stop` below is to claim control over your interface addresses and routes (otherwise the `ip` commands might be ineffectual).
 
-Also to simplify, routing will be reduced to default all unknown traffic towards _T_. Note that there is nothing martian about anyone's configuration otherwise.
-
 This is nodes _A_ through _E_:
 
 {% highlight bash %}
@@ -47,7 +45,7 @@ user@A:~# service network-manager stop
 user@A:~# /sbin/ip link set eth0 up
 user@A:~# # Replace ".8" depending on which node you're on.
 user@A:~# /sbin/ip addr add 2001:db8::198.51.100.8/120 dev eth0
-user@A:~# /sbin/ip route add default via 2001:db8::198.51.100.1
+user@A:~# /sbin/ip route add 2001:db8::192.0.2.0/120 via 2001:db8::198.51.100.1
 {% endhighlight %}
 
 Nodes _V_ through _Z_:
@@ -57,7 +55,7 @@ user@V:~# service network-manager stop
 user@V:~# /sbin/ip link set eth0 up
 user@V:~# # Replace ".16" depending on which node you're on.
 user@V:~# /sbin/ip addr add 192.0.2.16/24 dev eth0
-user@V:~# /sbin/ip route add default via 192.0.2.1
+user@V:~# /sbin/ip route add 198.51.100.0/24 via 192.0.2.1
 {% endhighlight %}
 
 Node _T_:
@@ -224,7 +222,7 @@ user@T:~# rmmod jool_siit
 ## Afterwords
 
 1. More complex setups might require you to consider the [MTU notes](mtu.html).
-3. Please note that none of what was done in this tutorial survives reboots! Documentation on persistence will be released in the future.
+3. Please note that none of what was done in this tutorial survives reboots! [Here](run-persistent.html)'s documentation on persistence.
 
 The [next tutorial](run-eam.html) covers [EAMT SIIT](intro-xlat.html#siit-with-eam).
 
diff --git a/docs/en/usr-flags-address.md b/docs/en/usr-flags-address.md
index 58f18a188..5f4aaa449 100644
--- a/docs/en/usr-flags-address.md
+++ b/docs/en/usr-flags-address.md
@@ -22,8 +22,6 @@ title: address Mode
 
 Sends address translation queries to the module. Meant for educative and configuration testing purposes.
 
-> Note! This feature has not yet been officially released. For now, you can find it in the master branch. It is bound to come out in Jool 4.0.5.
-
 Only SIIT Jool implements this feature for now.
 
 ## Syntax
diff --git a/src/common/xlat.h b/src/common/xlat.h
index 3887891bc..853080723 100644
--- a/src/common/xlat.h
+++ b/src/common/xlat.h
@@ -14,8 +14,8 @@
  */
 #define JOOL_VERSION_MAJOR 4
 #define JOOL_VERSION_MINOR 0
-#define JOOL_VERSION_REV 5
-#define JOOL_VERSION_DEV 1
+#define JOOL_VERSION_REV 6
+#define JOOL_VERSION_DEV 0
 
 /** See http://stackoverflow.com/questions/195975 */
 #define STR_VALUE(arg) #arg
diff --git a/src/mod/common/xlator.c b/src/mod/common/xlator.c
index 618937071..495d48ac7 100644
--- a/src/mod/common/xlator.c
+++ b/src/mod/common/xlator.c
@@ -163,6 +163,8 @@ static void __flush_detach(struct net *ns, xlator_type xt,
 		if (instance->jool.ns == ns && (instance->jool.flags & xt)) {
 			hash_del_rcu(&instance->table_hook);
 			hlist_add_head(&instance->table_hook, detached);
+			if (instance->jool.flags & XF_NETFILTER)
+				list_del_rcu(&instance->list_hook);
 		}
 	}
 }
diff --git a/src/usr/nat64/jool.8 b/src/usr/nat64/jool.8
index b967dab6e..272350a3a 100644
--- a/src/usr/nat64/jool.8
+++ b/src/usr/nat64/jool.8
@@ -1,7 +1,7 @@
 .\" Manpage for jool's userspace app.
 .\" Report bugs to jool@nic.mx.
 
-.TH jool 8 2019-08-20 v4.0.5 "NAT64 Jool's Userspace Client"
+.TH jool 8 2019-10-24 v4.0.6 "NAT64 Jool's Userspace Client"
 
 .SH NAME
 jool - Interact with NAT64 Jool (the kernel module).
diff --git a/src/usr/nl/stats.c b/src/usr/nl/stats.c
index 15d851c5a..2b0418c9b 100644
--- a/src/usr/nl/stats.c
+++ b/src/usr/nl/stats.c
@@ -27,8 +27,8 @@ static struct jstat_metadata const jstat_metadatas[] = {
 	DEFINE_STAT(JSTAT_HDR6, TC "Some IPv6 header field was bogus. (Eg. version was not 6.)"),
 	DEFINE_STAT(JSTAT_HDR4, TC "Some IPv4 header field was bogus. (Eg. version was not 4.)"),
 	DEFINE_STAT(JSTAT_UNKNOWN_L4_PROTO, TC "Packet carried an unknown transport protocol. (Untranslatable by NAT64.)"),
-	DEFINE_STAT(JSTAT_UNKNOWN_ICMP6_TYPE, TC "ICMPv6 header's type value was unknown (and thus, untranslatable)."),
-	DEFINE_STAT(JSTAT_UNKNOWN_ICMP4_TYPE, TC "ICMPv4 header's type value was unknown (and thus, untranslatable)."),
+	DEFINE_STAT(JSTAT_UNKNOWN_ICMP6_TYPE, TC "ICMPv6 header's type value has no ICMPv4 counterpart."),
+	DEFINE_STAT(JSTAT_UNKNOWN_ICMP4_TYPE, TC "ICMPv4 header's type value has no ICMPv6 counterpart."),
 	DEFINE_STAT(JSTAT_DOUBLE_ICMP6_ERROR, TC "ICMPv6 error contained another ICMPv6 error. (Which is illegal.)"),
 	DEFINE_STAT(JSTAT_DOUBLE_ICMP4_ERROR, TC "ICMPv4 error contained another ICMPv4 error. (Which is illegal.)"),
 	DEFINE_STAT(JSTAT_UNKNOWN_PROTO_INNER, TC "ICMP error's inner packet had an unknown transport protocol. (Untranslatable by NAT64.)"),
@@ -59,8 +59,8 @@ static struct jstat_metadata const jstat_metadatas[] = {
 	DEFINE_STAT(JSTAT64_DST, TC "IPv6 packet's destination address did not match pool6 nor any EAMT entries, or the resulting address was blacklist4ed."),
 	DEFINE_STAT(JSTAT64_PSKB_COPY, TC "It was not possible to allocate the IPv4 counterpart of the IPv6 packet. (The kernel's pskb_copy() function failed.)"),
 	DEFINE_STAT(JSTAT64_ICMP_CSUM, TC "Incoming ICMPv6 error packet's checksum was incorrect."),
-	DEFINE_STAT(JSTAT64_UNTRANSLATABLE_DEST_UNREACH, TC "Packet was an ICMv6 Destination Unreachable error message, but its code was unknown."),
-	DEFINE_STAT(JSTAT64_UNTRANSLATABLE_PARAM_PROB, TC "Packet was an ICMv6 Parameter Problem error message, but its code was unknown."),
+	DEFINE_STAT(JSTAT64_UNTRANSLATABLE_DEST_UNREACH, TC "Packet was an ICMPv6 Destination Unreachable error message, and its code has no ICMPv4 counterpart."),
+	DEFINE_STAT(JSTAT64_UNTRANSLATABLE_PARAM_PROB, TC "Packet was an ICMPv6 Parameter Problem error message, and its code has no ICMPv4 counterpart."),
 	DEFINE_STAT(JSTAT64_UNTRANSLATABLE_PARAM_PROB_PTR, TC "Packet was an ICMv6 Parameter Problem error message, but its pointer was untranslatable."),
 	DEFINE_STAT(JSTAT64_TTL, TC "IPv6 packet's Hop Limit field was 0 or 1."),
 	DEFINE_STAT(JSTAT64_SEGMENTS_LEFT, TC "IPv6 packet had a Segments Left field, and it was nonzero."),
@@ -68,8 +68,8 @@ static struct jstat_metadata const jstat_metadatas[] = {
 	DEFINE_STAT(JSTAT46_DST, TC "IPv4 packet's destination address was blacklist4ed, or did not match pool6 nor any EAMT entries."),
 	DEFINE_STAT(JSTAT46_PSKB_COPY, TC "It was not possible to allocate the IPv6 counterpart of the IPv4 packet. (The kernel's __pskb_copy() function failed.)"),
 	DEFINE_STAT(JSTAT46_ICMP_CSUM, TC "Incoming ICMPv4 error packet's checksum was incorrect."),
-	DEFINE_STAT(JSTAT46_UNTRANSLATABLE_DEST_UNREACH, TC "Packet was an ICMv4 Destination Unreachable error message, but its code was unknown."),
-	DEFINE_STAT(JSTAT46_UNTRANSLATABLE_PARAM_PROB, TC "Packet was an ICMv4 Parameter Problem error message, but its code was unknown."),
+	DEFINE_STAT(JSTAT46_UNTRANSLATABLE_DEST_UNREACH, TC "Packet was an ICMPv4 Destination Unreachable error message, and its code has no ICMPv6 counterpart."),
+	DEFINE_STAT(JSTAT46_UNTRANSLATABLE_PARAM_PROB, TC "Packet was an ICMPv4 Parameter Problem error message, and its code has no ICMPv6 counterpart."),
 	DEFINE_STAT(JSTAT46_UNTRANSLATABLE_PARAM_PROBLEM_PTR, TC "Packet was an ICMv4 Parameter Problem error message, but its pointer was untranslatable."),
 	DEFINE_STAT(JSTAT46_TTL, TC "IPv4 packet's TTL field was 0 or 1."),
 	DEFINE_STAT(JSTAT46_SRC_ROUTE, TC "Packet had an unexpired Source Route. (Untranslatable.)"),
diff --git a/src/usr/siit/jool_siit.8 b/src/usr/siit/jool_siit.8
index b124c3425..f1408b9ac 100644
--- a/src/usr/siit/jool_siit.8
+++ b/src/usr/siit/jool_siit.8
@@ -1,7 +1,7 @@
 .\" Manpage for jool's userspace app.
 .\" Report bugs to jool@nic.mx.
 
-.TH jool_siit 8 2019-08-20 v4.0.5 "SIIT Jool's Userspace Client"
+.TH jool_siit 8 2019-10-24 v4.0.6 "SIIT Jool's Userspace Client"
 
 .SH NAME
 jool_siit - Interact with SIIT Jool (the kernel module).
@@ -99,6 +99,12 @@ Kernels 3.13.0 and up.
 .br
 )
 .P
+.RI "jool_siit [" <argp1> "] address ("
+.br
+.RI "	query [--verbose] " "<IP-Address>"
+.br
+)
+.P
 .RI "jool_siit [" <argp1> "] blacklist4 ("
 .br
 	display
@@ -160,6 +166,8 @@ Upload an entry to the EAM table.
 Drop an entry from the EAM table.
 .IP "eamt flush"
 Empty the EAM table.
+.IP "address query"
+Print the translated version of the given address using the current configuration.
 .IP "blacklist4 display"
 Show the blacklist.
 .IP "blacklist4 add"
@@ -201,6 +209,8 @@ Show all the counters.
 (Otherwise, only the nonzero ones are printed.)
 .IP --explain
 Show a description of each counter.
+.IP --verbose
+Print some details regarding the translation operation.
 .IP --force
 Apply operation even if certain validations fail.