1 This target passes the packet to userspace using the 2 \fBnfnetlink_queue\fP handler. The packet is put into the queue 3 identified by its 16-bit queue number. Userspace can inspect 4 and modify the packet if desired. Userspace must then drop or 5 reinject the packet into the kernel. Please see libnetfilter_queue 6 for details. 7 .B 8 nfnetlink_queue 9 was added in Linux 2.6.14. The \fBqueue-balance\fP option was added in Linux 2.6.31, 10 \fBqueue-bypass\fP in 2.6.39. 11 .TP 12 \fB\-\-queue\-num\fP \fIvalue\fP 13 This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0. 14 .PP 15 .TP 16 \fB\-\-queue\-balance\fP \fIvalue\fP\fB:\fP\fIvalue\fP 17 This specifies a range of queues to use. Packets are then balanced across the given queues. 18 This is useful for multicore systems: start multiple instances of the userspace program on 19 queues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP". 20 Packets belonging to the same connection are put into the same nfqueue. 21 .PP 22 .TP 23 \fB\-\-queue\-bypass\fP 24 By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued 25 are dropped. When this option is used, the NFQUEUE rule behaves like ACCEPT instead, and the packet 26 will move on to the next table. 27 .PP 28 .TP 29 \fB\-\-queue\-cpu-fanout\fP 30 Available starting Linux kernel 3.10. When used together with 31 \fB--queue-balance\fP this will use the CPU ID as an index to map packets to 32 the queues. The idea is that you can improve performance if there's a queue 33 per CPU. This requires \fB--queue-balance\fP to be specified. 34