summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libip6t_NFQUEUE.man9
-rw-r--r--extensions/libipt_NFQUEUE.man9
-rw-r--r--ip6tables.8.in19
-rw-r--r--iptables.8.in23
4 files changed, 52 insertions, 8 deletions
diff --git a/extensions/libip6t_NFQUEUE.man b/extensions/libip6t_NFQUEUE.man
new file mode 100644
index 00000000..2a8cb45c
--- /dev/null
+++ b/extensions/libip6t_NFQUEUE.man
@@ -0,0 +1,9 @@
+This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
+you to put a packet into any specific queue, identified by its 16-bit queue
+number.
+.TP
+It can only be used with Kernel versions 2.6.14 or later, since it requires
+the
+.B
+nfnetlink_queue
+kernel support.
diff --git a/extensions/libipt_NFQUEUE.man b/extensions/libipt_NFQUEUE.man
new file mode 100644
index 00000000..2a8cb45c
--- /dev/null
+++ b/extensions/libipt_NFQUEUE.man
@@ -0,0 +1,9 @@
+This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
+you to put a packet into any specific queue, identified by its 16-bit queue
+number.
+.TP
+It can only be used with Kernel versions 2.6.14 or later, since it requires
+the
+.B
+nfnetlink_queue
+kernel support.
diff --git a/ip6tables.8.in b/ip6tables.8.in
index 6d3f56cd..246c7915 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -73,7 +73,19 @@ means to let the packet through.
.I DROP
means to drop the packet on the floor.
.I QUEUE
-means to pass the packet to userspace (if supported by the kernel).
+means to pass the packet to userspace. (How the packet can be received
+by a userspace process differs by the particular queue handler. 2.4.x
+and 2.6.x kernels up to 2.6.13 include the
+.B
+ip_queue
+queue handler. Kernels 2.6.14 and later additionally include the
+.B
+nfnetlink_queue
+queue handler. Packets with a target of QUEUE will be sent to queue number '0'
+in this case. Please also see the
+.B
+NFQUEUE
+target as described later in this man page.)
.I RETURN
means stop traversing this chain and resume at the next rule in the
previous (calling) chain. If the end of a built-in chain is reached
@@ -426,7 +438,8 @@ There are several other changes in ip6tables.
.BR ip6tables-restore(8),
.BR iptables (8),
.BR iptables-save (8),
-.BR iptables-restore (8).
+.BR iptables-restore (8),
+.BR libipq (3).
.P
The packet-filtering-HOWTO details iptables usage for
packet filtering, the NAT-HOWTO details NAT,
@@ -448,7 +461,7 @@ James Morris wrote the TOS target, and tos match.
.PP
Jozsef Kadlecsik wrote the REJECT target.
.PP
-Harald Welte wrote the ULOG target, TTL match+target and libipulog.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, aswell as TTL match+target and libipulog.
.PP
The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef Kadlecsik,
James Morris, Harald Welte and Rusty Russell.
diff --git a/iptables.8.in b/iptables.8.in
index 0d17bd56..118c50ca 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -71,7 +71,19 @@ means to let the packet through.
.I DROP
means to drop the packet on the floor.
.I QUEUE
-means to pass the packet to userspace (if supported by the kernel).
+means to pass the packet to userspace. (How the packet can be received
+by a userspace process differs by the particular queue handler. 2.4.x
+and 2.6.x kernels up to 2.6.13 include the
+.B
+ip_queue
+queue handler. Kernels 2.6.14 and later additionally include the
+.B
+nfnetlink_queue
+queue handler. Packets with a target of QUEUE will be sent to queue number '0'
+in this case. Please also see the
+.B
+NFQUEUE
+target as described later in this man page.)
.I RETURN
means stop traversing this chain and resume at the next rule in the
previous (calling) chain. If the end of a built-in chain is reached
@@ -440,7 +452,8 @@ There are several other changes in iptables.
.BR iptables-restore (8),
.BR ip6tables (8),
.BR ip6tables-save (8),
-.BR ip6tables-restore (8).
+.BR ip6tables-restore (8),
+.BR libipq (3).
.P
The packet-filtering-HOWTO details iptables usage for
packet filtering, the NAT-HOWTO details NAT,
@@ -451,7 +464,7 @@ and the netfilter-hacking-HOWTO details the netfilter internals.
See
.BR "http://www.netfilter.org/" .
.SH AUTHORS
-Rusty Russell wrote iptables, in early consultation with Michael
+Rusty Russell originally wrote iptables, in early consultation with Michael
Neuling.
.PP
Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet
@@ -462,12 +475,12 @@ James Morris wrote the TOS target, and tos match.
.PP
Jozsef Kadlecsik wrote the REJECT target.
.PP
-Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as the TTL, DSCP, ECN matches and targets.
.PP
The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef Kadlecsik,
Patrick McHardy, James Morris, Harald Welte and Rusty Russell.
.PP
-Man page written by Herve Eychenne <rv@wallfire.org>.
+Man page originally written by Herve Eychenne <rv@wallfire.org>.
.\" .. and did I mention that we are incredibly cool people?
.\" .. sexy, too ..
.\" .. witty, charming, powerful ..