|author||Florian Westphal <firstname.lastname@example.org>||2013-07-12 23:14:27 +0200|
|committer||Pablo Neira Ayuso <email@example.com>||2013-08-06 18:44:11 +0200|
doc: add libnetfilter_queue pointer to libxt_NFQUEUE.man
... and remove the QUEUE snippets from ip(6)tables man page, the queue target was replaced by nfqueue years ago. Fix up a couple of needless differences in ip(6)tables.8, too. Signed-off-by: Florian Westphal <firstname.lastname@example.org>
2 files changed, 12 insertions, 19 deletions
diff --git a/extensions/libxt_NFQUEUE.man b/extensions/libxt_NFQUEUE.man
index 7a991291..1bfb7b84 100644
@@ -1,11 +1,12 @@
-This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
-you to put a packet into any specific queue, identified by its 16-bit queue
-It can only be used with Kernel versions 2.6.14 or later, since it requires
+This target passes the packet to userspace using the
+\fBnfnetlink_queue\fP handler. The packet is put into the queue
+identified by its 16-bit queue number. Userspace can inspect
+and modify the packet if desired. Userspace must then drop or
+reinject the packet into the kernel. Please see libnetfilter_queue
-kernel support. The \fBqueue-balance\fP option was added in Linux 2.6.31,
+was added in Linux 2.6.14. The \fBqueue-balance\fP option was added in Linux 2.6.31,
\fBqueue-bypass\fP in 2.6.39.
diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in
index 6f310039..9b8f4ccc 100644
@@ -64,21 +64,14 @@ a `target', which may be a jump to a user-defined chain in the same
A firewall rule specifies criteria for a packet and a target. If the
-packet does not match, the next rule in the chain is the examined; if
+packet does not match, the next rule in the chain is examined; if
it does match, then the next rule is specified by the value of the
-target, which can be the name of a user-defined chain or one of the
-special values \fBACCEPT\fP, \fBDROP\fP, \fBQUEUE\fP or \fBRETURN\fP.
+target, which can be the name of a user-defined chain, one of the targets
+described in \fBiptables\-extensions\fP(8), or one of the
+special values \fBACCEPT\fP, \fBDROP\fP or \fBRETURN\fP.
\fBACCEPT\fP means to let the packet through.
\fBDROP\fP means to drop the packet on the floor.
-\fBQUEUE\fP means to pass the packet to userspace.
-(How the packet can be received
-by a userspace process differs by the particular queue handler. 2.4.x
-and 2.6.x kernels up to 2.6.13 include the \fBip_queue\fP
-queue handler. Kernels 2.6.14 and later additionally include the
-\fBnfnetlink_queue\fP queue handler. Packets with a target of QUEUE will be
-sent to queue number '0' in this case. Please also see the \fBNFQUEUE\fP
-target as described later in this man page.)
\fBRETURN\fP means stop traversing this chain and resume at the next
rule in the
previous (calling) chain. If the end of a built-in chain is reached
@@ -422,8 +415,7 @@ There are several other changes in iptables.
The packet-filtering-HOWTO details iptables usage for
packet filtering, the NAT-HOWTO details NAT,