1This target passes the packet to userspace using the 2\fBnfnetlink_queue\fP handler. The packet is put into the queue 3identified by its 16-bit queue number. Userspace can inspect 4and modify the packet if desired. Userspace must then drop or 5reinject the packet into the kernel. Please see libnetfilter_queue 6for details. 7.B 8nfnetlink_queue 9was added in Linux 2.6.14. The \fBqueue\-balance\fP option was added in Linux 102.6.31, 11\fBqueue\-bypass\fP in 2.6.39. 12.TP 13\fB\-\-queue\-num\fP \fIvalue\fP 14This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0. 15.PP 16.TP 17\fB\-\-queue\-balance\fP \fIvalue\fP\fB:\fP\fIvalue\fP 18This specifies a range of queues to use. Packets are then balanced across the given queues. 19This is useful for multicore systems: start multiple instances of the userspace program on 20queues x, x+1, .. x+n and use "\-\-queue\-balance \fIx\fP\fB:\fP\fIx+n\fP". 21Packets belonging to the same connection are put into the same nfqueue. 22Due to implementation details, a lower range value of 0 limits the higher range 23value to 65534, i.e. one can only balance between at most 65535 queues. 24.PP 25.TP 26\fB\-\-queue\-bypass\fP 27By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued 28are dropped. When this option is used, the NFQUEUE rule behaves like ACCEPT instead, and the packet 29will move on to the next table. 30.PP 31.TP 32\fB\-\-queue\-cpu\-fanout\fP 33Available starting Linux kernel 3.10. When used together with 34\fB\-\-queue\-balance\fP this will use the CPU ID as an index to map packets to 35the queues. The idea is that you can improve performance if there's a queue 36per CPU. This requires \fB\-\-queue\-balance\fP to be specified. 37