From c4d5bb904be43915e5149205c98f73e7644a3552 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 26 Aug 2019 15:45:26 -0700 Subject: [PATCH] Correct description of 'bypass' in shorewall-rules(5). Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-rules.xml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml index 35483eb20..ff7fffd46 100644 --- a/Shorewall/manpages/shorewall-rules.xml +++ b/Shorewall/manpages/shorewall-rules.xml @@ -674,15 +674,15 @@ the keyword bypass can be given. By default, if no userspace program is listening on an NFQUEUE, then all packets that are to be queued are dropped. - When this option is used, the NFQUEUE rule is silently - bypassed instead. The packet will move on to the next rule. - Also beginning in Shorewall 4.6.10, a second queue number - (queuenumber2) may be specified. - This specifies a range of queues to use. Packets are then - balanced across the given queues. This is useful for multicore - systems: start multiple instances of the userspace program on - queues x, x+1, .. x+n and use "x:x+n". Packets belonging to - the same connection are put into the same nfqueue. + When this option is used, the NFQUEUE rule behaves like ACCEPT + instead. Also beginning in Shorewall 4.6.10, a second queue + number (queuenumber2) may be + specified. This specifies a range of queues to use. Packets + are then balanced across the given queues. This is useful for + multicore systems: start multiple instances of the userspace + program on queues x, x+1, .. x+n and use "x:x+n". Packets + belonging to the same connection are put into the same + nfqueue. Beginning with Shorewall 5.1.0, queuenumber2 may be followed by the letter 'c' to indicate that the CPU ID will be