Correct description of 'bypass' in shorewall-rules(5).

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/manpages/shorewall-rules.xml

@@ -674,15 +674,15 @@
                 the keyword <emphasis role="bold">bypass</emphasis> can be
                 given. By default, if no userspace program is listening on an
                 NFQUEUE, then all packets that are to be queued are dropped.
-                When this option is used, the NFQUEUE rule is silently
+                When this option is used, the NFQUEUE rule behaves like ACCEPT
-                bypassed instead. The packet will move on to the next rule.
+                instead. Also beginning in Shorewall 4.6.10, a second queue
-                Also beginning in Shorewall 4.6.10, a second queue number
+                number (<replaceable>queuenumber2</replaceable>) may be
-                (<replaceable>queuenumber2</replaceable>) may be specified.
+                specified. This specifies a range of queues to use. Packets
-                This specifies a range of queues to use. Packets are then
+                are then balanced across the given queues. This is useful for
-                balanced across the given queues. This is useful for multicore
+                multicore systems: start multiple instances of the userspace
-                systems: start multiple instances of the userspace program on
+                program on queues x, x+1, .. x+n and use "x:x+n". Packets
-                queues x, x+1, .. x+n and use "x:x+n". Packets belonging to
+                belonging to the same connection are put into the same
-                the same connection are put into the same nfqueue.</para>
+                nfqueue.</para>
 
                 <para>Beginning with Shorewall 5.1.0, queuenumber2 may be
                 followed by the letter 'c' to indicate that the CPU ID will be