QUEUE makes the packet leave the entire hook, meaning when userspace sets the verdict then the packet will continue at the next netfilter hook (if any). No further rules in the same hook will be processed.
This makes QUEUE somewhat pointless to use in the nat table as QUEUE cannot do any NAT:ing of the packet.. I don't think QUEUE can be used in the manner you are after just yet. On Friday 15 March 2002 07:16, Iman Mayes wrote: > Is there a way to combine the QUEUE functionality and MASQUERADE to > do "conditional" masquerading based the results of inspecting a > packet in userspace? I want to write a program using ip_queue that > looks at a packet and is able to allow it to be handled locally, or > pass it to MASQ. I have a program that intercepts certain packets > passed onto the QUEUE mechanism. It is able to tell me if the > packet is acceptable, but all I know to do at this point is to just > pass it back with NF_ACCEPT.
