If you run a kernel higher than 2.6.14 (and you should!), you should set the following options:
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=Y or m CONFIG_NETFILTER_NETLINK=Y or m CONFIG_IP_NF_CONNTRACK=m (we advise you don't set this option statically) CONFIG_IP_NF_CONNTRACK_EVENTS=YSetting these options will allow you to use the NFQUEUE target, and use very simple Netfilter rules.