readme: rewrite badsum limitations

docs/readme.eng.txt

@@ -177,11 +177,11 @@ add tcp option "MD5 signature". All of them have their own disadvantages :
   The most common Linux NAT router configuration does not pass them. Most home routers are Linux based.
   The default sysctl configuration net.netfilter.nf_conntrack_checksum=1 causes contrack to verify tcp and udp checksums
   and set INVALID state for packets with invalid checksum.
-  Typically, iptables rules include a rule for dropping packets with INVALID state, either only in FORWARD chain,
-  or both in FORWARD and OUTPUT chains. The combination of these factors does not allow badsum packets to pass through the router.
-  Presence of a drop INVALID rule in the OUTPUT chain blocks nfqws running on the router from using badsum option.
+  Typically, iptables rules include a rule for dropping packets with INVALID state in the FORWARD chain.
+  The combination of these factors does not allow badsum packets to pass through the router.
   In openwrt mentioned sysctl is set to 0 from the box, in other routers its often left in the default "1" state.
-  For nfqws to work properly set net.netfilter.nf_conntrack_checksum=0 on the router.
+  For nfqws to work properly through the router set net.netfilter.nf_conntrack_checksum=0 on the router.
+  System never verifies checksums of locally generated packets so nfqws will always work on the router itself.
   If you are behind another NAT, such as a ISP, and it does not pass invalid packages, there is nothing you can do about it.
   But usually ISPs pass badsum.
 * badsum doesn't work if your device is behind NAT which does not pass invalid packets.