@ -26,10 +26,11 @@ The second match extension is called *ts3init_get_puzzle*. It matches if the pac
$ iptables -m ts3init_get_puzzle -h
$ iptables -m ts3init_get_puzzle -h
<..>
<..>
ts3init_get_puzzle match options:
ts3init_get_puzzle match options:
--min-client n The sending client needs to be at least version n.
--min-client n The sending client needs to be at least version.
--check-cookie seed Check the cookie. Assume it was generated with seed.
--check-cookie Check that the cookie was generated by same seed.
seed is a 60 byte random number in hex. A source
--seed <seed> Seed is a 60 byte lowercase hex number in.
could be /dev/random.
A source could be /dev/random.
--seed-file <file> Read the seed from a file.
```
```
The min-client parameter is the same as above. The check-cookie parameter matches if it matches the cookie that was generated in the netfilter target extension ts3init_set_cookie. To match the seed needs to be exactly the same of course. It is possible to check cookies that were generated on a different machine, provided that those machines have the same date and time, and the seem seed specified. In other words: The cookie is created in a deterministic way, depending only on the current time and the seed.
The min-client parameter is the same as above. The check-cookie parameter matches if it matches the cookie that was generated in the netfilter target extension ts3init_set_cookie. To match the seed needs to be exactly the same of course. It is possible to check cookies that were generated on a different machine, provided that those machines have the same date and time, and the seem seed specified. In other words: The cookie is created in a deterministic way, depending only on the current time and the seed.