/[svn]/hopm/trunk/doc/reference.conf
ViewVC logotype

Annotation of /hopm/trunk/doc/reference.conf

Parent Directory Parent Directory | Revision Log Revision Log


Revision 5052 - (hide annotations)
Mon Dec 22 11:56:03 2014 UTC (7 years, 11 months ago) by michael
Original Path: hopm/trunk/bopm.conf.sample
File size: 23034 byte(s)
- Initial import of bopm 3.1.3
1 michael 5052 /*
2    
3     BOPM sample configuration
4    
5     */
6    
7     options {
8     /*
9     * Full path and filename for storing the process ID of the running
10     * BOPM.
11     */
12     pidfile = "/some/path/bopm.pid";
13    
14     /*
15     * How many seconds to store the IP address of hosts which are
16     * confirmed (by previous scans) to be secure. New users from these
17     * IP addresses will not be scanned again until this amount of time
18     * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
19     * DIRECTIVE, but it is provided due to demand.
20     *
21     * The main reason for not using this feature is that anyone capable
22     * of running a proxy can get abusers onto your network - all they
23     * need do is shut the proxy down, connect themselves, restart the
24     * proxy, and tell their friends to come flood.
25     *
26     * Keep this directive commented out to disable negative caching.
27     */
28     # negcache = 3600;
29    
30     /*
31     * Amount of file descriptors to allocate to asynchronous DNS. 64
32     * should be plenty for almost anyone - previous versions of BOPM only
33     * did one at a time!
34     */
35     dns_fdlimit = 64;
36    
37     /*
38     * Put the full path and filename of a logfile here if you wish to log
39     * every scan done. Normally BOPM only logs successfully detected
40     * proxies in the bopm.log, but you may get abuse reports to your ISP
41     * about portscanning. Being able to show that it was BOPM that did
42     * the scan in question can be useful. Leave commented for no
43     * logging.
44     */
45     # scanlog = "/some/path/scan.log";
46     };
47    
48    
49     IRC {
50     /*
51     * IP to bind to for the IRC connection. You only need to use this if
52     * you wish BOPM to use a particular interface (virtual host, IP
53     * alias, ...) when connecting to the IRC server. There is another
54     * "vhost" setting in the scan {} block below for the actual
55     * portscans. Note that this directive expects an IP address, not a
56     * hostname. Please leave this commented out if you do not
57     * understand what it does, as most people don't need it.
58     */
59     # vhost = "0.0.0.0";
60    
61     /*
62     * Nickname for BOPM to use.
63     */
64     nick = "MyBopm";
65    
66     /*
67     * Text to appear in the "realname" field of BOPM's /whois output.
68     */
69     realname = "Blitzed Open Proxy Monitor";
70    
71     /*
72     * If you don't have an identd running, what username to use.
73     */
74     username = "bopm";
75    
76     /*
77     * Hostname (or IP) of the IRC server which BOPM will monitor
78     * connections on.
79     */
80     server = "myserver.somenetwork.org";
81    
82    
83     /*
84     * Password used to connect to the IRC server (PASS)
85     */
86    
87     # password = "secret";
88    
89    
90     /*
91     * Port of the above server to connect to. This is what BOPM uses to
92     * get onto IRC itself, it is nothing to do with what ports/protocols
93     * are scanned, nor do you need to list every port your ircd listens
94     * on.
95     */
96     port = 6667;
97    
98     /*
99     * Command to execute to identify to NickServ (if your network uses
100     * it). This is the raw IRC command text, and the below example
101     * corresponds to "/msg nickserv identify password" in a client. If
102     * you don't understand, just edit "password" in the line below to be
103     * your BOPM's nick password. Leave commented out if you don't need
104     * to identify to NickServ.
105     */
106     # nickserv = "privmsg nickserv :identify password";
107    
108     /*
109     * The username and password needed for BOPM to oper up.
110     */
111     oper = "bopm operpass";
112    
113     /*
114     * Mode string that BOPM needs to set on itself as soon as it opers
115     * up. This needs to include the mode for seeing connection notices,
116     * otherwise BOPM won't scan anyone (that's usually umode +c). It's
117     * often also a good idea to remove any helper modes so that users
118     * don't try to talk to the BOPM.
119     *
120     * REMEMBER THAT IRCU AND LATER VERSIONS OF UNREAL DO NOT USE A SIMPLE
121     * +c !!
122     */
123     mode = "+c-h";
124    
125     /* Example for Bahamut; +F gives BOPM relaxed flood limits */
126     # mode = "+Fc-h";
127    
128     /*
129     * If this is set then BOPM will use it as an /away message as soon as
130     * it connects.
131     */
132     away = "I'm a bot. Your messages will be ignored.";
133    
134     /*
135     * Info about channels you wish BOPM to join in order to accept
136     * commands. BOPM will also print messages in these channels every
137     * time it detects a proxy. Only IRC operators can command BOPM to do
138     * anything, but some of the things BOPM reports to these channels
139     * could be soncidered sensitive, so it's best not to put BOPM into
140     * public channels.
141     */
142     channel {
143     /*
144     * Channel name. Local ("&") channels are supported if your ircd
145     * supports them.
146     */
147     name = "#bopm";
148    
149     /*
150     * If BOPM will need to use a key to enter this channel, this is
151     * where you specify it.
152     */
153     # key = "somekey";
154    
155     /*
156     * If you use ChanServ then maybe you want to set the channel
157     * invite-only and have each BOPM do "/msg ChanServ invite" to get
158     * itself in. Leave commented if you don't, or if this makes no
159     * sense to you.
160     */
161     # invite = "privmsg chanserv :invite #bopm";
162     };
163    
164     /*
165     * You can define a bunch of channels if you want:
166     *
167     * channel { name = "#other"; }; channel { name="#channel"; }
168     */
169    
170     /*
171     * connregex is a POSIX regular expression used to parse connection
172     * (+c) notices from the ircd. The complexity of the expression should
173     * be kept to a minimum.
174     *
175     * Items in order MUST be: nick user host IP
176     *
177     * BOPM will not work with ircds which do not send an IP in the
178     * connection notice.
179     *
180     * This is fairly complicated stuff, and the consequences of getting
181     * it wrong are the BOPM does not scan anyone. Unless you know
182     * absolutely what you are doing, please just uncomment the example
183     * below that best matches the type of ircd you use.
184     *
185     * !!! NOTE !!! If a connregex for your ircd does not appear here and the
186     * hybrid connregex does not appear to work, check the BOPM FAQ at
187     * http://wiki.blitzed.org/BOPM before contacting our lists for help.
188     *
189     */
190    
191     /* Hybrid / Bahamut / Unreal (in HCN mode) */
192     connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
193    
194     /*
195     * Ultimate ircd - note the control-B characters around Connect/Exit,
196     * that is because that text appears in bold in the actual connect
197     * notice. Be very careful when editing this, do it as you would put
198     * bold characters into IRC MOTDs.
199     */
200     # connregex = "\\*\\*\\* Connect/Exit -- from [^:]+: Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
201    
202     /*
203     * SorIRCd 1.3.4+ / StarIRCd 5.26+.
204     */
205     # connregex = "\\*\\*\\* Notice -- Client connecting on port [0-9]+: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";
206    
207    
208     /*
209     * "kline" controls the command used when an open proxy is confirmed.
210     * We suggest applying a temporary (no more than a few hours) KLINE on the host.
211     *
212     * <WARNING>
213     * Make sure if you need to change this string you also change the
214     * kline command for every DNSBL you enable below.
215     *
216     * Also note that some servers do not allow you to include ':' characters
217     * inside the KLINE message (e.g. for a http:// address).
218     *
219     * Users rewriting this message into something that isn't even a valid
220     * IRC command is the single most common cause of support requests and
221     * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE
222     * KLINE COMMANDS BELOW.
223     * </WARNING>
224     *
225     * That said, should you wish to customise this text, several
226     * printf-like placeholders are available:
227     *
228     * %n User's nick
229     * %u User's username
230     * %h User's irc hostname
231     * %i User's IP address
232     *
233     */
234     kline = "KLINE *@%h :Open Proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
235    
236     /* A GLINE example for IRCu: */
237     # kline = "GLINE +*@%i 1800 :Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
238    
239     /* An AKILL example for services with OperServ
240     * Your BOPM must have permission to AKILL for this to work! */
241    
242     # kline = "PRIVMSG OpenServ :AKILL +3h *@%h Open proxy found on your host. Please visit www.blitzed.org/proxy?ip=%i for more information.";
243    
244     /*
245     * Text to send on connection, these can be stacked and will be sent in this order
246     *
247     * !!! UNREAL USERS PLEASE NOTE !!!
248     * Unreal users will need PROTOCTL HCN to force hybrid connect
249     * notices.
250     *
251     * Yes Unreal users! That means you! That means you need the line
252     * below! See that thing at the start of the line? That's what we
253     * call a comment! Remove it to UNcomment the line.
254     */
255     # perform = "PROTOCTL HCN";
256    
257     };
258    
259    
260     /*
261     * OPM Block defines blacklists and information required to report new proxies
262     * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
263     * file. There are several blacklist that list IP addresses known to be open
264     * proxies or other forms of IRC abuse. By checking against these blacklists,
265     * BOPMs are able to ban known sources of abuse without completely scanning them.
266     */
267    
268     OPM {
269     /*
270     * Blacklist zones to check IPs against. If you would rather not
271     * trust a remotely managed blacklist, you could set up your own, or
272     * leave these commented out in which case every user will be
273     * scanned. The use of at least one open proxy DNSBL is recommended
274     * however.
275     *
276     * Blitzed is not associated with any of these DNSBLs, please check
277     * the policies of each blacklist you use to check you are comfortable
278     * with using them to block access to your server (and that you are
279     * allowed to use them).
280     */
281    
282     /* DroneBL - http://dronebl.org */
283     # blacklist {
284     # /* The DNS name of the blacklist */
285     # name = "dnsbl.dronebl.org";
286     #
287     # /*
288     # * There are only two values that are valid for this
289     # * "A record bitmask" and "A record reply"
290     # * These options affect how the values specified to reply
291     # * below will be interpreted, a bitmask is where the reply
292     # * values are 2^n and more than one is added up, a reply is
293     # * simply where the last octet of the IP is that number.
294     # * If you are not sure then the values set for dnsbl.dronebl.org
295     # * will work without any changes.
296     # */
297     # type = "A record reply";
298     #
299     # /* Kline types not listed in the reply list below.
300     # *
301     # * For DNSBLs that are not IRC specific and you just wish to kline
302     # * certain types this can be disabled.
303     # */
304     # ban_unknown = yes;
305     #
306     # /* The actual values returned by the dnsbl.dronebl.org blacklist
307     # * As documented at http://www.dronebl.org/howtouse.do */
308     # reply {
309     # 2 = "Sample";
310     # 3 = "IRC Drone";
311     # 4 = "Tor";
312     # 5 = "Bottler";
313     # 6 = "Unknown spambot or drone";
314     # 7 = "DDOS Drone";
315     # 8 = "SOCKS Proxy";
316     # 9 = "HTTP Proxy";
317     # 10 = "ProxyChain";
318     # 255 = "Unknown";
319     # };
320     #
321     # /* The kline message sent for this specific blacklist, remember to put
322     # * the removal method in this.
323     # */
324     # kline = "KLINE *@%h :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=Network";
325     # };
326    
327     # /* ircbl.ahbl.org - see http://ahbl.org/docs/ircbl
328     # * http://oldwww.temp.ahbl.org/docs/ircbl.php */
329     # blacklist {
330     # name = "ircbl.ahbl.org";
331     # type = "A record reply";
332     # ban_unknown = no;
333     # reply {
334     # 2 = "Open proxy";
335     # };
336     # kline = "KLINE *@%h :Listed in ircbl.ahbl.org. See http://ahbl.org/removals";
337     # };
338    
339     /* tor.dnsbl.sectoor.de - http://www.sectoor.de/tor.php */
340     # blacklist {
341     # name = "tor.dnsbl.sectoor.de";
342     # type = "A record reply";
343     # reply {
344     # 1 = "Tor exit server";
345     # };
346     # ban_unknown = no;
347     # kline = "KLINE *@%h :Tor exit server detected. See www.sectoor.de/tor.php?ip=%i";
348     # };
349    
350     /* rbl.efnet.org - http://rbl.efnet.org/ */
351     # blacklist {
352     # name = "rbl.efnet.org";
353     # type = "A record reply";
354     # reply {
355     # 1 = "Open proxy";
356     # 2 = "Trojan spreader";
357     # 3 = "Trojan infected client";
358     # 4 = "TOR exit server";
359     # 5 = "Drones / Flooding";
360     # };
361     # ban_unknown = yes;
362     # kline = "KLINE *@%h :Listed in rbl.efnet.org. See rbl.efnet.org/?i=%i";
363     # };
364    
365    
366     /* example: NJABL - please read http://www.njabl.org/use.html before
367     * uncommenting */
368     # blacklist {
369     # name = "dnsbl.njabl.org";
370     # type = "A record reply";
371     # reply {
372     # 9 = "Open proxy";
373     # };
374     # ban_unknown = no;
375     # kline = "KLINE *@%h :Open proxy found on your host, please visit www.njabl.org/cgi-bin/lookup.cgi?query=%i";
376     # };
377    
378     /*
379     * You can report the insecure proxies you find to a DNSBL also!
380     * The remaining directives in this section are only needed if you
381     * intend to do this. Reports are sent by email, one email per IP
382     * address. The format does support multiple addresses in one email,
383     * but we don't know of any servers that are detecting enough insecure
384     * proxies for this to be really necessary.
385     */
386    
387     /*
388     * Email address to send reports FROM. If you intend to send reports,
389     * please pick an email address that we can actually send mail to
390     * should we ever need to contact you.
391     */
392     # dnsbl_from = "mybopm@myserver.org";
393    
394     /*
395     * Email address to send reports TO.
396     * For example DroneBL:
397     */
398     # dnsbl_to = "bopm-report@dronebl.org";
399    
400     /*
401     * Full path to your sendmail binary. Even if your system does not
402     * use sendmail, it probably does have a binary called "sendmail"
403     * present in /usr/sbin or /usr/lib. If you don't set this, no
404     * proxies will be reported.
405     */
406     # sendmail = "/usr/sbin/sendmail";
407     };
408    
409    
410     /*
411     * The short explanation:
412     *
413     * This is where you define what ports/protocols to check for. You can have
414     * multiple scanner blocks and then choose which users will get scanned by
415     * which scanners further down.
416     *
417     * The long explanation:
418     *
419     * Scanner defines a virtual scanner. For each user being scanned, a scanner
420     * will use a file descriptor (and subsequent connection) for each protocol.
421     * Once connecting it will negotiate the proxy to connect to
422     * target_ip:target_port (target_ip MUST be an IP).
423     *
424     * Once connected, any data passed through the proxy will be checked to see if
425     * target_string is contained within that data. If it is the proxy is
426     * considered open. If the connection is closed at any point before
427     * target_string is matched, or if at least max_read bytes are read from the
428     * connection, the negotiation is considered failed.
429     */
430    
431     scanner {
432    
433     /*
434     * Unique name of this scanner. This is used further down in the
435     * user {} blocks to decide which users get affected by which
436     * scanners.
437     */
438     name="default";
439    
440     /*
441     * HTTP CONNECT - very common proxy protocol supported by widely known
442     * software such as Squid and Apache. The most common sort of
443     * insecure proxy and found on a multitude of weird ports too. Offers
444     * transparent two way TCP connections.
445     */
446     protocol = HTTP:80;
447     protocol = HTTP:8080;
448     protocol = HTTP:3128;
449     protocol = HTTP:6588;
450    
451     /*
452     * SOCKS4/5 - well known proxy protocols, probably the second most
453     * common for insecure proxies, also offers transparent two way TCP
454     * connections. Fortunately largely confined to port 1080.
455     */
456     protocol = SOCKS4:1080;
457     protocol = SOCKS5:1080;
458    
459     /*
460     * Cisco routers with a default password (yes, it really does happen).
461     * Also pretty much anything else that will let you telnet to anywhere
462     * else on the internet. Fortunately these are always on port 23.
463     */
464     protocol = ROUTER:23;
465    
466     /*
467     * WinGate is commercial windows proxy software which is now not so
468     * common, but still to be found, and helpfully presents an interface
469     * that can be used to telnet out, on port 23.
470     */
471     protocol = WINGATE:23;
472    
473     /*
474     * The HTTP POST protocol, often dismissed when writing the access
475     * controls for proxies, but sadly can still be used to abused.
476     * Offers only the opportunity to send a single block of data, but
477     * enough of them at once can still make for a devastating flood.
478     * Found on the same ports that HTTP CONNECT proxies inhabit.
479     *
480     * Note that if your ircd has "ping cookies" then clients from HTTP
481     * POST proxies cannot actually ever get onto your network anyway. If
482     * you leave the checks in then you'll still find some (because some
483     * people IRC from boxes that run them), but if you use BOPM purely as
484     * a protective measure and you have ping cookies, you need not scan
485     * for HTTP POST.
486     */
487     protocol = HTTPPOST:80;
488    
489     /*
490     * IP this scanner will bind to. Use this if you need your scans to
491     * come FROM a particular interface on the machine you run BOPM from.
492     * If you don't understand what this means, please leave this
493     * commented out, as this is a major source of support queries!
494     */
495     # vhost = "127.0.0.1";
496    
497     /* Maximum file descriptors this scanner can use. Remember that there
498     * will be one FD for each protocol listed above. As this example
499     * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
500     * limit, this scanner can be used on 64 users _at the same time_.
501     * That should be adequate for most servers.
502     */
503     fd = 512;
504    
505     /*
506     * Maximum data read from a proxy before considering it closed. Don't
507     * set this too high, some people have fun setting up lots of ports
508     * that send endless data to tie up your scanner. 4KB is plenty for
509     * any known proxy.
510     */
511     max_read = 4096;
512    
513     /*
514     * Amount of time (in seconds) before a test is considered timed out.
515     * Again, all but the poorest slowest proxies will be detected within
516     * 30 seconds, and this helps keep resource usage low.
517     */
518     timeout = 30;
519    
520     /*
521     * Target IP to tell the proxy to connect to
522     *
523     * !!! THIS MUST BE CHANGED !!!
524     *
525     * You cannot instruct the proxy to connect to itself! The easiest
526     * thing to do would be to set this to the IP of your ircd and then
527     * keep the default target_strings.
528     *
529     * Please use an IP that is publically reachable from anywhere on the
530     * Internet, because you have no way of knowing where the insecure
531     * proxies will be located. Just because you and your BOPM can
532     * connect to your ircd on some private IP like 192.168.0.1, does not
533     * mean that the insecure proxies out there on the Internet will be
534     * able to. And if they never connect, you will never detect them.
535     *
536     * Remember to change this setting for every scanner you configure.
537     *
538     */
539     target_ip = "127.0.0.1";
540    
541     /*
542     * Target port to tell the proxy to connect to. This is usually
543     * something like 6667. Basically any client-usable port.
544     */
545     target_port = 6667;
546    
547     /*
548     * Target string we check for in the data read back by the scanner.
549     * This should be some string out of the data that your ircd usually
550     * sends on connect. The example below will work on most
551     * hybrid/bahamut ircds. Multiple target strings are allowed.
552     *
553     * NOTE: Try to keep the number of target strings to a minimum. Two
554     * should be fine. One for normal connections and one for throttled
555     * connections. Comment out any others for efficiency.
556     */
557    
558     /* Usually first line sent to client on connection to ircd.
559     * If your ircd supports a more specific line (see below),
560     * using it will reduce false positives.
561     */
562     target_string = "*** Looking up your hostname...";
563    
564     /* Some ircds give a source for the NOTICE AUTH (bahamut for example).
565     * It is recommended you use the following instead of the generic
566     * "*** Looking up your hostname..." if your ircd supports it.
567     * This will reduce the chances of false positives.
568     */
569     # target_string = ":server.yournetwork.org NOTICE AUTH :*** Looking up your hostname...";
570    
571     /* If you try to connect too fast, you'll be throttled by your own
572     * ircd. Here's what a hybrid throttle message looks like:
573     */
574     target_string = "ERROR :Trying to reconnect too fast.";
575    
576     /* And the same for bahamut (comment this out if you're not using bahamut): */
577     target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
578     };
579    
580     scanner {
581     name = "extended";
582    
583     protocol = HTTP:81;
584     protocol = HTTP:8000;
585     protocol = HTTP:8001;
586     protocol = HTTP:8081;
587    
588     protocol = HTTPPOST:81;
589     protocol = HTTPPOST:6588;
590     # protocol = HTTPPOST:4480;
591     protocol = HTTPPOST:8000;
592     protocol = HTTPPOST:8001;
593     protocol = HTTPPOST:8080;
594     protocol = HTTPPOST:8081;
595    
596     /*
597     * IRCnet have seen many socks5 on these ports, more than on the
598     * standard ports even.
599     */
600     protocol = SOCKS4:4914;
601     protocol = SOCKS4:6826;
602     protocol = SOCKS4:7198;
603     protocol = SOCKS4:7366;
604     protocol = SOCKS4:9036;
605    
606     protocol = SOCKS5:4438;
607     protocol = SOCKS5:5104;
608     protocol = SOCKS5:5113;
609     protocol = SOCKS5:5262;
610     protocol = SOCKS5:5634;
611     protocol = SOCKS5:6552;
612     protocol = SOCKS5:6561;
613     protocol = SOCKS5:7464;
614     protocol = SOCKS5:7810;
615     protocol = SOCKS5:8130;
616     protocol = SOCKS5:8148;
617     protocol = SOCKS5:8520;
618     protocol = SOCKS5:8814;
619     protocol = SOCKS5:9100;
620     protocol = SOCKS5:9186;
621     protocol = SOCKS5:9447;
622     protocol = SOCKS5:9578;
623    
624     /*
625     * These came courtsey of Keith Dunnett from a bunch of public open
626     * proxy lists.
627     */
628     protocol = SOCKS4:29992;
629     protocol = SOCKS4:38884;
630     protocol = SOCKS4:18844;
631     protocol = SOCKS4:17771;
632     protocol = SOCKS4:31121;
633    
634     fd = 400;
635    
636     /* If required you can add settings such as target_ip here
637     * they will override the defaults set in the first scanner
638     * for this and subsequent scanners defined in the config file
639     * This affects the following options:
640     * fd, vhost, target_ip, target_port, target_string, timeout and
641     * max_read.
642     */
643     };
644    
645    
646    
647     /*
648     * User blocks define what scanners will be used to scan which hostmasks. When
649     * a user connects they will be scanned on every scanner {} (above) that
650     * matches their host.
651     */
652    
653     user {
654     /*
655     * Users matching this host mask will be scanned with all the
656     * protocols in the scanner named.
657     */
658     mask = "*!*@*";
659     scanner = "default";
660     };
661    
662     user {
663     /* Connections without ident will match on a vast number of connections
664     * very few proxies run ident though */
665     # mask = "*!~*@*";
666     mask = "*!squid@*";
667     mask = "*!nobody@*";
668     mask = "*!www-data@*";
669     mask = "*!cache@*";
670     mask = "*!CacheFlowS@*";
671     mask = "*!*@*www*";
672     mask = "*!*@*proxy*";
673     mask = "*!*@*cache*";
674    
675     scanner = "extended";
676     };
677    
678    
679     /*
680     * Exempt hosts matching certain strings from any form of scanning or dnsbl.
681     * BOPM will check each string against both the hostname and the IP address of
682     * the user.
683     *
684     * There are very few valid reasons to actually use "exempt". BOPM should
685     * never get false positives, and we would like to know very much if it does.
686     * One possible scenario is that the machine BOPM runs from is specifically
687     * authorized to use certain hosts as proxies, and users from those hosts use
688     * your network. In this case, without exempt, BOPM will scan these hosts,
689     * find itself able to use them as proxies, and ban them.
690     */
691     exempt {
692     mask = "*!*@127.0.0.1";
693     };

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28