ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid-7.2/etc/example.conf
Revision: 555
Committed: Sat Apr 22 09:39:44 2006 UTC (17 years, 11 months ago) by michael
File size: 35361 byte(s)
Log Message:
- Updated RELNOTED.  Added missing entries etc..
  BUGS, TODO, INSTALL: likewise
- Fixed formatting in example.conf

File Contents

# User Rev Content
1 adx 30 /* doc/example.conf - ircd-hybrid-7 Example configuration file
2     * Copyright (C) 2000-2005 Hybrid Development Team
3     *
4     * Written by ejb, wcampbel, db, leeh and others
5     * Other example configurations can be found in the source dir under
6     * etc/.
7     *
8 knight 31 * $Id$
9 adx 30 */
10    
11     /* IMPORTANT NOTES:
12     *
13     * auth {} blocks MUST be specified in order of precedence. The first one
14     * that matches a user will be used. So place spoofs first, then specials,
15     * then general access.
16     *
17     * Shell style (#), C++ style (//) and C style comments are supported.
18     *
19     * Files may be included by either:
20     * .include "filename"
21     * .include <filename>
22     *
23     * Times/durations are written as:
24     * 12 hours 30 minutes 1 second
25     *
26     * Valid units of time:
27     * month, week, day, hour, minute, second
28     *
29     * Valid units of size:
30     * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
31     *
32     * Sizes and times may be singular or plural.
33     */
34    
35     /* EFNET NOTE:
36     *
37     * This config file is NOT suitable for EFNet. EFNet admins should use
38     * example.efnet.conf
39     */
40    
41     /* serverinfo {}: Contains information about the server. (OLD M:) */
42     serverinfo {
43     /* name: the name of our server */
44     name = "hades.arpa";
45    
46     /*
47     * A server's unique ID. This is three characters long and must be in
48     * the form [0-9][A-Z0-9][A-Z0-9]. The first character must be a
49     * digit, followed by 2 alpha-numerical letters.
50     * Note: The letters must be capitalized.
51     */
52     sid = "_CHANGE_ME_";
53    
54     /*
55     * description: the description of the server. '[' and ']' may not
56     * be used here for compatibility with older servers.
57     */
58     description = "hybrid-7 test server";
59    
60     /*
61     * network info: the name and description of the network this server
62     * is on. Shown in the 005 reply and used with serverhiding.
63     */
64     network_name = "MyNet";
65     network_desc = "This is My Network";
66    
67     /*
68     * hub: allow this server to act as a hub and have multiple servers
69     * connected to it. This may not be changed if there are active
70     * LazyLink servers.
71     */
72     hub = no;
73    
74     /*
75     * vhost: the IP to bind to when we connect outward to ipv4 servers.
76     * This should be an ipv4 IP only, or "* for INADDR_ANY.
77     */
78     #vhost = "192.169.0.1";
79    
80     /*
81     * vhost6: the IP to bind to when we connect outward to ipv6 servers.
82     * This should be an ipv6 IP only, or "* for INADDR_ANY.
83     */
84     #vhost6 = "3ffe:80e8:546::2";
85    
86     /* max_clients: the maximum number of clients allowed to connect */
87     max_clients = 512;
88    
89     /*
90     * rsa key: the path to the file containing our rsa key for cryptlink.
91     *
92     * Example command to store a 2048 bit RSA keypair in
93     * rsa.key, and the public key in rsa.pub:
94     *
95     * openssl genrsa -out rsa.key 2048
96     * openssl rsa -in rsa.key -pubout -out rsa.pub
97     * chown <ircd-user>.<ircd.group> rsa.key rsa.pub
98     * chmod 0600 rsa.key
99     * chmod 0644 rsa.pub
100     */
101     #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
102    
103     /*
104     * ssl certificate: the path to the file containing our ssl certificate
105     * for encrypted client connection.
106     *
107     * This assumes your private RSA key is stored in rsa.key. You
108     * MUST have an RSA key in order to generate the certificate
109     *
110 michael 439 * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
111 adx 30 *
112     * See http://www.openssl.org/docs/HOWTO/certificates.txt
113     *
114     * Please use the following values when generating the cert
115     *
116     * Organization Name: Network Name
117     * Organization Unit Name: changme.someirc.net
118     * Common Name: irc.someirc.net
119     * E-mail: you@domain.com
120     */
121     #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
122     };
123    
124     /* admin {}: contains admin information about the server. (OLD A:) */
125     admin {
126     name = "Smurf target";
127     description = "Main Server Administrator";
128     email = "<syn@packets.r.us>";
129     };
130    
131     /* logging {}: contains information about logfiles. */
132     logging {
133     /* Do you want to enable logging to ircd.log? */
134     use_logging = yes;
135    
136     /*
137     * logfiles: the logfiles to use for user connects, /oper uses,
138     * and failed /oper. These files must exist for logging to be used.
139     */
140     fuserlog = "logs/userlog";
141     foperlog = "logs/operlog";
142     fkilllog = "logs/kill";
143     fklinelog = "logs/kline";
144     fglinelog = "logs/gline";
145    
146     /*
147     * log level: the amount of detail to log in ircd.log. The
148     * higher, the more information is logged. May be changed
149     * once the server is running via /quote SET LOG. Either:
150     * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
151     */
152     log_level = L_INFO;
153     };
154    
155     /* log is a synonym for logging
156     * fname_userlog is a synonym for fuserlog
157     * fname_operlog is a synonym for foperlog
158     * fname_killlog is a synonym for fkilllog
159     * fname_glinelog is a synonym for fglinelog
160     * hence this is equivalent to the above
161     */
162     log {
163     fname_userlog = "logs/userlog";
164     fname_operlog = "logs/operlog";
165     fname_killlog = "logs/kill";
166     fname_klinelog = "logs/kline";
167     fname_glinelog = "logs/gline";
168     log_level = L_INFO;
169     };
170    
171     /* class {}: contain information about classes for users (OLD Y:) */
172     class {
173     /* name: the name of the class. classes are text now */
174     name = "users";
175    
176     /*
177     * ping_time: how often a client must reply to a PING from the
178     * server before they are dropped.
179     */
180 adx 40 ping_time = 1 minute 30 seconds;
181 adx 30
182 adx 40 /* optional: how many local users are allowed to connect from one IP */
183     number_per_ip = 4;
184 adx 30
185 adx 40 /*
186     * optional: how many local users are allowed to connect
187     * from one ident@host
188     */
189 adx 30 max_local = 2;
190    
191 adx 40 /* optional: network-wide limit of users per ident@host */
192 adx 30 max_global = 10;
193    
194 adx 40 /* optional: the maximum number of users allowed in this class */
195 adx 30 max_number = 100;
196    
197 adx 40 /*
198     * the following lines are optional and allow you to define
199     * how many users can connect from one /NN subnet
200     */
201     cidr_bitlen_ipv4 = 24;
202     cidr_bitlen_ipv6 = 120;
203     number_per_cidr = 16;
204    
205 adx 30 /*
206     * sendq: the amount of data allowed in a clients queue before
207     * they are dropped.
208     */
209     sendq = 100 kbytes;
210     };
211    
212     class {
213     name = "opers";
214     ping_time = 5 minutes;
215     number_per_ip = 10;
216     max_number = 100;
217     sendq = 100kbytes;
218     };
219    
220     class {
221     name = "server";
222 adx 40 ping_time = 1 minute 30 seconds;
223 adx 30
224 michael 555 /*
225 adx 30 * ping_warning: how fast a server must reply to a PING before
226     * a warning to opers is generated.
227     */
228     ping_warning = 15 seconds;
229    
230     /*
231     * connectfreq: only used in server classes. Specifies the delay
232     * between autoconnecting to servers.
233     */
234     connectfreq = 5 minutes;
235    
236     /* max number: the amount of servers to autoconnect to */
237     max_number = 1;
238    
239     /* sendq: servers need a higher sendq as they send more data */
240     sendq = 2 megabytes;
241     };
242    
243     /* listen {}: contain information about the ports ircd listens on (OLD P:) */
244     listen {
245     /*
246     * port: the specific port to listen on. If no host is specified
247     * before, it will listen on all available IPs.
248     *
249     * Ports are separated via a comma, a range may be specified using ".."
250     */
251    
252     /* port: listen on all available IPs, ports 6665 to 6669 */
253     port = 6665 .. 6669;
254    
255     /*
256     * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
257     * unless you are an administrator.
258     *
259     * NOTE: The "flags" directive has to come before "port". Always!
260     */
261     flags = hidden, ssl;
262     host = "192.168.0.1";
263     port = 6697;
264    
265     /*
266     * host: set a specific IP/host the ports after the line will listen
267     * on. This may be ipv4 or ipv6.
268     */
269     host = "1.2.3.4";
270     port = 7000, 7001;
271    
272     host = "3ffe:1234:a:b:c::d";
273     port = 7002;
274     };
275    
276     /* auth {}: allow users to connect to the ircd (OLD I:) */
277     auth {
278     /*
279     * user: the user@host allowed to connect. Multiple IPv4/IPv6 user
280     * lines are permitted per auth block.
281     */
282     user = "*@172.16.0.0/12";
283     user = "*test@123D:B567:*";
284    
285     /* password: an optional password that is required to use this block */
286     password = "letmein";
287    
288     /*
289     * encrypted: controls whether the auth password above has been
290     * encrypted.
291     */
292     encrypted = yes;
293    
294     /*
295     * spoof: fake the users host to this. This is free-form,
296     * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
297     */
298     spoof = "I.still.hate.packets";
299    
300     /* class: the class the user is placed in */
301     class = "opers";
302    
303     /*
304     * need_password: don't allow users who haven't supplied the correct
305     * password to connect using another auth{} block
306     * ('&' prefix on /stats I if disabled)
307     * need_ident: require the user to have identd to connect ('+' prefix on /stats I)
308     * spoof_notice: enable spoofing notification to admins
309     * exceed_limit: allow a user to exceed class limits ('>' prefix on /stats I)
310     * kline_exempt: exempt this user from k/glines ('^' prefix on /stats I)
311     * gline_exempt: exempt this user from glines ('_' prefix on /stats I)
312     * resv_exempt: exempt this user from resvs ('$' prefix on /stats I)
313     * no_tilde: remove ~ from a user with no ident ('-' prefix on /stats I)
314     * can_flood: allow this user to exceed flood limits ('|' prefix on /stats I)
315 michael 390 * can_idle: exempt this user from idle restrictions ('<' prefix on /stats I)
316 adx 30 */
317     flags = need_password, spoof_notice, exceed_limit, kline_exempt,
318     gline_exempt, resv_exempt, no_tilde, can_flood, can_idle;
319     };
320    
321     auth {
322     /*
323     * redirect: the server and port to redirect a user to. A user does
324     * not have to obey the redirection, the ircd just suggests an alternative
325     * server for them.
326     */
327     redirserv = "irc.fi";
328     redirport = 6667;
329    
330     user = "*.fi";
331    
332     /* class: a class is required even though it is not used */
333     class = "users";
334     };
335    
336     auth {
337     user = "*@*";
338     class = "users";
339     flags = need_ident;
340     };
341    
342     /* operator {}: defines ircd operators. (OLD O:)
343     * ircd-hybrid no longer supports local operators, privileges are
344     * controlled via flags.
345     */
346     operator {
347     /* name: the name of the oper */
348     /* Note: operator "opername"{} is also supported */
349     name = "god";
350    
351     /*
352     * user: the user@host required for this operator. CIDR is not
353     * supported. Multiple user="" lines are supported.
354     */
355     user = "*god@*";
356     user = "*@127.0.0.1";
357    
358     /*
359     * password: the password required to oper. By default this will
360     * need to be encrypted using 'mkpasswd'. MD5 is supported.
361     */
362     password = "etcnjl8juSU1E";
363    
364     /*
365     * encrypted: controls whether the oper password above has been
366     * encrypted. (OLD CRYPT_OPER_PASSWORD now optional per operator)
367     */
368     encrypted = yes;
369    
370     /*
371     * rsa_public_key_file: the public key for this oper when using Challenge.
372     * A password should not be defined when this is used, see
373     * doc/challenge.txt for more information.
374     */
375     # rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
376    
377     /* class: the class the oper joins when they successfully /oper */
378     class = "opers";
379    
380     /*
381 michael 56 * umodes: default usermodes opers get when they /oper. If defined,
382     * it will override oper_umodes settings in general {}.
383     * Available usermodes:
384     *
385     * +b - bots - See bot and drone flooding notices
386     * +c - cconn - Client connection/quit notices
387     * +D - deaf - Don't receive channel messages
388     * +d - debug - See debugging notices
389     * +f - full - See I: line full notices
390     * +G - softcallerid - Server Side Ignore for users not on your channels
391     * +g - callerid - Server Side Ignore (for privmsgs etc)
392     * +i - invisible - Not shown in NAMES or WHO unless you share a
393     * a channel
394     * +k - skill - See server generated KILL messages
395     * +l - locops - See LOCOPS messages
396     * +n - nchange - See client nick changes
397     * +r - rej - See rejected client notices
398     * +s - servnotice - See general server notices
399     * +u - unauth - See unauthorized client notices
400     * +w - wallop - See server generated WALLOPS
401     * +x - external - See remote server connection and split notices
402     * +y - spy - See LINKS, STATS, TRACE notices etc.
403     * +z - operwall - See oper generated WALLOPS
404     */
405     # umodes = locops, servnotice, operwall, wallop;
406    
407     /*
408 adx 30 * privileges: controls the activities and commands an oper is
409     * allowed to do on the server. All options default to no.
410     * Available options:
411     *
412     * global_kill: allows remote users to be /KILL'd (OLD 'O' flag)
413     * remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
414     * remoteban: allows remote KLINE/UNKLINE
415     * kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
416     * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
417     * gline: allows GLINE (OLD 'G' flag)
418 michael 555 * xline: allows XLINE (OLD 'X' flag)
419 adx 30 * operwall: allows OPERWALL
420     * nick_changes: allows oper to see nickchanges (OLD 'N' flag)
421     * via usermode +n
422     * rehash: allows oper to REHASH config (OLD 'H' flag)
423     * die: allows DIE and RESTART (OLD 'D' flag)
424     * admin: gives admin privileges. admins
425     * may (un)load modules and see the
426     * real IPs of servers.
427     * hidden_admin: same as 'admin', but noone can recognize you as
428 michael 555 * being an admin
429 adx 30 * hidden_oper: not shown in /stats p (except for other operators)
430     */
431     /* You can either use
432     * die = yes;
433     * rehash = yes;
434     *
435     * or in a flags statement i.e.
436     * flags = die, rehash;
437     *
438     * You can also negate a flag with ~ i.e.
439     * flags = ~remote;
440     *
441     */
442     flags = global_kill, remote, kline, unkline, xline,
443     die, rehash, nick_changes, admin, operwall;
444     };
445    
446     /* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */
447     connect {
448     /* name: the name of the server */
449     name = "irc.uplink.com";
450    
451     /*
452     * host: the host or IP to connect to. If a hostname is used it
453     * must match the reverse dns of the server.
454     */
455     host = "192.168.0.1";
456    
457     /*
458 michael 547 * vhost: the IP to bind to when we connect outward to servers.
459     * serverinfo::vhost and serverinfo::vhost6 will be overridden
460     * by this directive.
461     */
462     vhost = "192.168.0.2";
463    
464     /*
465 adx 30 * passwords: the passwords we send (OLD C:) and accept (OLD N:).
466     * The remote server will have these passwords reversed.
467     */
468     send_password = "password";
469     accept_password = "anotherpassword";
470    
471     /*
472     * encrypted: controls whether the accept_password above has been
473     * encrypted. (OLD CRYPT_LINK_PASSWORD now optional per connect)
474     */
475     encrypted = no;
476    
477     /* port: the port to connect to this server on */
478     port = 6666;
479    
480     /*
481     * hub_mask: the mask of servers that this server may hub. Multiple
482     * entries are permitted
483     */
484     hub_mask = "*";
485    
486     /*
487     * leaf_mask: the mask of servers this server may not hub. Multiple
488     * entries are permitted. Useful for forbidding EU -> US -> EU routes.
489     */
490     # leaf_mask = "*.uk";
491    
492     /* masking: the servername we pretend to be when we connect */
493     # fakename = "*.arpa";
494    
495     /* class: the class this server is in */
496     class = "server";
497    
498     /*
499 michael 124 * autoconn: controls whether we autoconnect to this server or not,
500 adx 30 * dependent on class limits. By default, this is disabled.
501     * compressed: controls whether traffic is compressed via ziplinks.
502     * By default, this is disabled
503     * lazylink: controls whether this server is a LazyLink. LazyLink
504     * servers may NOT hub. See doc/LazyLinks.txt
505     * cryptlink: enable full encryption for all data passing between our
506     * server and this link and rsa authentication.
507     * burst_away: This will send the /away string that users have set
508     * on the server burst. Note this can be a lot of data
509     * and slow down your server burst.
510 michael 330 * topicburst: Send topics to this server during channel burst. Works
511     * only if the server we are connecting to is capable
512     * of TBURST/TB.
513 adx 30 */
514 michael 330 # flags = autoconn, lazylink, compressed, cryptlink, burst_away, topicburst;
515 adx 30 };
516    
517     connect {
518     name = "encrypted.auth.example";
519     host = "some.host.somewhere";
520     port = 6667;
521    
522     flags = cryptlink;
523    
524     /*
525     * rsa_public_key_file: the path to the public keyfile of the server.
526     * Used instead of passwords.
527     */
528     rsa_public_key_file = "etc/remote.server.keyfile";
529    
530     /*
531     * cipher preference: set the preferred cipher for this link
532     *
533     * Available ciphers are:
534     * BF/168 BF/128 CAST/128 IDEA/128 RC5.16/128
535     * RC5.12/128 RC5.8/128 3DES/168 DES/56
536     *
537     * NOTE: Some ciphers may not be supported by your OpenSSL.
538     * Check the output from 'configure' for available ciphers.
539     *
540     * NOTE2: To help you decide what cipher to use, tools/encspeed
541     * will show you approximately how fast each cipher is.
542     * However, blowfish is fast and secure, and is probably
543     * a good default for most situations.
544     *
545     * NOTE3: Default if none is set is BF/128
546     *
547     * The cipher *MUST* be the same in both directions. If you
548     * set a cipher preference, your uplink must set the same cipher,
549     * else it will not link.
550     */
551     # cipher_preference = "BF/168";
552     };
553    
554     /*
555     * Note: Don't add an extra 'name=' entry if you use
556     * the connect "name"{} feature
557     */
558     connect "ipv6.some.server" {
559     host = "3ffd:dead:beef::1";
560     send_password = "password";
561     accept_password = "password";
562     port = 6666;
563    
564     /*
565     * aftype: controls whether the connection uses "ipv4" or "ipv6".
566     * Default is ipv4.
567     */
568     aftype = ipv6;
569     class = "server";
570     };
571    
572     /* cluster{}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
573     * automatically (OLD hyb6 SLAVE_SERVERS)
574     */
575     cluster {
576     /* name: the server to share with, this can take wildcards */
577     /* NOTE: only local actions will be clustered, meaning if
578     * the server receives a shared kline/unkline/etc, it
579     * will not be propagated to clustered servers.
580     *
581     * Remote servers are not necessarily required to accept
582     * clustered lines, they need a shared{} for *THIS* server
583     * in order to accept them.
584     */
585     name = "*.arpa";
586    
587     /*
588     * type: list of what to share, options are as follows:
589     * kline - share klines
590     * tkline - share temporary klines
591     * unkline - share unklines
592     * xline - share xlines
593     * txline - share temporary xlines
594     * unxline - share unxlines
595     * resv - share resvs
596     * tresv - share temporary resvs
597     * unresv - share unresvs
598     * locops - share locops
599     * all - share all of the above (default)
600     */
601     type = kline, unkline, locops, xline, resv;
602     };
603    
604     /* shared {}: users that are allowed to remote kline (OLD U:) */
605     shared {
606     /*
607     * name: the server the user must be on to set klines. If this is not
608     * specified, the user will be allowed to kline from all servers.
609     */
610     name = "irc2.some.server";
611    
612     /*
613     * user: the user@host mask that is allowed to set klines. If this is
614     * not specified, all users on the server above will be allowed to set
615     * a remote kline.
616     */
617     user = "oper@my.host.is.spoofed";
618    
619     /*
620     * type: list of what to share, options are as follows:
621     * kline - allow oper/server to kline
622     * tkline - allow temporary klines
623     * unkline - allow oper/server to unkline
624     * xline - allow oper/server to xline
625     * txline - allow temporary xlines
626     * unxline - allow oper/server to unxline
627     * resv - allow oper/server to resv
628     * tresv - allow temporary resvs
629     * unresv - allow oper/server to unresv
630     * locops - allow oper/server to locops - only used for servers that cluster
631     * all - allow oper/server to do all of the above (default)
632     */
633     type = kline, unkline, resv;
634     };
635    
636     /* kill {}: users that are not allowed to connect (OLD K:)
637     * Oper issued klines will be added to the specified kline config
638     */
639     kill {
640     user = "bad@*.hacked.edu";
641     reason = "Obviously hacked account";
642     };
643    
644     kill {
645     user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$";
646     type = regex;
647     };
648    
649     /* deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
650     * Oper issued dlines will be added to the specified dline config
651     */
652     deny {
653     ip = "10.0.1.0/24";
654     reason = "Reconnecting vhosted bots";
655     };
656    
657     /* exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:) */
658     exempt {
659     ip = "192.168.0.0/16";
660     };
661    
662     /* resv {}: nicks and channels users may not use/join (OLD Q:) */
663     resv {
664     /* reason: the reason for the proceeding resv's */
665     reason = "There are no services on this network";
666    
667     /* resv: the nicks and channels users may not join/use */
668     nick = "nickserv";
669     nick = "chanserv";
670     channel = "#services";
671    
672     /* resv: wildcard masks are also supported in nicks only */
673     reason = "Clone bots";
674     nick = "clone*";
675     };
676    
677     /* gecos {}: The X: replacement, used for banning users based on their
678     * "realname".
679     */
680     gecos {
681     name = "*sex*";
682     reason = "Possible spambot";
683     };
684    
685     gecos {
686     name = "sub7server";
687     reason = "Trojan drone";
688     };
689    
690     gecos {
691     name = "*http*";
692     reason = "Spambot";
693     };
694    
695     gecos {
696     name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
697     type = regex;
698     };
699    
700     /*
701     * channel {}
702     *
703     * The channel block contains options pertaining to channels
704     */
705     channel {
706 michael 56 /*
707     * restrict_channels: reverse channel RESVs logic, only reserved
708     * channels are allowed
709     */
710 adx 30 restrict_channels = no;
711    
712     /*
713     * disable_local_channels: prevent users from joining &channels.
714     */
715     disable_local_channels = no;
716    
717     /*
718     * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
719     * that can join a +i channel without an invite.
720     */
721     use_invex = yes;
722    
723     /*
724     * use_except: Enable/disable channel mode +e, a n!u@h list of masks
725     * that can join a channel through a ban (+b).
726     */
727     use_except = yes;
728    
729     /*
730     * use_knock: Allows users to request an invite to a channel that
731     * is locked somehow (+ikl). If the channel is +p or you are banned
732     * the knock will not be sent.
733     */
734     use_knock = yes;
735    
736     /*
737     * knock_delay: The amount of time a user must wait between issuing
738     * the knock command.
739     */
740     knock_delay = 5 minutes;
741    
742     /*
743     * knock_delay_channel: How often a knock to any specific channel
744     * is permitted, regardless of the user sending the knock.
745     */
746     knock_delay_channel = 1 minute;
747    
748 michael 555 /*
749     * burst topicwho: enable sending of who set topic on topicburst
750     * default is yes
751     */
752 adx 201 burst_topicwho = yes;
753 adx 30
754     /* max chans: The maximum number of channels a user can join/be on. */
755     max_chans_per_user = 15;
756    
757     /* quiet_on_ban: stop banned people talking in channels. */
758     quiet_on_ban = yes;
759    
760     /* max_bans: maximum number of +b/e/I modes in a channel */
761     max_bans = 25;
762    
763 michael 555 /*
764 adx 201 * how many joins in how many seconds constitute a flood, use 0 to
765     * disable. +b opers will be notified (changeable via /set)
766     */
767     join_flood_count = 16;
768     join_flood_time = 8 seconds;
769    
770 adx 30 /*
771     * splitcode: The ircd will now check splitmode every few seconds.
772     *
773     * Either split users or split servers can activate splitmode, but
774     * both conditions must be met for the ircd to deactivate splitmode.
775     *
776     * You may force splitmode to be permanent by /quote set splitmode on
777     */
778    
779     /*
780     * default_split_user_count: when the usercount is lower than this level,
781     * consider ourselves split. This must be set for automatic splitmode.
782     */
783     default_split_user_count = 0;
784    
785     /*
786     * default_split_server_count: when the servercount is lower than this,
787     * consider ourselves split. This must be set for automatic splitmode.
788     */
789     default_split_server_count = 0;
790    
791     /* split no create: disallow users creating channels on split. */
792     no_create_on_split = yes;
793    
794     /* split: no join: disallow users joining channels at all on a split */
795     no_join_on_split = no;
796     };
797    
798     /*
799     * serverhide {}
800     *
801     * The serverhide block contains the options regarding serverhiding
802     */
803     serverhide {
804     /*
805     * flatten_links: this option will show all servers in /links appear
806     * that they are linked to this current server
807     */
808     flatten_links = no;
809    
810     /*
811     * links_delay: how often to update the links file when it is
812     * flattened.
813     */
814     links_delay = 5 minutes;
815    
816     /*
817     * hidden: hide this server from a /links output on servers that
818     * support it. this allows hub servers to be hidden etc.
819     */
820     hidden = no;
821    
822     /*
823     * disable_hidden: prevent servers hiding themselves from a
824     * /links output.
825     */
826     disable_hidden = no;
827    
828     /*
829     * hide_servers: hide remote servernames everywhere and instead use
830     * hidden_name and network_desc.
831     */
832     hide_servers = no;
833    
834     /*
835     * Use this as the servername users see if hide_servers = yes.
836     */
837     hidden_name = "*.hidden.com";
838    
839     /*
840     * hide_server_ips: If this is disabled, opers will be unable to see servers
841     * ips and will be shown a masked ip, admins will be shown the real ip.
842     *
843     * If this is enabled, nobody can see a servers ip. *This is a kludge*, it
844     * has the side effect of hiding the ips everywhere, including logfiles.
845     *
846     * We recommend you leave this disabled, and just take care with who you
847     * give admin=yes; to.
848     */
849     hide_server_ips = no;
850     };
851    
852     /*
853     * general {}
854     *
855     * The general block contains many of the options that were once compiled
856     * in options in config.h. The general block is read at start time.
857     */
858     general {
859     /*
860     * gline_min_cidr: the minimum required length of a CIDR bitmask
861     * for IPv4 based glines
862     */
863     gline_min_cidr = 16;
864    
865     /*
866     * gline_min_cidr6: the minimum required length of a CIDR bitmask
867     * for IPv6 based glines
868     */
869     gline_min_cidr6 = 48;
870    
871     /*
872     * Whether to automatically set mode +i on connecting users.
873     */
874     invisible_on_connect = yes;
875    
876     /*
877     * If you don't explicitly specify burst_away in your connect blocks, then
878     * they will default to the burst_away value below.
879     */
880     burst_away = no;
881    
882     /*
883     * Show "actually using host <ip>" on /whois when possible.
884     */
885     use_whois_actually = yes;
886    
887     /*
888     * Max time from the nickname change that still causes KILL
889     * automatically to switch for the current nick of that user. (seconds)
890     */
891     kill_chase_time_limit = 90;
892    
893     /*
894     * If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed
895     * users in /trace etc. If this is defined they will be shown a masked IP.
896     */
897     hide_spoof_ips = yes;
898    
899     /*
900     * Ignore bogus timestamps from other servers. Yes, this will desync
901     * the network, but it will allow chanops to resync with a valid non TS 0
902     *
903     * This should be enabled network wide, or not at all.
904     */
905     ignore_bogus_ts = no;
906    
907     /*
908     * disable_auth: completely disable ident lookups; if you enable this,
909     * be careful of what you set need_ident to in your auth {} blocks
910     */
911     disable_auth = no;
912    
913     /* disable_remote_commands: disable users doing commands on remote servers */
914     disable_remote_commands = no;
915    
916     /*
917     * Disable temporary kline/xline expire notices yes/no
918     */
919     tkline_expire_notices = no;
920    
921     /*
922     * default_floodcount: the default value of floodcount that is configurable
923     * via /quote set floodcount. This is the amount of lines a user
924     * may send to any other user/channel in one second.
925     */
926     default_floodcount = 10;
927    
928     /*
929     * failed_oper_notice: send a notice to all opers on the server when
930     * someone tries to OPER and uses the wrong password, host or ident.
931     */
932     failed_oper_notice = yes;
933    
934     /*
935     * dots_in_ident: the amount of '.' characters permitted in an ident
936     * reply before the user is rejected.
937     */
938     dots_in_ident = 2;
939    
940     /*
941     * dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts
942     * without a '.' in them. this will add one to the end. only needed
943     * for older servers.
944     */
945     dot_in_ip6_addr = yes;
946    
947     /*
948     * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
949     * placed via the server. klines hand placed are exempt from limits.
950     * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
951     */
952     min_nonwildcard = 4;
953    
954     /*
955     * min_nonwildcard_simple: the minimum non wildcard characters in
956     * gecos bans. wildcard chars: '*' '?' '#'
957     */
958     min_nonwildcard_simple = 3;
959    
960     /* max_accept: maximum allowed /accept's for +g usermode */
961     max_accept = 20;
962    
963     /* anti_nick_flood: enable the nickflood control code */
964     anti_nick_flood = yes;
965    
966     /* nick flood: the nick changes allowed in the specified period */
967     max_nick_time = 20 seconds;
968     max_nick_changes = 5;
969    
970     /*
971     * anti_spam_exit_message_time: the minimum time a user must be connected
972     * before custom quit messages are allowed.
973     */
974     anti_spam_exit_message_time = 5 minutes;
975    
976     /*
977     * ts delta: the time delta allowed between server clocks before
978     * a warning is given, or before the link is dropped. all servers
979     * should run ntpdate/rdate to keep clocks in sync
980     */
981     ts_warn_delta = 30 seconds;
982     ts_max_delta = 5 minutes;
983    
984     /*
985     * kline_with_reason: show the user the reason why they are k/d/glined
986     * on exit. May give away who set k/dline when set via tcm.
987     */
988     kline_with_reason = yes;
989    
990     /*
991     * kline_reason: show this message to users on channel
992     * instead of the oper reason.
993     */
994     kline_reason = "Connection closed";
995    
996 michael 555 /*
997 adx 30 * reject_hold_time: wait this amount of time before disconnecting
998     * a rejected client. Use 0 to disable.
999     */
1000     reject_hold_time = 0;
1001    
1002     /*
1003     * warn_no_nline: warn opers about servers that try to connect but
1004     * we don't have a connect {} block for. Twits with misconfigured
1005     * servers can get really annoying with this enabled.
1006     */
1007     warn_no_nline = yes;
1008    
1009     /* stats_o_oper only: make stats o (opers) oper only */
1010     stats_o_oper_only = yes;
1011    
1012     /* stats_P_oper_only: make stats P (ports) oper only */
1013     stats_P_oper_only = no;
1014    
1015     /*
1016     * stats i oper only: make stats i (auth {}) oper only. set to:
1017     * yes: show users no auth blocks, made oper only.
1018     * masked: show users first matching auth block
1019     * no: show users all auth blocks.
1020     */
1021     stats_i_oper_only = masked;
1022    
1023     /*
1024     * stats_k_oper_only: make stats k/K (klines) oper only. set to:
1025     * yes: show users no auth blocks, made oper only
1026     * masked: show users first matching auth block
1027     * no: show users all auth blocks.
1028     */
1029     stats_k_oper_only = masked;
1030    
1031     /*
1032     * caller_id_wait: time between notifying a +g user that somebody
1033     * is messaging them.
1034     */
1035     caller_id_wait = 1 minute;
1036    
1037     /*
1038     * opers_bypass_callerid: allows operators to bypass +g and message
1039     * anyone who has it set (useful if you use services).
1040     */
1041     opers_bypass_callerid = no;
1042    
1043     /*
1044     * pace_wait_simple: time between use of less intensive commands
1045 adx 269 * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
1046 adx 30 */
1047     pace_wait_simple = 1 second;
1048    
1049     /*
1050     * pace_wait: time between more intensive commands
1051 adx 269 * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
1052 adx 30 */
1053     pace_wait = 10 seconds;
1054    
1055     /*
1056     * short_motd: send clients a notice telling them to read the motd
1057     * instead of forcing a motd to clients who may simply ignore it.
1058     */
1059     short_motd = no;
1060    
1061     /*
1062     * ping_cookie: require clients to respond exactly to a ping command,
1063     * can help block certain types of drones and FTP PASV mode spoofing.
1064     */
1065     ping_cookie = no;
1066    
1067     /* no_oper_flood: increase flood limits for opers. */
1068     no_oper_flood = yes;
1069    
1070     /*
1071     * true_no_oper_flood: completely eliminate flood limits for opers
1072     * and for clients with can_flood = yes in their auth {} blocks
1073     */
1074     true_no_oper_flood = yes;
1075    
1076     /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
1077     oper_pass_resv = yes;
1078    
1079     /*
1080     * idletime: the maximum amount of time a user may idle before
1081     * they are disconnected
1082     */
1083     idletime = 0;
1084    
1085     /* REMOVE ME. The following line checks you've been reading. */
1086     havent_read_conf = 1;
1087    
1088     /*
1089     * max_targets: the maximum amount of targets in a single
1090     * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1091     */
1092     max_targets = 4;
1093    
1094     /*
1095     * client_flood: maximum amount of data in a clients queue before
1096     * they are dropped for flooding.
1097     */
1098     client_flood = 2560 bytes;
1099    
1100     /*
1101     * message_locale: the default message locale
1102     * Use "standard" for the compiled in defaults.
1103     * To install the translated messages, go into messages/ in the
1104     * source directory and run `make install'.
1105     */
1106     message_locale = "standard";
1107    
1108     /*
1109     * usermodes configurable: a list of usermodes for the options below
1110     *
1111     * +b - bots - See bot and drone flooding notices
1112     * +c - cconn - Client connection/quit notices
1113     * +D - deaf - Don't receive channel messages
1114     * +d - debug - See debugging notices
1115     * +f - full - See I: line full notices
1116     * +G - softcallerid - Server Side Ignore for users not on your channels
1117     * +g - callerid - Server Side Ignore (for privmsgs etc)
1118     * +i - invisible - Not shown in NAMES or WHO unless you share a
1119     * a channel
1120     * +k - skill - See server generated KILL messages
1121     * +l - locops - See LOCOPS messages
1122     * +n - nchange - See client nick changes
1123     * +r - rej - See rejected client notices
1124     * +s - servnotice - See general server notices
1125     * +u - unauth - See unauthorized client notices
1126     * +w - wallop - See server generated WALLOPS
1127     * +x - external - See remote server connection and split notices
1128     * +y - spy - See LINKS, STATS, TRACE notices etc.
1129     * +z - operwall - See oper generated WALLOPS
1130     */
1131    
1132     /* oper_only_umodes: usermodes only opers may set */
1133     oper_only_umodes = bots, cconn, debug, full, skill, nchange,
1134     rej, spy, external, operwall, locops, unauth;
1135    
1136     /* oper_umodes: default usermodes opers get when they /oper */
1137 adx 264 oper_umodes = bots, locops, servnotice, operwall, wallop;
1138 adx 30
1139     /*
1140     * servlink_path: path to 'servlink' program used by ircd to handle
1141     * encrypted/compressed server <-> server links.
1142     *
1143     * only define if servlink is not in same directory as ircd itself.
1144     */
1145     #servlink_path = "/usr/local/ircd/bin/servlink";
1146    
1147     /*
1148     * default_cipher_preference: default cipher to use for cryptlink when none is
1149     * specified in connect block.
1150     */
1151     #default_cipher_preference = "BF/168";
1152    
1153     /*
1154     * use_egd: if your system does not have *random devices yet you
1155     * want to use OpenSSL and encrypted links, enable this. Beware -
1156     * EGD is *very* CPU intensive when gathering data for its pool
1157     */
1158     # use_egd = yes;
1159    
1160     /*
1161     * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
1162     * which automatically finds the path.
1163     */
1164     # egdpool_path = "/var/run/egd-pool";
1165    
1166    
1167     /*
1168     * compression_level: level of compression for compressed links between
1169     * servers.
1170     *
1171     * values are between: 1 (least compression, fastest)
1172     * and: 9 (most compression, slowest).
1173     */
1174     # compression_level = 6;
1175    
1176     /*
1177     * throttle_time: the minimum amount of time between connections from
1178     * the same ip. exempt {} blocks are excluded from this throttling.
1179     * Offers protection against flooders who reconnect quickly.
1180     * Set to 0 to disable.
1181     */
1182     throttle_time = 10;
1183     };
1184    
1185     glines {
1186     /* enable: enable glines, network wide temp klines */
1187     enable = yes;
1188    
1189     /* duration: the amount of time a gline will remain on your server before expiring */
1190     duration = 1 day;
1191    
1192     /* logging: which types of rules you want to log when triggered (choose reject or block) */
1193     logging = reject, block;
1194    
1195     /*
1196     * NOTE: gline ACLs can cause a desync of glines throughout the network, meaning some servers
1197     * may have a gline triggered, and others may not. Also, you only need insert rules for glines
1198     * that you want to block and/or reject. If you want to accept and propagate the gline, do NOT
1199     * put a rule for it.
1200     */
1201    
1202     /* user@host for rule to apply to */
1203     user = "god@I.still.hate.packets";
1204     /* server for rule to apply to */
1205     name = "hades.arpa";
1206    
1207     /*
1208     * action: action to take when a matching gline is found. options are:
1209     * reject - do not apply the gline locally
1210     * block - do not propagate the gline
1211     */
1212     action = reject, block;
1213    
1214     user = "god@*";
1215     name = "*";
1216     action = block;
1217     };
1218    
1219     modules {
1220     /*
1221     * module path: other paths to search for modules specified below
1222     * and in /modload.
1223     */
1224     path = "/usr/local/ircd/modules";
1225     path = "/usr/local/ircd/modules/autoload";
1226    
1227     /* module: the name of a module to load on startup/rehash */
1228     #module = "some_module.so";
1229     };

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision