ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid-8/doc/example.conf
Revision: 912
Committed: Wed Nov 7 22:47:44 2007 UTC (16 years, 4 months ago) by michael
Original Path: ircd-hybrid-7.2/etc/example.conf.in
File size: 35930 byte(s)
Log Message:
- Implemented libtool-ltdl. Only shared modules are supported currently
- Several build fixes and cleanups. ircd now builds and runs without any problems
- Added back all files to SVN that are needed to built the daemon
  I really don't want to force other people that want to test the snapshots
  or svn versions to install yyacc, lex, automake, autoconf and libtool...
  No problem having required files in svn
- Removed some automake maintainer stuff which is kinda useless for us

File Contents

# User Rev Content
1 db 897 /* doc/example.conf - ircd-hybrid-7 Example configuration file
2     * Copyright (C) 2000-2006 Hybrid Development Team
3     *
4     * Written by ejb, wcampbel, db, leeh and others
5     * Other example configurations can be found in the source dir under
6     * etc/.
7     *
8     * $Id$
9     */
10    
11     /* IMPORTANT NOTES:
12     *
13     * auth {} blocks MUST be specified in order of precedence. The first one
14     * that matches a user will be used. So place spoofs first, then specials,
15     * then general access.
16     *
17     * Shell style (#), C++ style (//) and C style comments are supported.
18     *
19     * Files may be included by either:
20     * .include "filename"
21     * .include <filename>
22     *
23     * Times/durations are written as:
24     * 12 hours 30 minutes 1 second
25     *
26     * Valid units of time:
27     * month, week, day, hour, minute, second
28     *
29     * Valid units of size:
30     * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
31     *
32     * Sizes and times may be singular or plural.
33     */
34    
35     /* EFNET NOTE:
36     *
37     * This config file is NOT suitable for EFNet. EFNet admins should use
38     * example.efnet.conf
39     */
40    
41     /*
42     * serverinfo {}: contains information about the server. (OLD M:)
43     */
44     serverinfo {
45     /*
46     * name: the name of our server. This cannot be changed at runtime.
47     */
48     name = "hades.arpa";
49    
50     /*
51     * sid: a server's unique ID. This is three characters long and must
52     * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
53     * a digit, followed by 2 alpha-numerical letters.
54     * NOTE: The letters must be capitalized. This cannot be changed at runtime.
55     */
56     sid = "_CHANGE_ME_";
57    
58     /*
59     * description: the description of the server. '[' and ']' may not
60     * be used here for compatibility with older servers.
61     */
62     description = "hybrid-7 test server";
63    
64     /*
65     * network info: the name and description of the network this server
66     * is on. Shown in the 005 reply and used with serverhiding.
67     */
68     network_name = "MyNet";
69     network_desc = "This is My Network";
70    
71     /*
72     * hub: allow this server to act as a hub and have multiple servers
73     * connected to it.
74     */
75     hub = no;
76    
77     /*
78     * vhost: the IP to bind to when we connect outward to ipv4 servers.
79     * This should be an ipv4 IP only, or "* for INADDR_ANY.
80     */
81     #vhost = "192.169.0.1";
82    
83     /*
84     * vhost6: the IP to bind to when we connect outward to ipv6 servers.
85     * This should be an ipv6 IP only, or "* for INADDR_ANY.
86     */
87     #vhost6 = "3ffe:80e8:546::2";
88    
89     /* max_clients: the maximum number of clients allowed to connect */
90     max_clients = 512;
91    
92     /*
93     * rsa key: the path to the file containing our rsa key for cryptlink.
94     *
95     * Example command to store a 2048 bit RSA keypair in
96     * rsa.key, and the public key in rsa.pub:
97     *
98     * openssl genrsa -out rsa.key 2048
99     * openssl rsa -in rsa.key -pubout -out rsa.pub
100     * chown <ircd-user>.<ircd.group> rsa.key rsa.pub
101     * chmod 0600 rsa.key
102     * chmod 0644 rsa.pub
103     */
104     #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
105    
106     /*
107     * ssl certificate: the path to the file containing our ssl certificate
108     * for encrypted client connection.
109     *
110     * This assumes your private RSA key is stored in rsa.key. You
111     * MUST have an RSA key in order to generate the certificate
112     *
113     * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
114     *
115     * See http://www.openssl.org/docs/HOWTO/certificates.txt
116     *
117     * Please use the following values when generating the cert
118     *
119     * Organization Name: Network Name
120     * Organization Unit Name: changme.someirc.net
121     * Common Name: irc.someirc.net
122     * E-mail: you@domain.com
123     */
124     #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
125     };
126    
127     /*
128     * admin {}: contains admin information about the server. (OLD A:)
129     */
130     admin {
131     name = "Smurf target";
132     description = "Main Server Administrator";
133     email = "<syn@packets.r.us>";
134     };
135    
136     /*
137     * log {}: contains information about logfiles.
138     */
139     log {
140     /* Do you want to enable logging to ircd.log? */
141     use_logging = yes;
142    
143     /*
144     * logfiles: the logfiles to use for user connects, /oper uses,
145     * and failed /oper. These files must exist for logging to be used.
146     */
147     fname_userlog = "logs/userlog";
148     fname_operlog = "logs/operlog";
149     fname_killlog = "logs/kill";
150     fname_klinelog = "logs/kline";
151     fname_glinelog = "logs/gline";
152    
153     /*
154     * log_level: the amount of detail to log in ircd.log. The
155     * higher, the more information is logged. May be changed
156     * once the server is running via /quote SET LOG. Either:
157     * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
158     */
159     log_level = L_INFO;
160     };
161    
162     /*
163     * class {}: contains information about classes for users (OLD Y:)
164     */
165     class {
166     /* name: the name of the class. classes are text now */
167     name = "users";
168    
169     /*
170     * ping_time: how often a client must reply to a PING from the
171     * server before they are dropped.
172     */
173     ping_time = 90 seconds;
174    
175     /*
176     * number_per_ip: how many local users are allowed to connect
177     * from one IP (optional)
178     */
179     number_per_ip = 2;
180    
181     /*
182     * max_local: how many local users are allowed to connect
183     * from one ident@host (optional)
184     */
185     max_local = 2;
186    
187     /*
188     * max_global: network-wide limit of users per ident@host (optional)
189     */
190     max_global = 10;
191    
192     /*
193     * max_number: the maximum number of users allowed in this class (optional)
194     */
195     max_number = 100;
196    
197     /*
198     * the following lines are optional and allow you to define
199     * how many users can connect from one /NN subnet
200     */
201     cidr_bitlen_ipv4 = 24;
202     cidr_bitlen_ipv6 = 120;
203     number_per_cidr = 16;
204    
205     /*
206     * sendq: the amount of data allowed in a clients queue before
207     * they are dropped.
208     */
209     sendq = 100 kbytes;
210     };
211    
212     class {
213     name = "opers";
214     ping_time = 90 seconds;
215     number_per_ip = 10;
216     max_number = 100;
217     sendq = 100kbytes;
218     };
219    
220     class {
221     name = "server";
222     ping_time = 90 seconds;
223    
224     /*
225     * ping_warning: how fast a server must reply to a PING before
226     * a warning to opers is generated.
227     */
228     ping_warning = 15 seconds;
229    
230     /*
231     * connectfreq: only used in server classes. Specifies the delay
232     * between autoconnecting to servers.
233     */
234     connectfreq = 5 minutes;
235    
236     /* max number: the amount of servers to autoconnect to */
237     max_number = 1;
238    
239     /* sendq: servers need a higher sendq as they send more data */
240     sendq = 2 megabytes;
241     };
242    
243     /*
244     * listen {}: contains information about the ports ircd listens on (OLD P:)
245     */
246     listen {
247     /*
248     * port: the specific port to listen on. If no host is specified
249     * before, it will listen on all available IPs.
250     *
251     * Ports are separated via a comma, a range may be specified using ".."
252     */
253    
254     /* port: listen on all available IPs, ports 6665 to 6669 */
255     port = 6665 .. 6669;
256    
257     /*
258     * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
259     * unless you are an administrator.
260     *
261     * NOTE: The "flags" directive has to come before "port". Always!
262     */
263     flags = hidden, ssl;
264     host = "192.168.0.1";
265     port = 6697;
266    
267     /*
268     * host: set a specific IP/host the ports after the line will listen
269     * on. This may be ipv4 or ipv6.
270     */
271     host = "1.2.3.4";
272     port = 7000, 7001;
273    
274     host = "3ffe:1234:a:b:c::d";
275     port = 7002;
276     };
277    
278     /*
279     * auth {}: allow users to connect to the ircd (OLD I:)
280     */
281     auth {
282     /*
283     * user: the user@host allowed to connect. Multiple IPv4/IPv6 user
284     * lines are permitted per auth block.
285     */
286     user = "*@172.16.0.0/12";
287     user = "*test@123D:B567:*";
288    
289     /* password: an optional password that is required to use this block */
290     password = "letmein";
291    
292     /*
293     * encrypted: controls whether the auth password above has been
294     * encrypted.
295     */
296     encrypted = yes;
297    
298     /*
299     * spoof: fake the users host to this. This is free-form,
300     * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
301     */
302     spoof = "I.still.hate.packets";
303    
304     /* class: the class the user is placed in */
305     class = "opers";
306    
307     /*
308     * need_password: don't allow users who haven't supplied the correct
309     * password to connect using another auth{} block
310     * ('&' prefix on /stats I if disabled)
311     * need_ident: require the user to have identd to connect ('+' prefix on /stats I)
312     * spoof_notice: enable spoofing notification to admins
313     * exceed_limit: allow a user to exceed class limits ('>' prefix on /stats I)
314     * kline_exempt: exempt this user from k/glines ('^' prefix on /stats I)
315     * gline_exempt: exempt this user from glines ('_' prefix on /stats I)
316     * resv_exempt: exempt this user from resvs ('$' prefix on /stats I)
317     * no_tilde: remove ~ from a user with no ident ('-' prefix on /stats I)
318     * can_flood: allow this user to exceed flood limits ('|' prefix on /stats I)
319     * can_idle: exempt this user from idle restrictions ('<' prefix on /stats I)
320     */
321     flags = need_password, spoof_notice, exceed_limit, kline_exempt,
322     gline_exempt, resv_exempt, no_tilde, can_flood, can_idle;
323     };
324    
325     auth {
326     /*
327     * redirect: the server and port to redirect a user to. A user does
328     * not have to obey the redirection, the ircd just suggests an alternative
329     * server for them.
330     */
331     redirserv = "this.is.not.a.real.server";
332     redirport = 6667;
333    
334     user = "*.server";
335    
336     /* class: a class is required even though it is not used */
337     class = "users";
338     };
339    
340     auth {
341     user = "*@*";
342     class = "users";
343     flags = need_ident;
344     };
345    
346     /*
347     * operator {}: defines ircd operators. (OLD O:)
348     *
349     * ircd-hybrid no longer supports local operators, privileges are
350     * controlled via flags.
351     */
352     operator {
353     /* name: the name of the oper */
354     /* NOTE: operator "opername"{} is also supported */
355     name = "god";
356    
357     /*
358     * user: the user@host required for this operator. CIDR is not
359     * supported. Multiple user="" lines are supported.
360     */
361     user = "*god@*";
362     user = "*@127.0.0.1";
363    
364     /*
365     * password: the password required to oper. By default this will
366     * need to be encrypted using 'mkpasswd'. MD5 is supported.
367     */
368     password = "etcnjl8juSU1E";
369    
370     /*
371     * encrypted: controls whether the oper password above has been
372     * encrypted. (OLD CRYPT_OPER_PASSWORD now optional per operator)
373     */
374     encrypted = yes;
375    
376     /*
377     * rsa_public_key_file: the public key for this oper when using Challenge.
378     * A password should not be defined when this is used, see
379     * doc/challenge.txt for more information.
380     */
381     # rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
382    
383     /* class: the class the oper joins when they successfully /oper */
384     class = "opers";
385    
386     /*
387     * umodes: default usermodes opers get when they /oper. If defined,
388     * it will override oper_umodes settings in general {}.
389     * Available usermodes:
390     *
391     * +b - bots - See bot and drone flooding notices
392     * +c - cconn - Client connection/quit notices
393     * +D - deaf - Don't receive channel messages
394     * +d - debug - See debugging notices
395     * +f - full - See I: line full notices
396     * +G - softcallerid - Server Side Ignore for users not on your channels
397     * +g - callerid - Server Side Ignore (for privmsgs etc)
398     * +i - invisible - Not shown in NAMES or WHO unless you share a
399     * a channel
400     * +k - skill - See server generated KILL messages
401     * +l - locops - See LOCOPS messages
402     * +n - nchange - See client nick changes
403     * +r - rej - See rejected client notices
404     * +s - servnotice - See general server notices
405     * +u - unauth - See unauthorized client notices
406     * +w - wallop - See server generated WALLOPS
407     * +x - external - See remote server connection and split notices
408     * +y - spy - See LINKS, STATS, TRACE notices etc.
409     * +z - operwall - See oper generated WALLOPS
410     */
411     # umodes = locops, servnotice, operwall, wallop;
412    
413     /*
414     * privileges: controls the activities and commands an oper is
415     * allowed to do on the server. All options default to no.
416     * Available options:
417     *
418     * global_kill: allows remote users to be /KILL'd (OLD 'O' flag)
419     * remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
420     * remoteban: allows remote KLINE/UNKLINE
421     * kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
422     * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
423     * gline: allows GLINE (OLD 'G' flag)
424     * xline: allows XLINE (OLD 'X' flag)
425     * operwall: allows OPERWALL
426     * nick_changes: allows oper to see nickchanges (OLD 'N' flag)
427     * via usermode +n
428     * rehash: allows oper to REHASH config (OLD 'H' flag)
429     * die: allows DIE and RESTART (OLD 'D' flag)
430     * admin: gives admin privileges. admins
431     * may (un)load modules and see the
432     * real IPs of servers.
433     * hidden_admin: same as 'admin', but noone can recognize you as
434     * being an admin
435     * hidden_oper: not shown in /stats p (except for other operators)
436     */
437     /* You can either use
438     * die = yes;
439     * rehash = yes;
440     *
441     * or in a flags statement i.e.
442     * flags = die, rehash;
443     *
444     * You can also negate a flag with ~ i.e.
445     * flags = ~remote;
446     *
447     */
448     flags = global_kill, remote, kline, unkline, xline,
449     die, rehash, nick_changes, admin, operwall;
450     };
451    
452     /*
453     * connect {}: controls servers we connect to (OLD C:, N:, H:, L:)
454     */
455     connect {
456     /* name: the name of the server */
457     name = "irc.uplink.com";
458    
459     /*
460     * host: the host or IP to connect to. If a hostname is used it
461     * must match the reverse dns of the server.
462     */
463     host = "192.168.0.1";
464    
465     /*
466     * vhost: the IP to bind to when we connect outward to servers.
467     * serverinfo::vhost and serverinfo::vhost6 will be overridden
468     * by this directive.
469     */
470     vhost = "192.168.0.2";
471    
472     /*
473     * passwords: the passwords we send (OLD C:) and accept (OLD N:).
474     * The remote server will have these passwords reversed.
475     */
476     send_password = "password";
477     accept_password = "anotherpassword";
478    
479     /*
480     * encrypted: controls whether the accept_password above has been
481     * encrypted. (OLD CRYPT_LINK_PASSWORD now optional per connect)
482     */
483     encrypted = no;
484    
485     /* port: the port to connect to this server on */
486     port = 6666;
487    
488     /*
489     * hub_mask: the mask of servers that this server may hub. Multiple
490     * entries are permitted
491     */
492     hub_mask = "*";
493    
494     /*
495     * leaf_mask: the mask of servers this server may not hub. Multiple
496     * entries are permitted. Useful for forbidding EU -> US -> EU routes.
497     */
498     # leaf_mask = "*.uk";
499    
500     /* fakename: the servername we pretend to be when we connect */
501     # fakename = "*.arpa";
502    
503     /* class: the class this server is in */
504     class = "server";
505    
506     /*
507     * autoconn: controls whether we autoconnect to this server or not,
508     * dependent on class limits. By default, this is disabled.
509     * compressed: controls whether traffic is compressed via ziplinks.
510     * By default, this is disabled
511     * cryptlink: enable full encryption for all data passing between our
512     * server and this link and rsa authentication.
513     * burst_away: This will send the /away string that users have set
514     * on the server burst. Note this can be a lot of data
515     * and slow down your server burst.
516     * topicburst: Send topics to this server during channel burst. Works
517     * only if the server we are connecting to is capable
518     * of TBURST/TB.
519     */
520     # flags = autoconn, compressed, cryptlink, burst_away, topicburst;
521     };
522    
523     connect {
524     name = "encrypted.auth.example";
525     host = "some.host.somewhere";
526     port = 6667;
527    
528     flags = cryptlink;
529    
530     /*
531     * rsa_public_key_file: the path to the public keyfile of the server.
532     * Used instead of passwords.
533     */
534     rsa_public_key_file = "etc/remote.server.keyfile";
535    
536     /*
537     * cipher preference: set the preferred cipher for this link
538     *
539     * Available ciphers are:
540     * BF/168 BF/128 CAST/128 IDEA/128 RC5.16/128
541     * RC5.12/128 RC5.8/128 3DES/168 DES/56
542     *
543     * NOTE: Some ciphers may not be supported by your OpenSSL.
544     * Check the output from 'configure' for available ciphers.
545     *
546     * NOTE2: To help you decide what cipher to use, tools/encspeed
547     * will show you approximately how fast each cipher is.
548     * However, blowfish is fast and secure, and is probably
549     * a good default for most situations.
550     *
551     * NOTE3: Default if none is set is BF/128
552     *
553     * The cipher *MUST* be the same in both directions. If you
554     * set a cipher preference, your uplink must set the same cipher,
555     * else it will not link.
556     */
557     # cipher_preference = "BF/168";
558     };
559    
560     /*
561     * NOTE: Don't add an extra 'name=' entry if you use
562     * the connect "name"{} feature
563     */
564     connect "ipv6.some.server" {
565     host = "3ffd:dead:beef::1";
566     send_password = "password";
567     accept_password = "password";
568     port = 6666;
569    
570     /*
571     * aftype: controls whether the connection uses "ipv4" or "ipv6".
572     * Default is ipv4.
573     */
574     aftype = ipv6;
575     class = "server";
576     };
577    
578     /*
579     * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
580     * automatically (OLD hyb6 SLAVE_SERVERS)
581     */
582     cluster {
583     /*
584     * name: the server to share with, this can take wildcards
585     *
586     * NOTE: only local actions will be clustered, meaning if
587     * the server receives a shared kline/unkline/etc, it
588     * will not be propagated to clustered servers.
589     *
590     * Remote servers are not necessarily required to accept
591     * clustered lines, they need a shared{} for *THIS* server
592     * in order to accept them.
593     */
594     name = "*.arpa";
595    
596     /*
597     * type: list of what to share, options are as follows:
598     * kline - share klines
599     * tkline - share temporary klines
600     * unkline - share unklines
601     * xline - share xlines
602     * txline - share temporary xlines
603     * unxline - share unxlines
604     * resv - share resvs
605     * tresv - share temporary resvs
606     * unresv - share unresvs
607     * locops - share locops
608     * all - share all of the above (default)
609     */
610     type = kline, unkline, locops, xline, resv;
611     };
612    
613     /*
614     * shared {}: users that are allowed to remote kline (OLD U:)
615     *
616     * NOTE: This can be effectively used for remote klines.
617     * Please note that there is no password authentication
618     * for users setting remote klines. You must also be
619     * /oper'd in order to issue a remote kline.
620     */
621     shared {
622     /*
623     * name: the server the user must be on to set klines. If this is not
624     * specified, the user will be allowed to kline from all servers.
625     */
626     name = "irc2.some.server";
627    
628     /*
629     * user: the user@host mask that is allowed to set klines. If this is
630     * not specified, all users on the server above will be allowed to set
631     * a remote kline.
632     */
633     user = "oper@my.host.is.spoofed";
634    
635     /*
636     * type: list of what to share, options are as follows:
637     * kline - allow oper/server to kline
638     * tkline - allow temporary klines
639     * unkline - allow oper/server to unkline
640     * xline - allow oper/server to xline
641     * txline - allow temporary xlines
642     * unxline - allow oper/server to unxline
643     * resv - allow oper/server to resv
644     * tresv - allow temporary resvs
645     * unresv - allow oper/server to unresv
646     * locops - allow oper/server to locops - only used for servers that cluster
647     * all - allow oper/server to do all of the above (default)
648     */
649     type = kline, unkline, resv;
650     };
651    
652     /*
653     * kill {}: users that are not allowed to connect (OLD K:)
654     * Oper issued klines will be added to the specified kline config
655     */
656     kill {
657     user = "bad@*.hacked.edu";
658     reason = "Obviously hacked account";
659     };
660    
661     kill {
662     user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$";
663     type = regex;
664     };
665    
666     /*
667     * deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
668     * Oper issued dlines will be added to the specified dline config
669     */
670     deny {
671     ip = "10.0.1.0/24";
672     reason = "Reconnecting vhosted bots";
673     };
674    
675     /*
676     * exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:)
677     */
678     exempt {
679     ip = "192.168.0.0/16";
680     };
681    
682     /*
683     * resv {}: nicks and channels users may not use/join (OLD Q:)
684     */
685     resv {
686     /* reason: the reason for the proceeding resv's */
687     reason = "There are no services on this network";
688    
689     /* resv: the nicks and channels users may not join/use */
690     nick = "nickserv";
691     nick = "chanserv";
692     channel = "#services";
693    
694     /* resv: wildcard masks are also supported in nicks only */
695     reason = "Clone bots";
696     nick = "clone*";
697     };
698    
699     /*
700     * gecos {}: The X: replacement, used for banning users based on
701     * their "realname".
702     */
703     gecos {
704     name = "*sex*";
705     reason = "Possible spambot";
706     };
707    
708     gecos {
709     name = "sub7server";
710     reason = "Trojan drone";
711     };
712    
713     gecos {
714     name = "*http*";
715     reason = "Spambot";
716     };
717    
718     gecos {
719     name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
720     type = regex;
721     };
722    
723     /*
724     * channel {}: The channel block contains options pertaining to channels
725     */
726     channel {
727     /*
728     * disable_fake_channels: this option, if set to 'yes', will
729     * disallow clients to create or join channels that have one
730     * of the following ASCII characters in their name:
731     *
732     * 2 | bold
733     * 3 | mirc color
734     * 15 | plain text
735     * 22 | reverse
736     * 31 | underline
737     * 160 | non-breaking space
738     */
739     disable_fake_channels = yes;
740    
741     /*
742     * restrict_channels: reverse channel RESVs logic, only reserved
743     * channels are allowed
744     */
745     restrict_channels = no;
746    
747     /*
748     * disable_local_channels: prevent users from joining &channels.
749     */
750     disable_local_channels = no;
751    
752     /*
753     * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
754     * that can join a +i channel without an invite.
755     */
756     use_invex = yes;
757    
758     /*
759     * use_except: Enable/disable channel mode +e, a n!u@h list of masks
760     * that can join a channel through a ban (+b).
761     */
762     use_except = yes;
763    
764     /*
765     * use_knock: Allows users to request an invite to a channel that
766     * is locked somehow (+ikl). If the channel is +p or you are banned
767     * the knock will not be sent.
768     */
769     use_knock = yes;
770    
771     /*
772     * knock_delay: The amount of time a user must wait between issuing
773     * the knock command.
774     */
775     knock_delay = 1 minutes;
776    
777     /*
778     * knock_delay_channel: How often a knock to any specific channel
779     * is permitted, regardless of the user sending the knock.
780     */
781     knock_delay_channel = 1 minute;
782    
783     /*
784     * burst_topicwho: enable sending of who set topic on topicburst
785     * default is yes
786     */
787     burst_topicwho = yes;
788    
789     /*
790     * max_chans_per_user: The maximum number of channels a user can
791     * join/be on.
792     */
793     max_chans_per_user = 25;
794    
795     /* quiet_on_ban: stop banned people talking in channels. */
796     quiet_on_ban = yes;
797    
798     /* max_bans: maximum number of +b/e/I modes in a channel */
799     max_bans = 25;
800    
801     /*
802     * how many joins in how many seconds constitute a flood, use 0 to
803     * disable. +b opers will be notified (changeable via /set)
804     */
805     join_flood_count = 16;
806     join_flood_time = 8 seconds;
807    
808     /*
809     * splitcode: The ircd will now check splitmode every few seconds.
810     *
811     * Either split users or split servers can activate splitmode, but
812     * both conditions must be met for the ircd to deactivate splitmode.
813     *
814     * You may force splitmode to be permanent by /quote set splitmode on
815     */
816    
817     /*
818     * default_split_user_count: when the usercount is lower than this level,
819     * consider ourselves split. This must be set for automatic splitmode.
820     */
821     default_split_user_count = 0;
822    
823     /*
824     * default_split_server_count: when the servercount is lower than this,
825     * consider ourselves split. This must be set for automatic splitmode.
826     */
827     default_split_server_count = 0;
828    
829     /* split no create: disallow users creating channels on split. */
830     no_create_on_split = yes;
831    
832     /* split: no join: disallow users joining channels at all on a split */
833     no_join_on_split = no;
834     };
835    
836     /*
837     * serverhide {}: The serverhide block contains the options regarding
838     * serverhiding
839     */
840     serverhide {
841     /*
842     * flatten_links: this option will show all servers in /links appear
843     * that they are linked to this current server
844     */
845     flatten_links = no;
846    
847     /*
848     * links_delay: how often to update the links file when it is
849     * flattened.
850     */
851     links_delay = 5 minutes;
852    
853     /*
854     * hidden: hide this server from a /links output on servers that
855     * support it. This allows hub servers to be hidden etc.
856     */
857     hidden = no;
858    
859     /*
860     * disable_hidden: prevent servers hiding themselves from a
861     * /links output.
862     */
863     disable_hidden = no;
864    
865     /*
866     * hide_servers: hide remote servernames everywhere and instead use
867     * hidden_name and network_desc.
868     */
869     hide_servers = no;
870    
871     /*
872     * Use this as the servername users see if hide_servers = yes.
873     */
874     hidden_name = "*.hidden.com";
875    
876     /*
877     * hide_server_ips: If this is disabled, opers will be unable to see servers
878     * ips and will be shown a masked ip, admins will be shown the real ip.
879     *
880     * If this is enabled, nobody can see a servers ip. *This is a kludge*, it
881     * has the side effect of hiding the ips everywhere, including logfiles.
882     *
883     * We recommend you leave this disabled, and just take care with who you
884     * give admin=yes; to.
885     */
886     hide_server_ips = no;
887     };
888    
889     /*
890     * general {}: The general block contains many of the options that were once
891     * compiled in options in config.h. The general block is read at start time.
892     */
893     general {
894     /* max_watch: maximum WATCH entries */
895     max_watch = 64;
896    
897     /*
898     * gline_min_cidr: the minimum required length of a CIDR bitmask
899     * for IPv4 based glines
900     */
901     gline_min_cidr = 16;
902    
903     /*
904     * gline_min_cidr6: the minimum required length of a CIDR bitmask
905     * for IPv6 based glines
906     */
907     gline_min_cidr6 = 48;
908    
909     /*
910     * Whether to automatically set mode +i on connecting users.
911     */
912     invisible_on_connect = yes;
913    
914     /*
915     * If you don't explicitly specify burst_away in your connect blocks, then
916     * they will default to the burst_away value below.
917     */
918     burst_away = no;
919    
920     /*
921     * Show "actually using host <ip>" on /whois when possible.
922     */
923     use_whois_actually = yes;
924    
925     /*
926     * Max time from the nickname change that still causes KILL
927     * automatically to switch for the current nick of that user. (seconds)
928     */
929     kill_chase_time_limit = 90;
930    
931     /*
932     * If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed
933     * users in /trace etc. If this is defined they will be shown a masked IP.
934     */
935     hide_spoof_ips = yes;
936    
937     /*
938     * Ignore bogus timestamps from other servers. Yes, this will desync
939     * the network, but it will allow chanops to resync with a valid non TS 0
940     *
941     * This should be enabled network wide, or not at all.
942     */
943     ignore_bogus_ts = no;
944    
945     /*
946     * disable_auth: completely disable ident lookups; if you enable this,
947     * be careful of what you set need_ident to in your auth {} blocks
948     */
949     disable_auth = no;
950    
951     /* disable_remote_commands: disable users doing commands on remote servers */
952     disable_remote_commands = no;
953    
954     /*
955     * tkline_expire_notices: enables or disables temporary kline/xline
956     * expire notices.
957     */
958     tkline_expire_notices = no;
959    
960     /*
961     * default_floodcount: the default value of floodcount that is configurable
962     * via /quote set floodcount. This is the amount of lines a user
963     * may send to any other user/channel in one second.
964     */
965     default_floodcount = 10;
966    
967     /*
968     * failed_oper_notice: send a notice to all opers on the server when
969     * someone tries to OPER and uses the wrong password, host or ident.
970     */
971     failed_oper_notice = yes;
972    
973     /*
974     * dots_in_ident: the amount of '.' characters permitted in an ident
975     * reply before the user is rejected.
976     */
977     dots_in_ident = 2;
978    
979     /*
980     * dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts
981     * without a '.' in them. This will add one to the end. Only needed
982     * for older servers.
983     */
984     dot_in_ip6_addr = no;
985    
986     /*
987     * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
988     * placed via the server. klines hand placed are exempt from limits.
989     * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
990     */
991     min_nonwildcard = 4;
992    
993     /*
994     * min_nonwildcard_simple: the minimum non wildcard characters in
995     * gecos bans. wildcard chars: '*' '?' '#'
996     */
997     min_nonwildcard_simple = 3;
998    
999     /* max_accept: maximum allowed /accept's for +g usermode */
1000     max_accept = 20;
1001    
1002     /* anti_nick_flood: enable the nickflood control code */
1003     anti_nick_flood = yes;
1004    
1005     /* nick flood: the nick changes allowed in the specified period */
1006     max_nick_time = 20 seconds;
1007     max_nick_changes = 5;
1008    
1009     /*
1010     * anti_spam_exit_message_time: the minimum time a user must be connected
1011     * before custom quit messages are allowed.
1012     */
1013     anti_spam_exit_message_time = 5 minutes;
1014    
1015     /*
1016     * ts delta: the time delta allowed between server clocks before
1017     * a warning is given, or before the link is dropped. all servers
1018     * should run ntpdate/rdate to keep clocks in sync
1019     */
1020     ts_warn_delta = 30 seconds;
1021     ts_max_delta = 5 minutes;
1022    
1023     /*
1024     * kline_with_reason: show the user the reason why they are k/d/glined
1025     * on exit. May give away who set k/dline when set via tcm.
1026     */
1027     kline_with_reason = yes;
1028    
1029     /*
1030     * kline_reason: show this message to users on channel
1031     * instead of the oper reason.
1032     */
1033     kline_reason = "Connection closed";
1034    
1035     /*
1036     * reject_hold_time: wait this amount of time before disconnecting
1037     * a rejected client. Use 0 to disable.
1038     */
1039     reject_hold_time = 0;
1040    
1041     /*
1042     * warn_no_nline: warn opers about servers that try to connect but
1043     * we don't have a connect {} block for. Twits with misconfigured
1044     * servers can get really annoying with this enabled.
1045     */
1046     warn_no_nline = yes;
1047    
1048     /*
1049     * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1050     * operators and administrators. Doing so is a good idea in case
1051     * there are any exempted (exempt{}) server IPs you don't want to
1052     * see leaked.
1053     */
1054     stats_e_disabled = no;
1055    
1056     /* stats_o_oper only: make stats o (opers) oper only */
1057     stats_o_oper_only = yes;
1058    
1059     /* stats_P_oper_only: make stats P (ports) oper only */
1060     stats_P_oper_only = yes;
1061    
1062     /*
1063     * stats i oper only: make stats i (auth {}) oper only. set to:
1064     * yes: show users no auth blocks, made oper only.
1065     * masked: show users first matching auth block
1066     * no: show users all auth blocks.
1067     */
1068     stats_i_oper_only = yes;
1069    
1070     /*
1071     * stats_k_oper_only: make stats k/K (klines) oper only. set to:
1072     * yes: show users no auth blocks, made oper only
1073     * masked: show users first matching auth block
1074     * no: show users all auth blocks.
1075     */
1076     stats_k_oper_only = yes;
1077    
1078     /*
1079     * caller_id_wait: time between notifying a +g user that somebody
1080     * is messaging them.
1081     */
1082     caller_id_wait = 1 minute;
1083    
1084     /*
1085     * opers_bypass_callerid: allows operators to bypass +g and message
1086     * anyone who has it set (useful if you use services).
1087     */
1088     opers_bypass_callerid = no;
1089    
1090     /*
1091     * pace_wait_simple: time between use of less intensive commands
1092     * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
1093     */
1094     pace_wait_simple = 1 second;
1095    
1096     /*
1097     * pace_wait: time between more intensive commands
1098     * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
1099     */
1100     pace_wait = 10 seconds;
1101    
1102     /*
1103     * short_motd: send clients a notice telling them to read the motd
1104     * instead of forcing a motd to clients who may simply ignore it.
1105     */
1106     short_motd = no;
1107    
1108     /*
1109     * ping_cookie: require clients to respond exactly to a ping command,
1110     * can help block certain types of drones and FTP PASV mode spoofing.
1111     */
1112     ping_cookie = no;
1113    
1114     /* no_oper_flood: increase flood limits for opers. */
1115     no_oper_flood = yes;
1116    
1117     /*
1118     * true_no_oper_flood: completely eliminate flood limits for opers
1119     * and for clients with can_flood = yes in their auth {} blocks
1120     */
1121     true_no_oper_flood = yes;
1122    
1123     /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
1124     oper_pass_resv = yes;
1125    
1126     /*
1127     * idletime: the maximum amount of time a user may idle before
1128     * they are disconnected
1129     */
1130     idletime = 0;
1131    
1132     /* REMOVE ME. The following line checks you've been reading. */
1133     havent_read_conf = 1;
1134    
1135     /*
1136     * max_targets: the maximum amount of targets in a single
1137     * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1138     */
1139     max_targets = 4;
1140    
1141     /*
1142     * client_flood: maximum amount of data in a clients queue before
1143     * they are dropped for flooding.
1144     */
1145     client_flood = 2560 bytes;
1146    
1147     /*
1148     * message_locale: the default message locale
1149     * Use "standard" for the compiled in defaults.
1150     * To install the translated messages, go into messages/ in the
1151     * source directory and run `make install'.
1152     */
1153     message_locale = "standard";
1154    
1155     /*
1156     * usermodes configurable: a list of usermodes for the options below
1157     *
1158     * +b - bots - See bot and drone flooding notices
1159     * +c - cconn - Client connection/quit notices
1160     * +D - deaf - Don't receive channel messages
1161     * +d - debug - See debugging notices
1162     * +f - full - See I: line full notices
1163     * +G - softcallerid - Server Side Ignore for users not on your channels
1164     * +g - callerid - Server Side Ignore (for privmsgs etc)
1165     * +i - invisible - Not shown in NAMES or WHO unless you share a
1166     * a channel
1167     * +k - skill - See server generated KILL messages
1168     * +l - locops - See LOCOPS messages
1169     * +n - nchange - See client nick changes
1170     * +r - rej - See rejected client notices
1171     * +s - servnotice - See general server notices
1172     * +u - unauth - See unauthorized client notices
1173     * +w - wallop - See server generated WALLOPS
1174     * +x - external - See remote server connection and split notices
1175     * +y - spy - See LINKS, STATS, TRACE notices etc.
1176     * +z - operwall - See oper generated WALLOPS
1177     */
1178    
1179     /* oper_only_umodes: usermodes only opers may set */
1180     oper_only_umodes = bots, cconn, cconn_full, debug, full, skill,
1181     nchange, rej, spy, external, operwall,
1182     locops, unauth;
1183    
1184     /* oper_umodes: default usermodes opers get when they /oper */
1185     oper_umodes = bots, locops, servnotice, operwall, wallop;
1186    
1187     /*
1188     * servlink_path: path to 'servlink' program used by ircd to handle
1189     * encrypted/compressed server <-> server links.
1190     *
1191     * only define if servlink is not in same directory as ircd itself.
1192     */
1193     #servlink_path = "/usr/local/ircd/bin/servlink";
1194    
1195     /*
1196     * default_cipher_preference: default cipher to use for cryptlink when none is
1197     * specified in connect block.
1198     */
1199     #default_cipher_preference = "BF/168";
1200    
1201     /*
1202     * use_egd: if your system does not have *random devices yet you
1203     * want to use OpenSSL and encrypted links, enable this. Beware -
1204     * EGD is *very* CPU intensive when gathering data for its pool
1205     */
1206     # use_egd = yes;
1207    
1208     /*
1209     * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
1210     * which automatically finds the path.
1211     */
1212     # egdpool_path = "/var/run/egd-pool";
1213    
1214    
1215     /*
1216     * compression_level: level of compression for compressed links between
1217     * servers.
1218     *
1219     * values are between: 1 (least compression, fastest)
1220     * and: 9 (most compression, slowest).
1221     */
1222     # compression_level = 6;
1223    
1224     /*
1225     * throttle_time: the minimum amount of time between connections from
1226     * the same ip. exempt {} blocks are excluded from this throttling.
1227     * Offers protection against flooders who reconnect quickly.
1228     * Set to 0 to disable.
1229     */
1230     throttle_time = 10;
1231     };
1232    
1233     glines {
1234     /* enable: enable glines, network wide temp klines */
1235     enable = yes;
1236    
1237     /*
1238     * duration: the amount of time a gline will remain on your
1239     * server before expiring
1240     */
1241     duration = 1 day;
1242    
1243     /*
1244     * logging: which types of rules you want to log when triggered
1245     * (choose reject or block)
1246     */
1247     logging = reject, block;
1248    
1249     /*
1250     * NOTE: gline ACLs can cause a desync of glines throughout the
1251     * network, meaning some servers may have a gline triggered, and
1252     * others may not. Also, you only need insert rules for glines
1253     * that you want to block and/or reject. If you want to accept and
1254     * propagate the gline, do NOT put a rule for it.
1255     */
1256    
1257     /* user@host for rule to apply to */
1258     user = "god@I.still.hate.packets";
1259     /* server for rule to apply to */
1260     name = "hades.arpa";
1261    
1262     /*
1263     * action: action to take when a matching gline is found. options are:
1264     * reject - do not apply the gline locally
1265     * block - do not propagate the gline
1266     */
1267     action = reject, block;
1268    
1269     user = "god@*";
1270     name = "*";
1271     action = block;
1272     };
1273    
1274     modules {
1275     /*
1276     * module path: other paths to search for modules specified below
1277     * and in /modload.
1278     */
1279 michael 912 path = "@LIBDIR@/modules";
1280     path = "@LIBDIR@/modules/autoload";
1281 db 897
1282     /* module: the name of a module to load on startup/rehash */
1283     #module = "some_module.so";
1284     };

Properties

Name Value
svn:eol-style native
svn:keywords "Author Date Id Revision"