ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid-8/etc/example.conf
Revision: 1285
Committed: Sun Feb 5 15:12:59 2012 UTC (12 years, 1 month ago) by michael
File size: 36156 byte(s)
Log Message:
- added CIDR support for operator{} blocks
- operator "name"{} is no longer supported

File Contents

# User Rev Content
1 db 897 /* doc/example.conf - ircd-hybrid-7 Example configuration file
2 michael 1134 * Copyright (C) 2000-2011 Hybrid Development Team
3 db 897 *
4     * Written by ejb, wcampbel, db, leeh and others
5     * Other example configurations can be found in the source dir under
6     * etc/.
7     *
8     * $Id$
9     */
10    
11     /* IMPORTANT NOTES:
12     *
13     * auth {} blocks MUST be specified in order of precedence. The first one
14     * that matches a user will be used. So place spoofs first, then specials,
15     * then general access.
16     *
17     * Shell style (#), C++ style (//) and C style comments are supported.
18     *
19     * Files may be included by either:
20     * .include "filename"
21     * .include <filename>
22     *
23     * Times/durations are written as:
24     * 12 hours 30 minutes 1 second
25     *
26     * Valid units of time:
27     * month, week, day, hour, minute, second
28     *
29     * Valid units of size:
30     * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
31     *
32     * Sizes and times may be singular or plural.
33     */
34    
35     /* EFNET NOTE:
36     *
37     * This config file is NOT suitable for EFNet. EFNet admins should use
38     * example.efnet.conf
39     */
40    
41     /*
42     * serverinfo {}: contains information about the server. (OLD M:)
43     */
44     serverinfo {
45     /*
46 michael 1070 * name: the name of this server. This cannot be changed at runtime.
47 db 897 */
48     name = "hades.arpa";
49    
50     /*
51     * sid: a server's unique ID. This is three characters long and must
52     * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
53     * a digit, followed by 2 alpha-numerical letters.
54     * NOTE: The letters must be capitalized. This cannot be changed at runtime.
55     */
56     sid = "_CHANGE_ME_";
57    
58     /*
59     * description: the description of the server. '[' and ']' may not
60     * be used here for compatibility with older servers.
61     */
62     description = "hybrid-7 test server";
63    
64     /*
65     * network info: the name and description of the network this server
66     * is on. Shown in the 005 reply and used with serverhiding.
67     */
68     network_name = "MyNet";
69     network_desc = "This is My Network";
70    
71     /*
72     * hub: allow this server to act as a hub and have multiple servers
73     * connected to it.
74     */
75     hub = no;
76    
77     /*
78     * vhost: the IP to bind to when we connect outward to ipv4 servers.
79 michael 959 * This should be an ipv4 IP only, or "*" for INADDR_ANY.
80 db 897 */
81     #vhost = "192.169.0.1";
82    
83     /*
84     * vhost6: the IP to bind to when we connect outward to ipv6 servers.
85 michael 959 * This should be an ipv6 IP only, or "*" for INADDR_ANY.
86 db 897 */
87     #vhost6 = "3ffe:80e8:546::2";
88    
89     /* max_clients: the maximum number of clients allowed to connect */
90     max_clients = 512;
91    
92     /*
93 michael 951 * rsa_private_key_file: the path to the file containing our
94     * rsa key for cryptlink.
95 db 897 *
96     * Example command to store a 2048 bit RSA keypair in
97     * rsa.key, and the public key in rsa.pub:
98     *
99 michael 1229 * openssl genrsa -out rsa.key 2048
100 db 897 * openssl rsa -in rsa.key -pubout -out rsa.pub
101     * chown <ircd-user>.<ircd.group> rsa.key rsa.pub
102     * chmod 0600 rsa.key
103     * chmod 0644 rsa.pub
104     */
105     #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
106    
107     /*
108 michael 951 * ssl_certificate_file: the path to the file containing our
109 michael 1070 * ssl certificate for encrypted client connection.
110 db 897 *
111     * This assumes your private RSA key is stored in rsa.key. You
112     * MUST have an RSA key in order to generate the certificate
113     *
114     * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
115     *
116     * See http://www.openssl.org/docs/HOWTO/certificates.txt
117     *
118     * Please use the following values when generating the cert
119     *
120     * Organization Name: Network Name
121     * Organization Unit Name: changme.someirc.net
122     * Common Name: irc.someirc.net
123     * E-mail: you@domain.com
124     */
125     #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
126 michael 967
127     /*
128     * ssl_server_protocol:
129     * SSL/TLS protocols we provide for incoming secure connections.
130     * This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1.
131     * SSLv2 is not suppported. This cannot be changed at runtime.
132     */
133     #ssl_server_protocol = sslv3, tlsv1;
134 db 897 };
135    
136     /*
137 michael 1229 * admin {}: contains admin information about the server
138 db 897 */
139     admin {
140     name = "Smurf target";
141     description = "Main Server Administrator";
142     email = "<syn@packets.r.us>";
143     };
144    
145     /*
146 michael 1229 * class {}: contains information about classes for users
147 db 897 */
148     class {
149     /* name: the name of the class. classes are text now */
150     name = "users";
151    
152     /*
153     * ping_time: how often a client must reply to a PING from the
154     * server before they are dropped.
155     */
156     ping_time = 90 seconds;
157    
158     /*
159     * number_per_ip: how many local users are allowed to connect
160     * from one IP (optional)
161     */
162     number_per_ip = 2;
163    
164     /*
165     * max_local: how many local users are allowed to connect
166     * from one ident@host (optional)
167     */
168     max_local = 2;
169    
170     /*
171     * max_global: network-wide limit of users per ident@host (optional)
172     */
173     max_global = 10;
174    
175     /*
176     * max_number: the maximum number of users allowed in this class (optional)
177     */
178     max_number = 100;
179    
180     /*
181     * the following lines are optional and allow you to define
182     * how many users can connect from one /NN subnet
183     */
184     cidr_bitlen_ipv4 = 24;
185     cidr_bitlen_ipv6 = 120;
186     number_per_cidr = 16;
187    
188     /*
189     * sendq: the amount of data allowed in a clients queue before
190     * they are dropped.
191     */
192     sendq = 100 kbytes;
193     };
194    
195     class {
196     name = "opers";
197     ping_time = 90 seconds;
198     number_per_ip = 10;
199     max_number = 100;
200     sendq = 100kbytes;
201     };
202    
203     class {
204     name = "server";
205     ping_time = 90 seconds;
206    
207     /*
208     * ping_warning: how fast a server must reply to a PING before
209     * a warning to opers is generated.
210     */
211     ping_warning = 15 seconds;
212    
213     /*
214     * connectfreq: only used in server classes. Specifies the delay
215     * between autoconnecting to servers.
216     */
217     connectfreq = 5 minutes;
218    
219     /* max number: the amount of servers to autoconnect to */
220     max_number = 1;
221    
222     /* sendq: servers need a higher sendq as they send more data */
223     sendq = 2 megabytes;
224     };
225    
226     /*
227 michael 1229 * listen {}: contains information about the ports ircd listens on
228 db 897 */
229     listen {
230     /*
231     * port: the specific port to listen on. If no host is specified
232     * before, it will listen on all available IPs.
233     *
234     * Ports are separated via a comma, a range may be specified using ".."
235     */
236    
237     /* port: listen on all available IPs, ports 6665 to 6669 */
238     port = 6665 .. 6669;
239    
240     /*
241     * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
242     * unless you are an administrator.
243     *
244     * NOTE: The "flags" directive has to come before "port". Always!
245 michael 951 *
246     * Currently available flags are:
247     *
248     * ssl - Port is for SSL client connections only
249     * server - Only server connections are permitted
250 michael 1229 * hidden - Port is hidden from /stats P, unless you're an admin
251 db 897 */
252     flags = hidden, ssl;
253     host = "192.168.0.1";
254     port = 6697;
255    
256     /*
257     * host: set a specific IP/host the ports after the line will listen
258     * on. This may be ipv4 or ipv6.
259     */
260     host = "1.2.3.4";
261     port = 7000, 7001;
262    
263     host = "3ffe:1234:a:b:c::d";
264     port = 7002;
265     };
266    
267     /*
268 michael 1229 * auth {}: allow users to connect to the ircd
269 db 897 */
270     auth {
271     /*
272     * user: the user@host allowed to connect. Multiple IPv4/IPv6 user
273     * lines are permitted per auth block.
274     */
275     user = "*@172.16.0.0/12";
276     user = "*test@123D:B567:*";
277    
278     /* password: an optional password that is required to use this block */
279     password = "letmein";
280    
281     /*
282     * encrypted: controls whether the auth password above has been
283     * encrypted.
284     */
285     encrypted = yes;
286    
287     /*
288     * spoof: fake the users host to this. This is free-form,
289     * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
290     */
291     spoof = "I.still.hate.packets";
292    
293     /* class: the class the user is placed in */
294     class = "opers";
295    
296     /*
297 michael 1229 * need_password - don't allow users who haven't supplied the correct
298     * password to connect using another auth{} block
299     * ('&' prefix on /stats I if disabled)
300     * need_ident - require the user to have identd to connect ('+' prefix on /stats I)
301     * spoof_notice - enable spoofing notification to admins
302     * exceed_limit - allow a user to exceed class limits ('>' prefix on /stats I)
303     * kline_exempt - exempt this user from k/glines ('^' prefix on /stats I)
304     * gline_exempt - exempt this user from glines ('_' prefix on /stats I)
305     * resv_exempt - exempt this user from resvs ('$' prefix on /stats I)
306     * no_tilde - remove ~ from a user with no ident ('-' prefix on /stats I)
307     * can_flood - allow this user to exceed flood limits ('|' prefix on /stats I)
308 db 897 */
309     flags = need_password, spoof_notice, exceed_limit, kline_exempt,
310 michael 1176 gline_exempt, resv_exempt, no_tilde, can_flood;
311 db 897 };
312    
313     auth {
314     /*
315     * redirect: the server and port to redirect a user to. A user does
316     * not have to obey the redirection, the ircd just suggests an alternative
317     * server for them.
318     */
319     redirserv = "this.is.not.a.real.server";
320     redirport = 6667;
321    
322     user = "*.server";
323    
324     /* class: a class is required even though it is not used */
325     class = "users";
326     };
327    
328     auth {
329     user = "*@*";
330     class = "users";
331     flags = need_ident;
332     };
333    
334     /*
335 michael 1229 * operator {}: defines ircd operators
336 db 897 *
337     * ircd-hybrid no longer supports local operators, privileges are
338     * controlled via flags.
339     */
340     operator {
341     /* name: the name of the oper */
342     name = "god";
343    
344     /*
345 michael 1285 * user: the user@host required for this operator. Multiple
346     * user="" lines are supported.
347 db 897 */
348 michael 1285 user = "*god@192.168.0.0/16";
349     user = "*@127.0.0.0/8";
350 db 897
351     /*
352     * password: the password required to oper. By default this will
353 michael 1070 * need to be encrypted by using the provided mkpasswd tool.
354     * Several password hash algorithms are available depending
355     * on your system's crypt() implementation. For example, a modern
356     * glibc already has support for SHA-256/512, and MD5 encryption
357     * algorithms.
358 db 897 */
359 michael 1070 password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4";
360 db 897
361     /*
362     * encrypted: controls whether the oper password above has been
363 michael 1070 * encrypted.
364 db 897 */
365     encrypted = yes;
366    
367     /*
368     * rsa_public_key_file: the public key for this oper when using Challenge.
369     * A password should not be defined when this is used, see
370     * doc/challenge.txt for more information.
371     */
372     # rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
373    
374     /* class: the class the oper joins when they successfully /oper */
375     class = "opers";
376    
377     /*
378     * umodes: default usermodes opers get when they /oper. If defined,
379     * it will override oper_umodes settings in general {}.
380     * Available usermodes:
381     *
382     * +b - bots - See bot and drone flooding notices
383     * +c - cconn - Client connection/quit notices
384 michael 951 * +C - cconn_full - Client connection/quit notices full
385 db 897 * +D - deaf - Don't receive channel messages
386     * +d - debug - See debugging notices
387     * +f - full - See I: line full notices
388     * +G - softcallerid - Server Side Ignore for users not on your channels
389     * +g - callerid - Server Side Ignore (for privmsgs etc)
390     * +i - invisible - Not shown in NAMES or WHO unless you share a
391     * a channel
392     * +k - skill - See server generated KILL messages
393     * +l - locops - See LOCOPS messages
394     * +n - nchange - See client nick changes
395     * +r - rej - See rejected client notices
396     * +s - servnotice - See general server notices
397     * +u - unauth - See unauthorized client notices
398     * +w - wallop - See server generated WALLOPS
399     * +x - external - See remote server connection and split notices
400     * +y - spy - See LINKS, STATS, TRACE notices etc.
401     * +z - operwall - See oper generated WALLOPS
402     */
403     # umodes = locops, servnotice, operwall, wallop;
404    
405     /*
406     * privileges: controls the activities and commands an oper is
407 michael 1228 * allowed to do on the server. All options default to no.
408 db 897 * Available options:
409     *
410 michael 1229 * module - allows MODLIST, MODRESTART, MODLOAD, MODUNLOAD
411     * global_kill - allows remote users to be /KILL'd
412     * remote - allows remote SQUIT and CONNECT
413     * remoteban - allows remote KLINE/UNKLINE
414     * kline - allows KILL, KLINE and DLINE
415     * unkline - allows UNKLINE and UNDLINE
416     * gline - allows GLINE
417     * xline - allows XLINE
418     * globops - allows GLOBOPS
419     * operwall - allows OPERWALL
420     * nick_changes - allows oper to see nickchanges via usermode +n
421     * rehash - allows oper to REHASH config
422     * die - allows DIE
423     * restart - allows RESTART
424     * admin - gives admin privileges. admins for example,
425     * may see the real IP addresses of servers.
426     * hidden_admin - same as 'admin', but noone can recognize you as
427     * being an admin
428     * hidden_oper - not shown in /stats p (except for other operators)
429 db 897 */
430 michael 1228 flags = global_kill, remote, kline, unkline, xline, globops, restart,
431     die, rehash, nick_changes, admin, operwall, module;
432 db 897 };
433    
434 michael 1157 service {
435     name = "service.someserver";
436     name = "stats.someserver;
437     };
438    
439 db 897 /*
440 michael 1229 * connect {}: controls servers we connect to
441 db 897 */
442     connect {
443     /* name: the name of the server */
444     name = "irc.uplink.com";
445    
446     /*
447     * host: the host or IP to connect to. If a hostname is used it
448     * must match the reverse dns of the server.
449     */
450     host = "192.168.0.1";
451    
452     /*
453     * vhost: the IP to bind to when we connect outward to servers.
454     * serverinfo::vhost and serverinfo::vhost6 will be overridden
455     * by this directive.
456     */
457     vhost = "192.168.0.2";
458    
459     /*
460     * passwords: the passwords we send (OLD C:) and accept (OLD N:).
461     * The remote server will have these passwords reversed.
462     */
463     send_password = "password";
464     accept_password = "anotherpassword";
465    
466     /*
467     * encrypted: controls whether the accept_password above has been
468 michael 1070 * encrypted.
469 db 897 */
470     encrypted = no;
471    
472     /* port: the port to connect to this server on */
473     port = 6666;
474    
475     /*
476     * hub_mask: the mask of servers that this server may hub. Multiple
477     * entries are permitted
478     */
479     hub_mask = "*";
480    
481     /*
482     * leaf_mask: the mask of servers this server may not hub. Multiple
483     * entries are permitted. Useful for forbidding EU -> US -> EU routes.
484     */
485     # leaf_mask = "*.uk";
486    
487     /* class: the class this server is in */
488     class = "server";
489    
490     /*
491 michael 1229 * autoconn - controls whether we autoconnect to this server or not,
492     * dependent on class limits. By default, this is disabled.
493     * compressed - controls whether traffic is compressed via ziplinks.
494 db 897 * By default, this is disabled
495 michael 1229 * cryptlink - enable full encryption for all data passing between our
496 db 897 * server and this link and rsa authentication.
497 michael 1229 * burst_away - This will send the /away string that users have set
498 db 897 * on the server burst. Note this can be a lot of data
499     * and slow down your server burst.
500 michael 1229 * topicburst - Send topics to this server during channel burst. Works
501 db 897 * only if the server we are connecting to is capable
502     * of TBURST/TB.
503     */
504     # flags = autoconn, compressed, cryptlink, burst_away, topicburst;
505     };
506    
507     connect {
508     name = "encrypted.auth.example";
509     host = "some.host.somewhere";
510     port = 6667;
511    
512     flags = cryptlink;
513    
514     /*
515     * rsa_public_key_file: the path to the public keyfile of the server.
516     * Used instead of passwords.
517     */
518     rsa_public_key_file = "etc/remote.server.keyfile";
519    
520     /*
521     * cipher preference: set the preferred cipher for this link
522     *
523     * Available ciphers are:
524     * BF/168 BF/128 CAST/128 IDEA/128 RC5.16/128
525     * RC5.12/128 RC5.8/128 3DES/168 DES/56
526     *
527     * NOTE: Some ciphers may not be supported by your OpenSSL.
528     * Check the output from 'configure' for available ciphers.
529     *
530     * NOTE2: To help you decide what cipher to use, tools/encspeed
531     * will show you approximately how fast each cipher is.
532     * However, blowfish is fast and secure, and is probably
533     * a good default for most situations.
534     *
535     * NOTE3: Default if none is set is BF/128
536     *
537     * The cipher *MUST* be the same in both directions. If you
538     * set a cipher preference, your uplink must set the same cipher,
539     * else it will not link.
540     */
541     # cipher_preference = "BF/168";
542     };
543    
544 michael 1285 connect {
545     name = "ipv6.some.server";
546 db 897 host = "3ffd:dead:beef::1";
547     send_password = "password";
548     accept_password = "password";
549     port = 6666;
550    
551     /*
552     * aftype: controls whether the connection uses "ipv4" or "ipv6".
553     * Default is ipv4.
554     */
555     aftype = ipv6;
556     class = "server";
557     };
558    
559     /*
560     * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
561 michael 1229 * automatically
562 db 897 */
563     cluster {
564     /*
565     * name: the server to share with, this can take wildcards
566     *
567     * NOTE: only local actions will be clustered, meaning if
568     * the server receives a shared kline/unkline/etc, it
569     * will not be propagated to clustered servers.
570     *
571     * Remote servers are not necessarily required to accept
572     * clustered lines, they need a shared{} for *THIS* server
573     * in order to accept them.
574     */
575     name = "*.arpa";
576    
577     /*
578     * type: list of what to share, options are as follows:
579     * kline - share klines
580     * tkline - share temporary klines
581     * unkline - share unklines
582     * xline - share xlines
583     * txline - share temporary xlines
584     * unxline - share unxlines
585     * resv - share resvs
586     * tresv - share temporary resvs
587     * unresv - share unresvs
588     * locops - share locops
589     * all - share all of the above (default)
590     */
591     type = kline, unkline, locops, xline, resv;
592     };
593    
594     /*
595 michael 1229 * shared {}: users that are allowed to remote kline
596 db 897 *
597     * NOTE: This can be effectively used for remote klines.
598     * Please note that there is no password authentication
599     * for users setting remote klines. You must also be
600     * /oper'd in order to issue a remote kline.
601     */
602     shared {
603     /*
604     * name: the server the user must be on to set klines. If this is not
605     * specified, the user will be allowed to kline from all servers.
606     */
607     name = "irc2.some.server";
608    
609     /*
610     * user: the user@host mask that is allowed to set klines. If this is
611     * not specified, all users on the server above will be allowed to set
612     * a remote kline.
613     */
614     user = "oper@my.host.is.spoofed";
615    
616     /*
617     * type: list of what to share, options are as follows:
618     * kline - allow oper/server to kline
619     * tkline - allow temporary klines
620     * unkline - allow oper/server to unkline
621     * xline - allow oper/server to xline
622     * txline - allow temporary xlines
623     * unxline - allow oper/server to unxline
624     * resv - allow oper/server to resv
625     * tresv - allow temporary resvs
626     * unresv - allow oper/server to unresv
627     * locops - allow oper/server to locops - only used for servers that cluster
628     * all - allow oper/server to do all of the above (default)
629     */
630     type = kline, unkline, resv;
631     };
632    
633     /*
634 michael 1229 * kill {}: users that are not allowed to connect
635 db 897 * Oper issued klines will be added to the specified kline config
636     */
637     kill {
638     user = "bad@*.hacked.edu";
639     reason = "Obviously hacked account";
640     };
641    
642     kill {
643 michael 951 user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.tld$";
644    
645     /*
646     * NOTE: You have to set type=regex; when using a regular expression
647     * based user entry
648     */
649 db 897 type = regex;
650     };
651    
652     /*
653     * deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
654     * Oper issued dlines will be added to the specified dline config
655     */
656     deny {
657     ip = "10.0.1.0/24";
658     reason = "Reconnecting vhosted bots";
659     };
660    
661     /*
662 michael 1229 * exempt {}: IPs that are exempt from deny {} and Dlines
663 db 897 */
664     exempt {
665     ip = "192.168.0.0/16";
666     };
667    
668     /*
669 michael 1229 * resv {}: nicks and channels users may not use/join
670 db 897 */
671     resv {
672     /* reason: the reason for the proceeding resv's */
673 michael 1157 reason = "Reserved for services";
674 db 897
675     /* resv: the nicks and channels users may not join/use */
676 michael 1217 nick = "Global";
677     nick = "DevNull";
678     nick = "Services";
679     nick = "StatServ";
680     nick = "HostServ";
681 michael 1157 nick = "NickServ";
682     nick = "ChanServ";
683     nick = "MemoServ";
684     nick = "OperServ";
685 db 897 channel = "#services";
686    
687     /* resv: wildcard masks are also supported in nicks only */
688     reason = "Clone bots";
689     nick = "clone*";
690     };
691    
692     /*
693     * gecos {}: The X: replacement, used for banning users based on
694     * their "realname".
695     */
696     gecos {
697     name = "*sex*";
698     reason = "Possible spambot";
699     };
700    
701     gecos {
702     name = "sub7server";
703     reason = "Trojan drone";
704     };
705    
706     gecos {
707     name = "*http*";
708     reason = "Spambot";
709     };
710    
711     gecos {
712     name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
713 michael 951
714     /*
715     * NOTE: You have to set type=regex; when using a regular expression
716     * based name entry
717     */
718 db 897 type = regex;
719     };
720    
721     /*
722     * channel {}: The channel block contains options pertaining to channels
723     */
724     channel {
725     /*
726     * disable_fake_channels: this option, if set to 'yes', will
727     * disallow clients to create or join channels that have one
728     * of the following ASCII characters in their name:
729     *
730     * 2 | bold
731     * 3 | mirc color
732 michael 951 * 15 | plain text
733 db 897 * 22 | reverse
734     * 31 | underline
735     * 160 | non-breaking space
736     */
737     disable_fake_channels = yes;
738    
739     /*
740     * restrict_channels: reverse channel RESVs logic, only reserved
741     * channels are allowed
742     */
743     restrict_channels = no;
744    
745     /*
746     * disable_local_channels: prevent users from joining &channels.
747     */
748     disable_local_channels = no;
749    
750     /*
751     * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
752     * that can join a +i channel without an invite.
753     */
754     use_invex = yes;
755    
756     /*
757     * use_except: Enable/disable channel mode +e, a n!u@h list of masks
758     * that can join a channel through a ban (+b).
759     */
760     use_except = yes;
761    
762     /*
763     * use_knock: Allows users to request an invite to a channel that
764     * is locked somehow (+ikl). If the channel is +p or you are banned
765     * the knock will not be sent.
766     */
767     use_knock = yes;
768    
769     /*
770     * knock_delay: The amount of time a user must wait between issuing
771     * the knock command.
772     */
773 michael 951 knock_delay = 5 minutes;
774 db 897
775     /*
776     * knock_delay_channel: How often a knock to any specific channel
777     * is permitted, regardless of the user sending the knock.
778     */
779     knock_delay_channel = 1 minute;
780    
781     /*
782     * burst_topicwho: enable sending of who set topic on topicburst
783     * default is yes
784     */
785     burst_topicwho = yes;
786    
787     /*
788     * max_chans_per_user: The maximum number of channels a user can
789     * join/be on.
790     */
791     max_chans_per_user = 25;
792    
793     /* quiet_on_ban: stop banned people talking in channels. */
794     quiet_on_ban = yes;
795    
796     /* max_bans: maximum number of +b/e/I modes in a channel */
797     max_bans = 25;
798    
799     /*
800     * how many joins in how many seconds constitute a flood, use 0 to
801     * disable. +b opers will be notified (changeable via /set)
802     */
803     join_flood_count = 16;
804     join_flood_time = 8 seconds;
805    
806     /*
807     * splitcode: The ircd will now check splitmode every few seconds.
808     *
809     * Either split users or split servers can activate splitmode, but
810     * both conditions must be met for the ircd to deactivate splitmode.
811     *
812     * You may force splitmode to be permanent by /quote set splitmode on
813     */
814    
815     /*
816     * default_split_user_count: when the usercount is lower than this level,
817     * consider ourselves split. This must be set for automatic splitmode.
818     */
819     default_split_user_count = 0;
820    
821     /*
822     * default_split_server_count: when the servercount is lower than this,
823     * consider ourselves split. This must be set for automatic splitmode.
824     */
825     default_split_server_count = 0;
826    
827 michael 959 /* no_create_on_split: disallow users creating channels on split. */
828 db 897 no_create_on_split = yes;
829    
830 michael 959 /* no_join_on_split: disallow users joining channels at all on a split. */
831 db 897 no_join_on_split = no;
832     };
833    
834     /*
835     * serverhide {}: The serverhide block contains the options regarding
836     * serverhiding
837     */
838     serverhide {
839     /*
840     * flatten_links: this option will show all servers in /links appear
841     * that they are linked to this current server
842     */
843     flatten_links = no;
844    
845     /*
846     * links_delay: how often to update the links file when it is
847     * flattened.
848     */
849     links_delay = 5 minutes;
850    
851     /*
852     * hidden: hide this server from a /links output on servers that
853     * support it. This allows hub servers to be hidden etc.
854     */
855     hidden = no;
856    
857     /*
858     * disable_hidden: prevent servers hiding themselves from a
859     * /links output.
860     */
861     disable_hidden = no;
862    
863     /*
864     * hide_servers: hide remote servernames everywhere and instead use
865     * hidden_name and network_desc.
866     */
867     hide_servers = no;
868    
869     /*
870     * Use this as the servername users see if hide_servers = yes.
871     */
872     hidden_name = "*.hidden.com";
873    
874     /*
875 michael 951 * hide_server_ips: If this is disabled, opers will be unable to see
876     * servers ips and will be shown a masked ip, admins will be shown the
877     * real ip.
878 db 897 *
879 michael 951 * If this is enabled, nobody can see a servers ip. *This is a kludge*,
880     * it has the side effect of hiding the ips everywhere, including
881     * logfiles.
882 db 897 *
883     * We recommend you leave this disabled, and just take care with who you
884     * give admin=yes; to.
885     */
886     hide_server_ips = no;
887     };
888    
889     /*
890     * general {}: The general block contains many of the options that were once
891     * compiled in options in config.h. The general block is read at start time.
892     */
893     general {
894 michael 1157 /* services_name: servername of nick/channel services */
895     services_name = "service.someserver";
896    
897 michael 951 /* max_watch: maximum WATCH entries a client can have. */
898 michael 1070 max_watch = 60;
899 db 897
900     /*
901     * gline_min_cidr: the minimum required length of a CIDR bitmask
902     * for IPv4 based glines
903     */
904     gline_min_cidr = 16;
905    
906     /*
907     * gline_min_cidr6: the minimum required length of a CIDR bitmask
908     * for IPv6 based glines
909     */
910     gline_min_cidr6 = 48;
911    
912     /*
913     * Whether to automatically set mode +i on connecting users.
914     */
915     invisible_on_connect = yes;
916    
917     /*
918     * Show "actually using host <ip>" on /whois when possible.
919     */
920     use_whois_actually = yes;
921    
922     /*
923     * Max time from the nickname change that still causes KILL
924 michael 1074 * automatically to switch for the current nick of that user.
925 db 897 */
926 michael 1074 kill_chase_time_limit = 90 seconds;
927 db 897
928     /*
929 michael 1228 * If hide_spoof_ips is disabled, opers will be allowed to see the real
930     * IP of spoofed users in /trace etc. If this is defined they will be
931     * shown a masked IP.
932 db 897 */
933     hide_spoof_ips = yes;
934    
935     /*
936     * Ignore bogus timestamps from other servers. Yes, this will desync
937     * the network, but it will allow chanops to resync with a valid non TS 0
938     *
939     * This should be enabled network wide, or not at all.
940     */
941     ignore_bogus_ts = no;
942    
943     /*
944     * disable_auth: completely disable ident lookups; if you enable this,
945     * be careful of what you set need_ident to in your auth {} blocks
946     */
947     disable_auth = no;
948    
949     /* disable_remote_commands: disable users doing commands on remote servers */
950     disable_remote_commands = no;
951    
952     /*
953     * tkline_expire_notices: enables or disables temporary kline/xline
954     * expire notices.
955     */
956     tkline_expire_notices = no;
957    
958     /*
959     * default_floodcount: the default value of floodcount that is configurable
960     * via /quote set floodcount. This is the amount of lines a user
961     * may send to any other user/channel in one second.
962     */
963     default_floodcount = 10;
964    
965     /*
966     * failed_oper_notice: send a notice to all opers on the server when
967     * someone tries to OPER and uses the wrong password, host or ident.
968     */
969     failed_oper_notice = yes;
970    
971     /*
972     * dots_in_ident: the amount of '.' characters permitted in an ident
973     * reply before the user is rejected.
974     */
975     dots_in_ident = 2;
976    
977     /*
978     * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
979     * placed via the server. klines hand placed are exempt from limits.
980     * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
981     */
982     min_nonwildcard = 4;
983    
984     /*
985     * min_nonwildcard_simple: the minimum non wildcard characters in
986     * gecos bans. wildcard chars: '*' '?' '#'
987     */
988     min_nonwildcard_simple = 3;
989    
990     /* max_accept: maximum allowed /accept's for +g usermode */
991     max_accept = 20;
992    
993     /* anti_nick_flood: enable the nickflood control code */
994     anti_nick_flood = yes;
995    
996     /* nick flood: the nick changes allowed in the specified period */
997     max_nick_time = 20 seconds;
998     max_nick_changes = 5;
999    
1000     /*
1001     * anti_spam_exit_message_time: the minimum time a user must be connected
1002     * before custom quit messages are allowed.
1003     */
1004     anti_spam_exit_message_time = 5 minutes;
1005    
1006     /*
1007     * ts delta: the time delta allowed between server clocks before
1008     * a warning is given, or before the link is dropped. all servers
1009     * should run ntpdate/rdate to keep clocks in sync
1010     */
1011     ts_warn_delta = 30 seconds;
1012     ts_max_delta = 5 minutes;
1013    
1014     /*
1015     * kline_with_reason: show the user the reason why they are k/d/glined
1016     * on exit. May give away who set k/dline when set via tcm.
1017     */
1018     kline_with_reason = yes;
1019    
1020     /*
1021     * kline_reason: show this message to users on channel
1022     * instead of the oper reason.
1023     */
1024     kline_reason = "Connection closed";
1025    
1026     /*
1027     * reject_hold_time: wait this amount of time before disconnecting
1028     * a rejected client. Use 0 to disable.
1029     */
1030     reject_hold_time = 0;
1031    
1032     /*
1033     * warn_no_nline: warn opers about servers that try to connect but
1034     * we don't have a connect {} block for. Twits with misconfigured
1035     * servers can get really annoying with this enabled.
1036     */
1037     warn_no_nline = yes;
1038    
1039     /*
1040     * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1041     * operators and administrators. Doing so is a good idea in case
1042     * there are any exempted (exempt{}) server IPs you don't want to
1043     * see leaked.
1044     */
1045     stats_e_disabled = no;
1046    
1047     /* stats_o_oper only: make stats o (opers) oper only */
1048     stats_o_oper_only = yes;
1049    
1050     /* stats_P_oper_only: make stats P (ports) oper only */
1051     stats_P_oper_only = yes;
1052    
1053     /*
1054     * stats i oper only: make stats i (auth {}) oper only. set to:
1055     * yes: show users no auth blocks, made oper only.
1056     * masked: show users first matching auth block
1057     * no: show users all auth blocks.
1058     */
1059     stats_i_oper_only = yes;
1060    
1061     /*
1062     * stats_k_oper_only: make stats k/K (klines) oper only. set to:
1063     * yes: show users no auth blocks, made oper only
1064     * masked: show users first matching auth block
1065     * no: show users all auth blocks.
1066     */
1067     stats_k_oper_only = yes;
1068    
1069     /*
1070     * caller_id_wait: time between notifying a +g user that somebody
1071     * is messaging them.
1072     */
1073     caller_id_wait = 1 minute;
1074    
1075     /*
1076     * opers_bypass_callerid: allows operators to bypass +g and message
1077     * anyone who has it set (useful if you use services).
1078     */
1079     opers_bypass_callerid = no;
1080    
1081     /*
1082     * pace_wait_simple: time between use of less intensive commands
1083     * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
1084     */
1085     pace_wait_simple = 1 second;
1086    
1087     /*
1088     * pace_wait: time between more intensive commands
1089     * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
1090     */
1091     pace_wait = 10 seconds;
1092    
1093     /*
1094     * short_motd: send clients a notice telling them to read the motd
1095     * instead of forcing a motd to clients who may simply ignore it.
1096     */
1097     short_motd = no;
1098    
1099     /*
1100     * ping_cookie: require clients to respond exactly to a ping command,
1101     * can help block certain types of drones and FTP PASV mode spoofing.
1102     */
1103     ping_cookie = no;
1104    
1105     /* no_oper_flood: increase flood limits for opers. */
1106     no_oper_flood = yes;
1107    
1108     /*
1109     * true_no_oper_flood: completely eliminate flood limits for opers
1110     * and for clients with can_flood = yes in their auth {} blocks
1111     */
1112     true_no_oper_flood = yes;
1113    
1114     /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
1115     oper_pass_resv = yes;
1116    
1117     /* REMOVE ME. The following line checks you've been reading. */
1118     havent_read_conf = 1;
1119    
1120     /*
1121     * max_targets: the maximum amount of targets in a single
1122     * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1123     */
1124     max_targets = 4;
1125    
1126     /*
1127     * client_flood: maximum amount of data in a clients queue before
1128     * they are dropped for flooding.
1129     */
1130     client_flood = 2560 bytes;
1131    
1132     /*
1133     * message_locale: the default message locale
1134     * Use "standard" for the compiled in defaults.
1135     * To install the translated messages, go into messages/ in the
1136     * source directory and run `make install'.
1137     */
1138     message_locale = "standard";
1139    
1140     /*
1141     * usermodes configurable: a list of usermodes for the options below
1142     *
1143     * +b - bots - See bot and drone flooding notices
1144     * +c - cconn - Client connection/quit notices
1145 michael 959 * +C - cconn_full - Client connection/quit notices full
1146 db 897 * +D - deaf - Don't receive channel messages
1147     * +d - debug - See debugging notices
1148     * +f - full - See I: line full notices
1149     * +G - softcallerid - Server Side Ignore for users not on your channels
1150     * +g - callerid - Server Side Ignore (for privmsgs etc)
1151     * +i - invisible - Not shown in NAMES or WHO unless you share a
1152     * a channel
1153     * +k - skill - See server generated KILL messages
1154     * +l - locops - See LOCOPS messages
1155     * +n - nchange - See client nick changes
1156     * +r - rej - See rejected client notices
1157     * +s - servnotice - See general server notices
1158     * +u - unauth - See unauthorized client notices
1159     * +w - wallop - See server generated WALLOPS
1160     * +x - external - See remote server connection and split notices
1161     * +y - spy - See LINKS, STATS, TRACE notices etc.
1162     * +z - operwall - See oper generated WALLOPS
1163     */
1164    
1165     /* oper_only_umodes: usermodes only opers may set */
1166     oper_only_umodes = bots, cconn, cconn_full, debug, full, skill,
1167     nchange, rej, spy, external, operwall,
1168     locops, unauth;
1169    
1170     /* oper_umodes: default usermodes opers get when they /oper */
1171     oper_umodes = bots, locops, servnotice, operwall, wallop;
1172    
1173     /*
1174     * servlink_path: path to 'servlink' program used by ircd to handle
1175     * encrypted/compressed server <-> server links.
1176     *
1177     * only define if servlink is not in same directory as ircd itself.
1178     */
1179     #servlink_path = "/usr/local/ircd/bin/servlink";
1180    
1181     /*
1182     * default_cipher_preference: default cipher to use for cryptlink when none is
1183     * specified in connect block.
1184     */
1185     #default_cipher_preference = "BF/168";
1186    
1187     /*
1188     * use_egd: if your system does not have *random devices yet you
1189     * want to use OpenSSL and encrypted links, enable this. Beware -
1190     * EGD is *very* CPU intensive when gathering data for its pool
1191     */
1192     # use_egd = yes;
1193    
1194     /*
1195     * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
1196     * which automatically finds the path.
1197     */
1198     # egdpool_path = "/var/run/egd-pool";
1199    
1200    
1201     /*
1202     * compression_level: level of compression for compressed links between
1203     * servers.
1204     *
1205     * values are between: 1 (least compression, fastest)
1206     * and: 9 (most compression, slowest).
1207     */
1208     # compression_level = 6;
1209    
1210     /*
1211     * throttle_time: the minimum amount of time between connections from
1212     * the same ip. exempt {} blocks are excluded from this throttling.
1213     * Offers protection against flooders who reconnect quickly.
1214     * Set to 0 to disable.
1215     */
1216     throttle_time = 10;
1217     };
1218    
1219     glines {
1220     /* enable: enable glines, network wide temp klines */
1221     enable = yes;
1222    
1223     /*
1224     * duration: the amount of time a gline will remain on your
1225     * server before expiring
1226     */
1227     duration = 1 day;
1228    
1229     /*
1230 michael 1247 * log: which types of rules you want to log when triggered
1231 db 897 * (choose reject or block)
1232     */
1233 michael 1247 log = reject, block;
1234 db 897
1235     /*
1236     * NOTE: gline ACLs can cause a desync of glines throughout the
1237     * network, meaning some servers may have a gline triggered, and
1238     * others may not. Also, you only need insert rules for glines
1239     * that you want to block and/or reject. If you want to accept and
1240     * propagate the gline, do NOT put a rule for it.
1241     */
1242    
1243     /* user@host for rule to apply to */
1244     user = "god@I.still.hate.packets";
1245     /* server for rule to apply to */
1246     name = "hades.arpa";
1247    
1248     /*
1249     * action: action to take when a matching gline is found. options are:
1250     * reject - do not apply the gline locally
1251     * block - do not propagate the gline
1252     */
1253     action = reject, block;
1254    
1255     user = "god@*";
1256     name = "*";
1257     action = block;
1258     };
1259    
1260     modules {
1261     /*
1262 michael 951 * path: other paths to search for modules specified below
1263 db 897 * and in /modload.
1264     */
1265 michael 1070 path = "/usr/local/ircd/lib/ircd-hybrid/modules";
1266     path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload";
1267 db 897
1268     /* module: the name of a module to load on startup/rehash */
1269 michael 959 #module = "some_module.la";
1270 db 897 };
1271 michael 1247
1272     /*
1273     * log {}: contains information about logfiles.
1274     */
1275     log {
1276     /* Do you want to enable logging to ircd.log? */
1277     use_logging = yes;
1278     timestamp = yes;
1279    
1280     file {
1281     type = oper;
1282     name = "/home/ircd/var/log/oper.log";
1283 michael 1250 size = unlimited;
1284 michael 1247 };
1285    
1286     file {
1287     type = user;
1288 michael 1249 name = "/home/ircd/var/log/user.log";
1289 michael 1247 size = 50 megabytes;
1290     };
1291    
1292     file {
1293     type = kill;
1294     name = "/home/ircd/var/log/kill.log";
1295     size = 50 megabytes;
1296     };
1297    
1298     file {
1299     type = kline;
1300     name = "/home/ircd/var/log/kline.log";
1301     size = 50 megabytes;
1302     };
1303    
1304     file {
1305     type = dline;
1306     name = "/home/ircd/var/log/dline.log";
1307     size = 50 megabytes;
1308     };
1309    
1310     file {
1311     type = gline;
1312     name = "/home/ircd/var/log/gline.log";
1313     size = 50 megabytes;
1314     };
1315    
1316     file {
1317     type = debug;
1318     name = "/home/ircd/var/log/debug.log";
1319     size = 50 megabytes;
1320     };
1321     };

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision