ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/branches/8.2.x/doc/reference.conf
Revision: 6741
Committed: Mon Nov 9 17:22:27 2015 UTC (9 years, 9 months ago) by michael
File size: 39185 byte(s)
Log Message: 
- Increase default values of 'max_watch' and 'max_accept' to 50

File Contents

# Content
1 /*
2 * This is an example configuration file for ircd-hybrid
3 *
4 * Copyright (c) 2000-2015 ircd-hybrid development team
5 *
6 * $Id$
7 */
8
9 /*
10 * ########################################################################
11 * IMPORTANT NOTE:
12 *
13 * auth {} blocks MUST be specified in order of precedence. The first one
14 * that matches a user will be used. So place spoofs first, then specials,
15 * then general access.
16 * ########################################################################
17 *
18 * Shell style (#), C++ style (//) and C style comments are supported.
19 *
20 * Files may be included by either:
21 * .include "filename"
22 * .include <filename>
23 *
24 * Times/durations are written as:
25 * 12 hours 30 minutes 1 second
26 *
27 * Valid units of time:
28 * year, month, week, day, hour, minute, second
29 *
30 * Valid units of size:
31 * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
32 *
33 * Sizes and times may be singular or plural.
34 */
35
36
37 /*
38 * serverinfo {}: contains information about the server
39 */
40 serverinfo {
41 /*
42 * name: the name of this server. This cannot be changed at runtime.
43 */
44 name = "server.example.net";
45
46 /*
47 * sid: a server's unique ID. This is three characters long and must
48 * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
49 * a digit, followed by 2 alpha-numerical letters.
50 *
51 * NOTE: The letters must be capitalized. This cannot be changed at runtime.
52 *
53 * A sid is automatically generated at runtime, if you want to configure
54 * a specific sid, uncomment the following line.
55 */
56 # sid = "0HY";
57
58 /*
59 * description: the description of the server.
60 */
61 description = "ircd-hybrid test server";
62
63 /*
64 * network_name, network_desc: the name and description of the network this
65 * server is on. Shown in the 005 reply and used with serverhiding.
66 */
67 network_name = "MyNet";
68 network_desc = "This is My Network";
69
70 /*
71 * hub: allow this server to act as a hub and have multiple servers
72 * connected to it.
73 */
74 hub = no;
75
76 /*
77 * vhost: the IP address to bind to when we connect outward to IPv4 servers.
78 * This should be an IPv4 address, or "*" for INADDR_ANY.
79 */
80 # vhost = "192.0.2.1";
81
82 /*
83 * vhost6: the IP address to bind to when we connect outward to IPv6 servers.
84 * This should be an IPv6 address, or "*" for in6addr_any.
85 */
86 # vhost6 = "2001:DB8::1";
87
88 /*
89 * default_max_clients: the default maximum number of clients allowed
90 * to connect. This can be changed from within IRC via /QUOTE SET MAX.
91 */
92 default_max_clients = 512;
93
94 /*
95 * max_nick_length: only applies to local clients. Must be in the
96 * range of 9 to 30. Default is 9 if nothing else is specified.
97 */
98 max_nick_length = 9;
99
100 /*
101 * max_topic_length: only applies to topics set by local clients.
102 * Must be in the range of 80 to 300. Default is 80 if nothing
103 * else is specified.
104 */
105 max_topic_length = 160;
106
107 /*
108 * rsa_private_key_file: the path to the file containing the
109 * RSA key. RSA keys with less than 2048 bits are no longer
110 * supported.
111 *
112 * Example commands to store a 2048 bit RSA key in rsa.key:
113 *
114 * openssl genrsa -out rsa.key 2048
115 * chown <ircd-user>.<ircd.group> rsa.key
116 * chmod 0600 rsa.key
117 */
118 # rsa_private_key_file = "etc/rsa.key";
119
120 /*
121 * ssl_certificate_file: the path to the file containing our
122 * SSL certificate for encrypted client connection.
123 *
124 * This assumes your private RSA key is stored in rsa.key. You
125 * MUST have an RSA key in order to generate the certificate.
126 *
127 * Example command:
128 *
129 * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
130 *
131 * Please use the following values when generating the cert
132 *
133 * Organization Name: Network Name
134 * Organization Unit Name: unit.example.net
135 * Common Name: irc.example.net
136 * E-mail: email@example.net
137 */
138 # ssl_certificate_file = "etc/cert.pem";
139
140 /*
141 * ssl_dh_param_file: path to the PEM encoded Diffie-Hellman
142 * parameter file. DH parameters are required when using
143 * ciphers with EDH (ephemeral Diffie-Hellman) key exchange.
144 *
145 * A DH parameter file can be created by running:
146 *
147 * openssl dhparam -out dhparam.pem 2048
148 *
149 * Prime size must be at least 2048 bits. Further information
150 * regarding specific OpenSSL dhparam command-line options
151 * can be found in the OpenSSL manual.
152 */
153 # ssl_dh_param_file = "etc/dhparam.pem";
154
155 /*
156 * ssl_dh_elliptic_curve: defines the curve to use for the
157 * Elliptic Curve Diffie-Hellman (ECDH) algorithm.
158 * Default is ANSI X9.62 prime256v1/secp256r1 if nothing else is specified.
159 *
160 * A list of supported curves by OpenSSL can be obtained by running:
161 *
162 * openssl ecparam -list_curves
163 */
164 # ssl_dh_elliptic_curve = "secp521r1";
165
166 /*
167 * ssl_cipher_list: list of ciphers to support on _this_ server.
168 * Can be used to enforce specific ciphers for incoming SSL/TLS
169 * connections. If a client (which also includes incoming server connections)
170 * is not capable of using any of the ciphers listed here, the connection will
171 * simply be rejected.
172 *
173 * A list of supported ciphers by OpenSSL can be obtained by running:
174 *
175 * openssl ciphers -tls1 -v
176 *
177 * Multiple ciphers are separated by colons. The order of preference is
178 * from left to right.
179 */
180 # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
181
182 /*
183 * ssl_message_digest_algorithm: defines what cryptographic hash function
184 * to use for generating fingerprint hashes of X.509 certificates.
185 * Default is SHA-256 if nothing else is specified.
186 *
187 * A list of supported message digest algorithms by OpenSSL can be obtained by running:
188 *
189 * openssl list-message-digest-algorithms
190 */
191 # ssl_message_digest_algorithm = "sha256";
192 };
193
194 /*
195 * admin {}: contains administrative information about the server
196 */
197 admin {
198 name = "Smurf target";
199 description = "Main Server Administrator";
200 email = "<admin@server.example.net>";
201 };
202
203 /*
204 * class {}: contains information about classes for users
205 */
206 class {
207 /* name: the name of the class. */
208 name = "users";
209
210 /*
211 * ping_time: how often a client must reply to a PING from the
212 * server before they are dropped.
213 */
214 ping_time = 90 seconds;
215
216 /*
217 * number_per_ip: how many local users are allowed to connect
218 * from a single IP address (optional)
219 */
220 number_per_ip = 2;
221
222 /*
223 * max_local: how many local users are allowed to connect
224 * from a single ident@host (optional)
225 */
226 max_local = 2;
227
228 /*
229 * max_global: network-wide limit of users per ident@host (optional)
230 */
231 max_global = 10;
232
233 /*
234 * max_number: the maximum number of users allowed in this class (optional)
235 */
236 max_number = 100;
237
238 /*
239 * The following lines are optional and allow you to define
240 * how many users can connect from one /NN subnet.
241 */
242 cidr_bitlen_ipv4 = 24;
243 cidr_bitlen_ipv6 = 120;
244 number_per_cidr = 16;
245
246 /*
247 * sendq: the amount of data allowed in a client's send queue before
248 * they are dropped.
249 */
250 sendq = 100 kbytes;
251
252 /*
253 * recvq: the amount of data allowed in a client's receive queue before
254 * they are dropped for flooding. Defaults to 2560 if the chosen value
255 * isn't within the range of 512 to 8000.
256 */
257 recvq = 2560 bytes;
258 };
259
260 class {
261 name = "opers";
262 ping_time = 90 seconds;
263 number_per_ip = 10;
264 max_number = 100;
265 sendq = 100 kbytes;
266
267 /*
268 * max_channels: maximum number of channels users in this class can join.
269 */
270 max_channels = 60;
271
272 /*
273 * min_idle: minimum idle time that is shown in WHOIS.
274 */
275 min_idle = 3 hours;
276
277 /*
278 * max_idle: maximum idle time that is shown in WHOIS.
279 */
280 max_idle = 8 hours;
281
282 /*
283 * flags:
284 *
285 * random_idle - a fake idle time is set randomly between
286 * min_idle and max_idle
287 * hide_idle_from_opers - the fake idle time will also be shown to operators
288 */
289 flags = random_idle, hide_idle_from_opers;
290 };
291
292 class {
293 name = "server";
294 ping_time = 90 seconds;
295
296 /*
297 * connectfreq: only used in server classes. Specifies the delay
298 * between autoconnecting to servers.
299 */
300 connectfreq = 5 minutes;
301
302 /* max number: the number of servers to autoconnect to. */
303 max_number = 1;
304
305 /* sendq: servers need a higher sendq as they send more data. */
306 sendq = 2 megabytes;
307 };
308
309 /*
310 * motd {}: Allows the display of a different MOTD to a client
311 * depending on its origin. Applies to local users only.
312 */
313 motd {
314 /*
315 * mask: multiple mask entries are permitted. Mask can either be
316 * a class name or a hostname. CIDR is supported.
317 */
318 mask = "*.at";
319 mask = "*.de";
320 mask = "*.ch";
321
322 /*
323 * file: path to the actual motd file.
324 */
325 file = "etc/german.motd";
326 };
327
328 /*
329 * listen {}: contains information about the ports ircd listens on
330 */
331 listen {
332 /*
333 * port: the port to listen on. If no host is specified earlier in the
334 * listen {} block, it will listen on all available IP addresses.
335 *
336 * Ports are separated by commas; a range may be specified using ".."
337 */
338
339 /* port: listen on all available IP addresses, ports 6665 to 6669. */
340 port = 6665 .. 6669;
341
342 /*
343 * Listen on 192.0.2.2/6697 with SSL enabled and hidden from STATS P
344 * unless you are an administrator.
345 *
346 * NOTE: The "flags" directive always has to come before "port".
347 *
348 * Currently available flags are:
349 *
350 * ssl - Port may only accept TLS/SSL connections
351 * server - Only server connections are permitted
352 * hidden - Port is hidden from /stats P, unless you're an admin
353 */
354 flags = hidden, ssl;
355 host = "192.0.2.2";
356 port = 6697;
357
358 /*
359 * host: set a specific IP address to listen on using the
360 * subsequent port definitions. This may be IPv4 or IPv6.
361 */
362 host = "192.0.2.3";
363 port = 7000, 7001;
364
365 host = "2001:DB8::2";
366 port = 7002;
367 };
368
369 /*
370 * auth {}: allow users to connect to the ircd
371 */
372 auth {
373 /*
374 * user: the user@host allowed to connect. Multiple user
375 * lines are permitted within each auth {} block.
376 */
377 user = "*@192.0.2.0/24";
378 user = "*test@2001:DB8:*";
379
380 /* password: an optional password that is required to use this block. */
381 password = "letmein";
382
383 /*
384 * encrypted: controls whether the auth password above has been
385 * encrypted. Default is 'no' if nothing else is specified.
386 */
387 encrypted = yes;
388
389 /*
390 * spoof: fake the user's host to this. This is free-form, just do
391 * everyone a favor and don't abuse it. ('=' prefix on /stats I)
392 */
393 spoof = "I.still.hate.packets";
394
395 /* class: the class the user is placed in. */
396 class = "opers";
397
398 /*
399 * need_password - don't allow users who haven't supplied the correct | ('&' prefix on /stats I if disabled)
400 * password to connect using another auth {} block
401 * need_ident - require the user to have identd to connect | ('+' prefix on /stats I)
402 * spoof_notice - enable spoofing notification to admins
403 * exceed_limit - allow a user to exceed class limits | ('>' prefix on /stats I)
404 * kline_exempt - exempt this user from k-lines | ('^' prefix on /stats I)
405 * xline_exempt - exempt this user from x-lines | ('!' prefix on /stats I)
406 * resv_exempt - exempt this user from resvs | ('$' prefix on /stats I)
407 * no_tilde - remove ~ from a user with no ident | ('-' prefix on /stats I)
408 * can_flood - allow this user to exceed flood limits | ('|' prefix on /stats I)
409 * webirc - enables WEBIRC authentication for web-based | ('<' prefix on /stats I)
410 * clients such as Mibbit
411 */
412 flags = need_password, spoof_notice, exceed_limit, kline_exempt,
413 xline_exempt, resv_exempt, no_tilde, can_flood;
414 };
415
416 auth {
417 /*
418 * redirserv, redirport: the server and port to redirect a user to.
419 * A user does not have to obey the redirection; the ircd just
420 * suggests an alternative server for them.
421 */
422 redirserv = "server2.example.net";
423 redirport = 6667;
424
425 user = "*@*.ch";
426
427 /* class: a class is required even though it is not used. */
428 class = "users";
429 };
430
431 auth {
432 user = "*@*";
433 class = "users";
434 flags = need_ident;
435 };
436
437 /*
438 * operator {}: defines ircd operators
439 */
440 operator {
441 /* name: the name of the operator */
442 name = "sheep";
443
444 /*
445 * user: the user@host required for this operator. Multiple user
446 * lines are permitted within each operator {} block.
447 */
448 user = "*sheep@192.0.2.0/26";
449 user = "*@192.0.2.240/28";
450
451 /*
452 * password: the password required to oper. By default this will need
453 * to be encrypted by using the provided mkpasswd tool.
454 * The availability of various password hashing algorithms may vary
455 * depending on the system's crypt(3) implementation.
456 */
457 password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4";
458
459 /*
460 * encrypted: controls whether the oper password above has been
461 * encrypted. Default is 'yes' if nothing else is specified.
462 */
463 encrypted = yes;
464
465 /*
466 * ssl_certificate_fingerprint: enhances security by additionally checking
467 * the oper's client certificate fingerprint against the specified
468 * fingerprint below.
469 *
470 * Hint: your users can use the following command to obtain a SHA-256 hash
471 * of their ssl certificate:
472 *
473 * openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g'
474 */
475 # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
476
477 /*
478 * ssl_connection_required: client must be connected over SSL/TLS
479 * in order to be able to use this operator {} block.
480 * Default is 'no' if nothing else is specified.
481 */
482 ssl_connection_required = no;
483
484 /* class: the class the oper joins when they successfully OPER. */
485 class = "opers";
486
487 /*
488 * whois: allows to override the default RPL_WHOISOPERATOR numeric
489 * string shown in /whois.
490 * This string is propagated to all servers on the network.
491 */
492 # whois = "is a Smurf Target (IRC Operator)";
493
494 /*
495 * umodes: the default user modes opers get when they successfully OPER.
496 * If defined, it will override oper_umodes settings in general {}.
497 * Available user modes:
498 *
499 * +b - bots - See bot and drone flooding notices
500 * +c - cconn - Client connection/quit notices
501 * +D - deaf - Don't receive channel messages
502 * +d - debug - See debugging notices
503 * +e - external - See remote server connection and split notices
504 * +F - farconnect - Remote client connection/quit notices
505 * +f - full - See auth {} block full notices
506 * +G - softcallerid - Server Side Ignore for users not on your channels
507 * +g - callerid - Server Side Ignore (for privmsgs etc)
508 * +H - hidden - Hides operator status to other users
509 * +i - invisible - Not shown in NAMES or WHO unless you share a channel
510 * +j - rej - See rejected client notices
511 * +k - skill - See server generated KILL messages
512 * +l - locops - See LOCOPS messages
513 * +n - nchange - See client nick changes
514 * +p - hidechans - Hides channel list in WHOIS
515 * +q - hideidle - Hides idle and signon time in WHOIS
516 * +R - nononreg - Only receive private messages from registered clients
517 * +s - servnotice - See general server notices
518 * +u - unauth - See unauthorized client notices
519 * +w - wallop - See server generated WALLOPS
520 * +y - spy - See LINKS, STATS, TRACE notices etc.
521 */
522 umodes = locops, servnotice, wallop;
523
524 /*
525 * flags: controls the activities and commands an oper is
526 * allowed to do on the server. All flags default to 'no'.
527 * Available flags:
528 *
529 * admin - gives administrator privileges | ('A' flag)
530 * close - allows CLOSE | ('B' flag)
531 * connect - allows local CONNECT | ('C' flag)
532 * connect:remote - allows remote CONNECT | ('D' flag)
533 * die - allows DIE | ('E' flag)
534 * dline - allows DLINE | ('F' flag)
535 * globops - allows GLOBOPS | ('G' flag)
536 * join:resv - allows to JOIN resv {} channels | ('H' flag)
537 * kill - allows to KILL local clients | ('I' flag)
538 * kill:remote - allows remote users to be /KILL'd | ('J' flag)
539 * kline - allows KLINE | ('K' flag)
540 * locops - allows LOCOPS | ('L' flag)
541 * module - allows MODULE | ('M' flag)
542 * nick:resv - allows to use NICK on resv {} nicks | ('N' flag)
543 * opme - allows OPME | ('O' flag)
544 * rehash - allows oper to REHASH config | ('P' flag)
545 * remoteban - allows remote KLINE/UNKLINE | ('Q' flag)
546 * restart - allows RESTART | ('R' flag)
547 * resv - allows RESV | ('S' flag)
548 * set - allows SET | ('T' flag)
549 * squit - allows local SQUIT | ('U' flag)
550 * squit:remote - allows remote SQUIT | ('V' flag)
551 * undline - allows UNDLINE | ('W' flag)
552 * unkline - allows UNKLINE | ('X' flag)
553 * unresv - allows UNRESV | ('Y' flag)
554 * unxline - allows UNXLINE | ('Z' flag)
555 * wallops - allows WALLOPS | ('a' flag)
556 * xline - allows XLINE | ('b' flag)
557 */
558 flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
559 kline, module, rehash, restart, set, unkline, unxline, xline;
560 };
561
562 /*
563 * connect {}: define a server to connect to
564 */
565 connect {
566 /* name: the name of the server. */
567 name = "uplink.example.net";
568
569 /*
570 * host: the host or IP address to connect to. If a hostname is used it
571 * must match the reverse DNS of the server.
572 */
573 host = "192.0.2.4";
574
575 /*
576 * vhost: the IP address to bind to when making outgoing connections to
577 * servers.
578 * serverinfo::vhost and serverinfo::vhost6 will be overridden
579 * by this directive.
580 */
581 vhost = "192.0.2.5";
582
583 /*
584 * send_password, accept_password: the passwords to send and accept.
585 * The remote server will have these passwords swapped.
586 */
587 send_password = "password";
588 accept_password = "anotherpassword";
589
590 /*
591 * encrypted: controls whether the accept_password above has been
592 * encrypted.
593 */
594 encrypted = no;
595
596 /* port: the port to connect to this server on. */
597 port = 6666;
598
599 /*
600 * hub_mask: the mask of servers that this server may hub. Multiple
601 * entries are permitted.
602 */
603 hub_mask = "*";
604
605 /*
606 * leaf_mask: the mask of servers this server may not hub. Multiple
607 * entries are permitted. Useful for forbidding EU -> US -> EU routes.
608 */
609 # leaf_mask = "*.uk";
610
611 /* class: the class this server is in. */
612 class = "server";
613
614 /*
615 * ssl_cipher_list: list of ciphers that the server we are connecting to
616 * must support. If the server is not capable of using any of the ciphers
617 * listed below, the connection will simply be rejected.
618 * Can be used to enforce stronger ciphers, even though this option
619 * is not necessarily required to establish a SSL/TLS connection.
620 *
621 * Multiple ciphers are separated by colons. The order of preference
622 * is from left to right.
623 */
624 # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
625
626 /*
627 * ssl_certificate_fingerprint: enhances security by additionally checking
628 * the server's client certificate fingerprint against the specified
629 * fingerprint below.
630 */
631 # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
632
633 /*
634 * autoconn - controls whether we autoconnect to this server or not,
635 * dependent on class limits. By default, this is disabled.
636 * ssl - Initiates a TLS/SSL connection.
637 */
638 # flags = autoconn, ssl;
639 };
640
641 connect {
642 name = "ipv6.example.net";
643 host = "2001:DB8::3";
644 send_password = "password";
645 accept_password = "password";
646 port = 6666;
647
648 /*
649 * aftype: controls whether the connection uses "ipv4" or "ipv6".
650 * Default is ipv4.
651 */
652 aftype = ipv6;
653 class = "server";
654 };
655
656 /*
657 * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
658 * automatically
659 */
660 cluster {
661 /*
662 * name: the server to share with; this can take wildcards
663 *
664 * NOTE: only local actions will be clustered, meaning that if
665 * the server receives a shared kline/unkline/etc, it
666 * will not be propagated to clustered servers.
667 *
668 * Remote servers are not necessarily required to accept
669 * clustered lines, they need a shared {} block for *THIS*
670 * server in order to accept them.
671 */
672 name = "*.example.net";
673
674 /*
675 * type: list of what to share; options are as follows:
676 * dline - share dlines
677 * undline - share undlines
678 * kline - share klines
679 * unkline - share unklines
680 * xline - share xlines
681 * unxline - share unxlines
682 * resv - share resvs
683 * unresv - share unresvs
684 * locops - share locops
685 * all - share all of the above (default)
686 */
687 type = kline, unkline, locops, xline, resv;
688 };
689
690 /*
691 * shared {}: users that are allowed to remote kline
692 *
693 * NOTE: This can effectively be used for remote klines.
694 * Please note that there is no password authentication
695 * for users setting remote klines. You must also be
696 * /oper'd in order to issue a remote kline.
697 */
698 shared {
699 /*
700 * name: the server the user must be connected to in order to set klines.
701 * If this is not specified, the user will be allowed to kline from all
702 * servers.
703 */
704 name = "irc2.example.net";
705
706 /*
707 * user: the user@host mask that is allowed to set klines. If this is
708 * not specified, all users on the server above will be allowed to set
709 * a remote kline.
710 */
711 user = "oper@my.host.is.spoofed";
712
713 /*
714 * type: list of what to share, options are as follows:
715 * dline - allow oper/server to dline
716 * undline - allow oper/server to undline
717 * kline - allow oper/server to kline
718 * unkline - allow oper/server to unkline
719 * xline - allow oper/server to xline
720 * unxline - allow oper/server to unxline
721 * resv - allow oper/server to resv
722 * unresv - allow oper/server to unresv
723 * locops - allow oper/server to locops - only used for servers that cluster
724 * all - allow oper/server to do all of the above (default)
725 */
726 type = kline, unkline, resv;
727 };
728
729 /*
730 * kill {}: users that are not allowed to connect
731 * Oper issued klines will be added to the specified kline database
732 */
733 kill {
734 user = "bad@*.example.net";
735 reason = "Obviously hacked account";
736 };
737
738 /*
739 * deny {}: IP addresses that are not allowed to connect
740 * (before DNS/ident lookup)
741 * Oper issued dlines will be added to the specified dline database
742 */
743 deny {
744 ip = "192.0.2.0/28";
745 reason = "Reconnecting vhosted bots";
746 };
747
748 /*
749 * exempt {}: IP addresses that are exempt from deny {} and Dlines
750 */
751 exempt {
752 ip = "192.0.2.240/28";
753 };
754
755 /*
756 * resv {}: nicks and channels users may not use/join
757 */
758 resv { mask = "clone*"; reason = "Clone bots"; };
759 resv { mask = "Global"; reason = "Reserved for services"; };
760 resv { mask = "ChanServ"; reason = "Reserved for services"; };
761 resv { mask = "NickServ"; reason = "Reserved for services"; };
762 resv { mask = "OperServ"; reason = "Reserved for services"; };
763 resv { mask = "MemoServ"; reason = "Reserved for services"; };
764 resv { mask = "BotServ"; reason = "Reserved for services"; };
765 resv { mask = "HelpServ"; reason = "Reserved for services"; };
766 resv { mask = "HostServ"; reason = "Reserved for services"; };
767 resv { mask = "StatServ"; reason = "Reserved for services"; };
768 resv { mask = "#*services*"; reason = "Reserved for services"; };
769
770 resv {
771 /*
772 * mask: masks starting with a '#' are automatically considered
773 * as channel name masks.
774 */
775 mask = "#helsinki";
776 reason = "Channel is reserved for Finnish inhabitants";
777
778 /*
779 * exempt: can be either a ISO 3166 alpha-2 two letter country
780 * code, or a nick!user@host mask. CIDR is supported. Exempt
781 * entries can be stacked.
782 */
783 exempt = "FI";
784 };
785
786 /*
787 * gecos {}: used for banning users based on their "realname".
788 */
789 gecos {
790 name = "*sex*";
791 reason = "Possible spambot";
792 };
793
794 gecos {
795 name = "sub7server";
796 reason = "Trojan drone";
797 };
798
799 /*
800 * service {}: specifies a server which may act as a network service
801 *
802 * NOTE: it is very important that every server on the network
803 * has the same service {} block.
804 */
805 service {
806 name = "service.example.net";
807 name = "stats.example.net";
808 };
809
810 /*
811 * pseudo {}: adds pseudo/custom commands also known as service aliases
812 */
813 pseudo {
814 /* command: the actual command/alias. */
815 command = "IDENTIFY";
816
817 /* prepend: optional text that can be prepended before the user's message. */
818 prepend = "IDENTIFY ";
819
820 /* name: the service name, used for error messages. */
821 name = "NickServ";
822
823 /* target: the actual target where this message should be sent to. */
824 target = "NickServ@service.example.net";
825 };
826
827 pseudo {
828 command = "CHANSERV";
829 name = "ChanServ";
830 target = "ChanServ@service.example.net";
831 };
832
833 pseudo {
834 command = "CS";
835 name = "ChanServ";
836 target = "ChanServ@service.example.net";
837 };
838
839 pseudo {
840 command = "NICKSERV";
841 name = "NickServ";
842 target = "NickServ@service.example.net";
843 };
844
845 pseudo {
846 command = "NS";
847 name = "NickServ";
848 target = "NickServ@service.example.net";
849 };
850
851 pseudo {
852 command = "MEMOSERV";
853 name = "MemoServ";
854 target = "MemoServ@service.example.net";
855 };
856
857 pseudo {
858 command = "MS";
859 name = "MemoServ";
860 target = "MemoServ@service.example.net";
861 };
862
863 pseudo {
864 command = "OPERSERV";
865 name = "OperServ";
866 target = "OperServ@service.example.net";
867 };
868
869 pseudo {
870 command = "OS";
871 name = "OperServ";
872 target = "OperServ@service.example.net";
873 };
874
875 pseudo {
876 command = "HOSTSERV";
877 name = "HostServ";
878 target = "HostServ@service.example.net";
879 };
880
881 pseudo {
882 command = "HS";
883 name = "HostServ";
884 target = "HostServ@service.example.net";
885 };
886
887 pseudo {
888 command = "BOTSERV";
889 name = "BotServ";
890 target = "BotServ@service.example.net";
891 };
892
893 pseudo {
894 command = "BS";
895 name = "BotServ";
896 target = "BotServ@service.example.net";
897 };
898
899 /*
900 * channel {}: the channel block contains options pertaining to channels
901 */
902 channel {
903 /*
904 * disable_fake_channels: this option, if set to 'yes', will
905 * disallow clients from creating or joining channels that have one
906 * of the following ASCII characters in their name:
907 *
908 * 2 | bold
909 * 3 | mirc color
910 * 15 | plain text
911 * 22 | reverse
912 * 29 | italic
913 * 31 | underline
914 * 160 | non-breaking space
915 */
916 disable_fake_channels = yes;
917
918 /*
919 * invite_client_count, invite_client_time: how many INVITE commands
920 * are permitted per client per invite_client_time.
921 */
922 invite_client_count = 10;
923 invite_client_time = 5 minutes;
924
925 /*
926 * knock_client_count, knock_client_time: how many KNOCK commands
927 * are permitted per client per knock_client_time.
928 */
929 knock_client_count = 1;
930 knock_client_time = 5 minutes;
931
932 /*
933 * knock_delay_channel: how often a KNOCK to any specific channel
934 * is permitted, regardless of the user sending the KNOCK.
935 */
936 knock_delay_channel = 1 minute;
937
938 /*
939 * max_channels: the maximum number of channels a user can join/be on.
940 * This is a default value which can be overriden with class {} blocks.
941 */
942 max_channels = 25;
943
944 /* max_bans: maximum number of +b/e/I modes in a channel. */
945 max_bans = 100;
946
947 /*
948 * default_join_flood_count, default_join_flood_time:
949 * how many joins in how many seconds constitute a flood. Use 0 to disable.
950 * +b opers will be notified. These are only default values which can be
951 * changed via "/QUOTE SET JFLOODCOUNT" and "/QUOTE SET JFLOODTIME".
952 */
953 default_join_flood_count = 18;
954 default_join_flood_time = 6 seconds;
955 };
956
957 /*
958 * serverhide {}: the serverhide block contains the options regarding
959 * to server hiding. For more information regarding server hiding,
960 * please see doc/serverhide.txt
961 */
962 serverhide {
963 /*
964 * disable_remote_commands: disable users issuing commands
965 * on remote servers.
966 */
967 disable_remote_commands = no;
968
969 /*
970 * flatten_links: this option will show all servers in /links appear
971 * as though they are linked to this current server.
972 */
973 flatten_links = no;
974
975 /*
976 * flatten_links_delay: how often to update the links file when it is
977 * flattened.
978 */
979 flatten_links_delay = 5 minutes;
980
981 /*
982 * flatten_links_file: path to the flatten links cache file.
983 */
984 flatten_links_file = "var/lib/links.txt";
985
986 /*
987 * hidden: hide this server from a /links output on servers that
988 * support it. This allows hub servers to be hidden etc.
989 */
990 hidden = no;
991
992 /*
993 * hide_servers: hide remote servernames everywhere and instead use
994 * hidden_name and network_desc.
995 */
996 hide_servers = no;
997
998 /*
999 * hide_services: define this if you want to hide the location of
1000 * services servers that are specified in the service {} block.
1001 */
1002 hide_services = no;
1003
1004 /*
1005 * hidden_name: use this as the servername users see if hide_servers = yes.
1006 */
1007 hidden_name = "*.example.net";
1008
1009 /*
1010 * hide_server_ips: if this is disabled, opers will be unable to see
1011 * servers' IP addresses and will be shown a masked IP address; admins
1012 * will be shown the real IP address.
1013 *
1014 * If this is enabled, nobody can see a server's IP address.
1015 * *This is a kludge*: it has the side effect of hiding the IP addresses
1016 * everywhere, including logfiles.
1017 *
1018 * We recommend you leave this disabled, and just take care with who you
1019 * give administrator privileges to.
1020 */
1021 hide_server_ips = no;
1022 };
1023
1024 /*
1025 * general {}: the general block contains many of the options that were once
1026 * compiled in options in config.h
1027 */
1028 general {
1029 /*
1030 * cycle_on_host_change: sends a fake QUIT/JOIN combination
1031 * when services change the hostname of a specific client.
1032 */
1033 cycle_on_host_change = yes;
1034
1035 /* max_watch: maximum WATCH entries a client can have. */
1036 max_watch = 50;
1037
1038 /* max_accept: maximum allowed /accept's for +g user mode. */
1039 max_accept = 50;
1040
1041 /*
1042 * dline_min_cidr: the minimum required length of a CIDR bitmask
1043 * for IPv4 based D-lines.
1044 */
1045 dline_min_cidr = 16;
1046
1047 /*
1048 * dline_min_cidr6: the minimum required length of a CIDR bitmask
1049 * for IPv6 based D-lines.
1050 */
1051 dline_min_cidr6 = 48;
1052
1053 /*
1054 * kline_min_cidr: the minimum required length of a CIDR bitmask
1055 * for IPv4 based K-lines.
1056 */
1057 kline_min_cidr = 16;
1058
1059 /*
1060 * kline_min_cidr6: the minimum required length of a CIDR bitmask
1061 * for IPv6 based K-lines.
1062 */
1063 kline_min_cidr6 = 48;
1064
1065 /*
1066 * invisible_on_connect: whether to automatically set user mode +i
1067 * on connecting users.
1068 */
1069 invisible_on_connect = yes;
1070
1071 /*
1072 * kill_chase_time_limit: KILL chasing is a feature whereby a KILL
1073 * issued for a user who has recently changed nickname will be applied
1074 * automatically to the new nick. kill_chase_time_limit is the maximum
1075 * time following a nickname change that this chasing will apply.
1076 */
1077 kill_chase_time_limit = 30 seconds;
1078
1079 /*
1080 * ignore_bogus_ts: ignore bogus timestamps from other servers.
1081 * Yes, this will desync the network, but it will allow chanops
1082 * to resync with a valid non TS 0.
1083 *
1084 * This should be enabled network wide, or not at all.
1085 */
1086 ignore_bogus_ts = no;
1087
1088 /*
1089 * disable_auth: completely disable ident lookups; if you enable this,
1090 * be careful of what you set need_ident to in your auth {} blocks.
1091 */
1092 disable_auth = no;
1093
1094 /*
1095 * tkline_expire_notices: enables or disables temporary kline/xline
1096 * expire notices.
1097 */
1098 tkline_expire_notices = no;
1099
1100 /*
1101 * default_floodcount: the default value of floodcount that is configurable
1102 * via /quote set floodcount. This is the number of lines a user may send
1103 * to any other user/channel in one second. Set to 0 to disable.
1104 */
1105 default_floodcount = 10;
1106
1107 /*
1108 * failed_oper_notice: send a notice to all opers on the server when
1109 * someone tries to OPER and uses the wrong password, host or ident.
1110 */
1111 failed_oper_notice = yes;
1112
1113 /*
1114 * dots_in_ident: the number of '.' characters permitted in an ident
1115 * reply before the user is rejected.
1116 */
1117 dots_in_ident = 2;
1118
1119 /*
1120 * min_nonwildcard: the minimum number of non-wildcard characters in
1121 * k/d lines placed via the server. K-lines hand-placed are exempt from
1122 * this limit.
1123 * Wildcard characters: '.', ':', '*', '?'
1124 */
1125 min_nonwildcard = 4;
1126
1127 /*
1128 * min_nonwildcard_simple: the minimum number of non-wildcard characters
1129 * in gecos bans. Wildcard characters: '*', '?'
1130 */
1131 min_nonwildcard_simple = 3;
1132
1133 /* anti_nick_flood: enable the nickflood control code. */
1134 anti_nick_flood = yes;
1135
1136 /*
1137 * max_nick_changes, max_nick_time: the number of nick changes allowed in
1138 * the specified period.
1139 */
1140 max_nick_changes = 5;
1141 max_nick_time = 20 seconds;
1142
1143 /*
1144 * away_count, away_time: how many AWAY command are permitted per
1145 * client per away_time.
1146 */
1147 away_count = 2;
1148 away_time = 10 seconds;
1149
1150 /*
1151 * anti_spam_exit_message_time: the minimum time a user must be connected
1152 * before custom quit messages are allowed.
1153 */
1154 anti_spam_exit_message_time = 5 minutes;
1155
1156 /*
1157 * ts_warn_delta, ts_max_delta: the time delta allowed between server
1158 * clocks before a warning is given, or before the link is dropped.
1159 * All servers should run ntpdate/rdate to keep clocks in sync.
1160 */
1161 ts_warn_delta = 3 seconds;
1162 ts_max_delta = 15 seconds;
1163
1164 /*
1165 * warn_no_connect_block: warn opers about servers that try to connect
1166 * but for which we don't have a connect {} block. Twits with
1167 * misconfigured servers can become really annoying with this enabled.
1168 */
1169 warn_no_connect_block = yes;
1170
1171 /*
1172 * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1173 * operators and administrators. Doing so is a good idea in case
1174 * there are any exempted (exempt {}) server IP addresses you don't
1175 * want to see leaked.
1176 */
1177 stats_e_disabled = no;
1178
1179 /* stats_m_oper_only: make /stats m/M (messages) oper only. */
1180 stats_m_oper_only = yes;
1181
1182 /* stats_o_oper_only: make stats o (opers) oper only. */
1183 stats_o_oper_only = yes;
1184
1185 /* stats_P_oper_only: make stats P (ports) oper only. */
1186 stats_P_oper_only = yes;
1187
1188 /* stats_u_oper_only: make stats u (uptime) oper only. */
1189 stats_u_oper_only = no;
1190
1191 /*
1192 * stats_i_oper_only: make stats i (auth {}) oper only. Set to:
1193 * yes - show users no auth {} blocks, made oper only
1194 * masked - show users the first matching auth {} block
1195 * no - show users all auth {} blocks
1196 */
1197 stats_i_oper_only = yes;
1198
1199 /*
1200 * stats_k_oper_only: make stats k/K (klines) oper only. Set to:
1201 * yes - show users no klines, made oper only
1202 * masked - show users the first matching kline
1203 * no - show users all klines
1204 */
1205 stats_k_oper_only = yes;
1206
1207 /*
1208 * caller_id_wait: time between notifying a +g user that somebody
1209 * is messaging them.
1210 */
1211 caller_id_wait = 1 minute;
1212
1213 /*
1214 * opers_bypass_callerid: allows operators to bypass +g and message
1215 * anyone who has it set.
1216 */
1217 opers_bypass_callerid = no;
1218
1219 /*
1220 * pace_wait_simple: minimum time required between use of less
1221 * intensive commands
1222 * (ADMIN, HELP, LUSERS, VERSION, remote WHOIS)
1223 */
1224 pace_wait_simple = 1 second;
1225
1226 /*
1227 * pace_wait: minimum time required between use of more intensive commands
1228 * (INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS)
1229 */
1230 pace_wait = 10 seconds;
1231
1232 /*
1233 * short_motd: send clients a notice telling them to read the MOTD
1234 * instead of forcing an MOTD to clients who may simply ignore it.
1235 */
1236 short_motd = no;
1237
1238 /*
1239 * ping_cookie: require clients to respond exactly to a PING command,
1240 * can help block certain types of drones and FTP PASV mode spoofing.
1241 */
1242 ping_cookie = no;
1243
1244 /* no_oper_flood: increase flood limits for opers. */
1245 no_oper_flood = yes;
1246
1247 /*
1248 * max_targets: the maximum number of targets in a single
1249 * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1250 */
1251 max_targets = 4;
1252
1253 /*
1254 * user modes configurable: a list of user modes for the options below
1255 *
1256 * +b - bots - See bot and drone flooding notices
1257 * +c - cconn - Client connection/quit notices
1258 * +D - deaf - Don't receive channel messages
1259 * +d - debug - See debugging notices
1260 * +e - external - See remote server connection and split notices
1261 * +F - farconnect - Remote client connection/quit notices
1262 * +f - full - See auth {} block full notices
1263 * +G - softcallerid - Server Side Ignore for users not on your channels
1264 * +g - callerid - Server Side Ignore (for privmsgs etc)
1265 * +H - hidden - Hides operator status to other users
1266 * +i - invisible - Not shown in NAMES or WHO unless you share a channel
1267 * +j - rej - See rejected client notices
1268 * +k - skill - See server generated KILL messages
1269 * +l - locops - See LOCOPS messages
1270 * +n - nchange - See client nick changes
1271 * +p - hidechans - Hides channel list in WHOIS
1272 * +q - hideidle - Hides idle and signon time in WHOIS
1273 * +R - nononreg - Only receive private messages from registered clients
1274 * +s - servnotice - See general server notices
1275 * +u - unauth - See unauthorized client notices
1276 * +w - wallop - See server generated WALLOPS
1277 * +y - spy - See LINKS, STATS, TRACE notices etc.
1278 */
1279
1280 /* oper_only_umodes: user modes only operators may set. */
1281 oper_only_umodes = bots, cconn, debug, external, farconnect, full, hidden,
1282 locops, nchange, rej, skill, spy, unauth;
1283
1284 /* oper_umodes: default user modes operators get when they successfully OPER. */
1285 oper_umodes = bots, locops, servnotice, wallop;
1286
1287 /*
1288 * throttle_count: the maximum number of connections from the same
1289 * IP address allowed in throttle_time duration.
1290 */
1291 throttle_count = 1;
1292
1293 /*
1294 * throttle_time: the minimum amount of time required between
1295 * connections from the same IP address. exempt {} blocks are
1296 * excluded from this throttling.
1297 * Offers protection against flooders who reconnect quickly.
1298 * Set to 0 to disable.
1299 */
1300 throttle_time = 2 seconds;
1301 };
1302
1303 modules {
1304 /*
1305 * path: other paths to search for modules specified below
1306 * and in "/module load".
1307 */
1308 path = "lib/ircd-hybrid/modules";
1309 # path = "lib/ircd-hybrid/modules/extra";
1310 path = "lib/ircd-hybrid/modules/autoload";
1311
1312 /* module: the name of a module to load on startup/rehash. */
1313 # module = "some_module.la";
1314 };
1315
1316 /*
1317 * log {}: contains information about logfiles.
1318 */
1319 log {
1320 /* Do you want to enable logging to ircd.log? */
1321 use_logging = yes;
1322
1323 file {
1324 type = oper;
1325 name = "var/log/oper.log";
1326 size = unlimited;
1327 };
1328
1329 file {
1330 type = user;
1331 name = "var/log/user.log";
1332 size = 50 megabytes;
1333 };
1334
1335 file {
1336 type = kill;
1337 name = "var/log/kill.log";
1338 size = 50 megabytes;
1339 };
1340
1341 file {
1342 type = kline;
1343 name = "var/log/kline.log";
1344 size = 50 megabytes;
1345 };
1346
1347 file {
1348 type = dline;
1349 name = "var/log/dline.log";
1350 size = 50 megabytes;
1351 };
1352
1353 file {
1354 type = xline;
1355 name = "var/log/xline.log";
1356 size = 50 megabytes;
1357 };
1358
1359 file {
1360 type = resv;
1361 name = "var/log/resv.log";
1362 size = 50 megabytes;
1363 };
1364
1365 file {
1366 type = debug;
1367 name = "var/log/debug.log";
1368 size = 50 megabytes;
1369 };
1370 };

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision