ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/doc/reference.conf
Revision: 912
Committed: Wed Nov 7 22:47:44 2007 UTC (17 years, 9 months ago) by michael
Original Path: ircd-hybrid-7.2/etc/example.conf.in
File size: 35930 byte(s)
Log Message: 
- Implemented libtool-ltdl. Only shared modules are supported currently
- Several build fixes and cleanups. ircd now builds and runs without any problems
- Added back all files to SVN that are needed to built the daemon
  I really don't want to force other people that want to test the snapshots
  or svn versions to install yyacc, lex, automake, autoconf and libtool...
  No problem having required files in svn
- Removed some automake maintainer stuff which is kinda useless for us

File Contents

# Content
1 /* doc/example.conf - ircd-hybrid-7 Example configuration file
2 * Copyright (C) 2000-2006 Hybrid Development Team
3 *
4 * Written by ejb, wcampbel, db, leeh and others
5 * Other example configurations can be found in the source dir under
6 * etc/.
7 *
8 * $Id$
9 */
10
11 /* IMPORTANT NOTES:
12 *
13 * auth {} blocks MUST be specified in order of precedence. The first one
14 * that matches a user will be used. So place spoofs first, then specials,
15 * then general access.
16 *
17 * Shell style (#), C++ style (//) and C style comments are supported.
18 *
19 * Files may be included by either:
20 * .include "filename"
21 * .include <filename>
22 *
23 * Times/durations are written as:
24 * 12 hours 30 minutes 1 second
25 *
26 * Valid units of time:
27 * month, week, day, hour, minute, second
28 *
29 * Valid units of size:
30 * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
31 *
32 * Sizes and times may be singular or plural.
33 */
34
35 /* EFNET NOTE:
36 *
37 * This config file is NOT suitable for EFNet. EFNet admins should use
38 * example.efnet.conf
39 */
40
41 /*
42 * serverinfo {}: contains information about the server. (OLD M:)
43 */
44 serverinfo {
45 /*
46 * name: the name of our server. This cannot be changed at runtime.
47 */
48 name = "hades.arpa";
49
50 /*
51 * sid: a server's unique ID. This is three characters long and must
52 * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
53 * a digit, followed by 2 alpha-numerical letters.
54 * NOTE: The letters must be capitalized. This cannot be changed at runtime.
55 */
56 sid = "_CHANGE_ME_";
57
58 /*
59 * description: the description of the server. '[' and ']' may not
60 * be used here for compatibility with older servers.
61 */
62 description = "hybrid-7 test server";
63
64 /*
65 * network info: the name and description of the network this server
66 * is on. Shown in the 005 reply and used with serverhiding.
67 */
68 network_name = "MyNet";
69 network_desc = "This is My Network";
70
71 /*
72 * hub: allow this server to act as a hub and have multiple servers
73 * connected to it.
74 */
75 hub = no;
76
77 /*
78 * vhost: the IP to bind to when we connect outward to ipv4 servers.
79 * This should be an ipv4 IP only, or "* for INADDR_ANY.
80 */
81 #vhost = "192.169.0.1";
82
83 /*
84 * vhost6: the IP to bind to when we connect outward to ipv6 servers.
85 * This should be an ipv6 IP only, or "* for INADDR_ANY.
86 */
87 #vhost6 = "3ffe:80e8:546::2";
88
89 /* max_clients: the maximum number of clients allowed to connect */
90 max_clients = 512;
91
92 /*
93 * rsa key: the path to the file containing our rsa key for cryptlink.
94 *
95 * Example command to store a 2048 bit RSA keypair in
96 * rsa.key, and the public key in rsa.pub:
97 *
98 * openssl genrsa -out rsa.key 2048
99 * openssl rsa -in rsa.key -pubout -out rsa.pub
100 * chown <ircd-user>.<ircd.group> rsa.key rsa.pub
101 * chmod 0600 rsa.key
102 * chmod 0644 rsa.pub
103 */
104 #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
105
106 /*
107 * ssl certificate: the path to the file containing our ssl certificate
108 * for encrypted client connection.
109 *
110 * This assumes your private RSA key is stored in rsa.key. You
111 * MUST have an RSA key in order to generate the certificate
112 *
113 * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
114 *
115 * See http://www.openssl.org/docs/HOWTO/certificates.txt
116 *
117 * Please use the following values when generating the cert
118 *
119 * Organization Name: Network Name
120 * Organization Unit Name: changme.someirc.net
121 * Common Name: irc.someirc.net
122 * E-mail: you@domain.com
123 */
124 #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
125 };
126
127 /*
128 * admin {}: contains admin information about the server. (OLD A:)
129 */
130 admin {
131 name = "Smurf target";
132 description = "Main Server Administrator";
133 email = "<syn@packets.r.us>";
134 };
135
136 /*
137 * log {}: contains information about logfiles.
138 */
139 log {
140 /* Do you want to enable logging to ircd.log? */
141 use_logging = yes;
142
143 /*
144 * logfiles: the logfiles to use for user connects, /oper uses,
145 * and failed /oper. These files must exist for logging to be used.
146 */
147 fname_userlog = "logs/userlog";
148 fname_operlog = "logs/operlog";
149 fname_killlog = "logs/kill";
150 fname_klinelog = "logs/kline";
151 fname_glinelog = "logs/gline";
152
153 /*
154 * log_level: the amount of detail to log in ircd.log. The
155 * higher, the more information is logged. May be changed
156 * once the server is running via /quote SET LOG. Either:
157 * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
158 */
159 log_level = L_INFO;
160 };
161
162 /*
163 * class {}: contains information about classes for users (OLD Y:)
164 */
165 class {
166 /* name: the name of the class. classes are text now */
167 name = "users";
168
169 /*
170 * ping_time: how often a client must reply to a PING from the
171 * server before they are dropped.
172 */
173 ping_time = 90 seconds;
174
175 /*
176 * number_per_ip: how many local users are allowed to connect
177 * from one IP (optional)
178 */
179 number_per_ip = 2;
180
181 /*
182 * max_local: how many local users are allowed to connect
183 * from one ident@host (optional)
184 */
185 max_local = 2;
186
187 /*
188 * max_global: network-wide limit of users per ident@host (optional)
189 */
190 max_global = 10;
191
192 /*
193 * max_number: the maximum number of users allowed in this class (optional)
194 */
195 max_number = 100;
196
197 /*
198 * the following lines are optional and allow you to define
199 * how many users can connect from one /NN subnet
200 */
201 cidr_bitlen_ipv4 = 24;
202 cidr_bitlen_ipv6 = 120;
203 number_per_cidr = 16;
204
205 /*
206 * sendq: the amount of data allowed in a clients queue before
207 * they are dropped.
208 */
209 sendq = 100 kbytes;
210 };
211
212 class {
213 name = "opers";
214 ping_time = 90 seconds;
215 number_per_ip = 10;
216 max_number = 100;
217 sendq = 100kbytes;
218 };
219
220 class {
221 name = "server";
222 ping_time = 90 seconds;
223
224 /*
225 * ping_warning: how fast a server must reply to a PING before
226 * a warning to opers is generated.
227 */
228 ping_warning = 15 seconds;
229
230 /*
231 * connectfreq: only used in server classes. Specifies the delay
232 * between autoconnecting to servers.
233 */
234 connectfreq = 5 minutes;
235
236 /* max number: the amount of servers to autoconnect to */
237 max_number = 1;
238
239 /* sendq: servers need a higher sendq as they send more data */
240 sendq = 2 megabytes;
241 };
242
243 /*
244 * listen {}: contains information about the ports ircd listens on (OLD P:)
245 */
246 listen {
247 /*
248 * port: the specific port to listen on. If no host is specified
249 * before, it will listen on all available IPs.
250 *
251 * Ports are separated via a comma, a range may be specified using ".."
252 */
253
254 /* port: listen on all available IPs, ports 6665 to 6669 */
255 port = 6665 .. 6669;
256
257 /*
258 * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
259 * unless you are an administrator.
260 *
261 * NOTE: The "flags" directive has to come before "port". Always!
262 */
263 flags = hidden, ssl;
264 host = "192.168.0.1";
265 port = 6697;
266
267 /*
268 * host: set a specific IP/host the ports after the line will listen
269 * on. This may be ipv4 or ipv6.
270 */
271 host = "1.2.3.4";
272 port = 7000, 7001;
273
274 host = "3ffe:1234:a:b:c::d";
275 port = 7002;
276 };
277
278 /*
279 * auth {}: allow users to connect to the ircd (OLD I:)
280 */
281 auth {
282 /*
283 * user: the user@host allowed to connect. Multiple IPv4/IPv6 user
284 * lines are permitted per auth block.
285 */
286 user = "*@172.16.0.0/12";
287 user = "*test@123D:B567:*";
288
289 /* password: an optional password that is required to use this block */
290 password = "letmein";
291
292 /*
293 * encrypted: controls whether the auth password above has been
294 * encrypted.
295 */
296 encrypted = yes;
297
298 /*
299 * spoof: fake the users host to this. This is free-form,
300 * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
301 */
302 spoof = "I.still.hate.packets";
303
304 /* class: the class the user is placed in */
305 class = "opers";
306
307 /*
308 * need_password: don't allow users who haven't supplied the correct
309 * password to connect using another auth{} block
310 * ('&' prefix on /stats I if disabled)
311 * need_ident: require the user to have identd to connect ('+' prefix on /stats I)
312 * spoof_notice: enable spoofing notification to admins
313 * exceed_limit: allow a user to exceed class limits ('>' prefix on /stats I)
314 * kline_exempt: exempt this user from k/glines ('^' prefix on /stats I)
315 * gline_exempt: exempt this user from glines ('_' prefix on /stats I)
316 * resv_exempt: exempt this user from resvs ('$' prefix on /stats I)
317 * no_tilde: remove ~ from a user with no ident ('-' prefix on /stats I)
318 * can_flood: allow this user to exceed flood limits ('|' prefix on /stats I)
319 * can_idle: exempt this user from idle restrictions ('<' prefix on /stats I)
320 */
321 flags = need_password, spoof_notice, exceed_limit, kline_exempt,
322 gline_exempt, resv_exempt, no_tilde, can_flood, can_idle;
323 };
324
325 auth {
326 /*
327 * redirect: the server and port to redirect a user to. A user does
328 * not have to obey the redirection, the ircd just suggests an alternative
329 * server for them.
330 */
331 redirserv = "this.is.not.a.real.server";
332 redirport = 6667;
333
334 user = "*.server";
335
336 /* class: a class is required even though it is not used */
337 class = "users";
338 };
339
340 auth {
341 user = "*@*";
342 class = "users";
343 flags = need_ident;
344 };
345
346 /*
347 * operator {}: defines ircd operators. (OLD O:)
348 *
349 * ircd-hybrid no longer supports local operators, privileges are
350 * controlled via flags.
351 */
352 operator {
353 /* name: the name of the oper */
354 /* NOTE: operator "opername"{} is also supported */
355 name = "god";
356
357 /*
358 * user: the user@host required for this operator. CIDR is not
359 * supported. Multiple user="" lines are supported.
360 */
361 user = "*god@*";
362 user = "*@127.0.0.1";
363
364 /*
365 * password: the password required to oper. By default this will
366 * need to be encrypted using 'mkpasswd'. MD5 is supported.
367 */
368 password = "etcnjl8juSU1E";
369
370 /*
371 * encrypted: controls whether the oper password above has been
372 * encrypted. (OLD CRYPT_OPER_PASSWORD now optional per operator)
373 */
374 encrypted = yes;
375
376 /*
377 * rsa_public_key_file: the public key for this oper when using Challenge.
378 * A password should not be defined when this is used, see
379 * doc/challenge.txt for more information.
380 */
381 # rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
382
383 /* class: the class the oper joins when they successfully /oper */
384 class = "opers";
385
386 /*
387 * umodes: default usermodes opers get when they /oper. If defined,
388 * it will override oper_umodes settings in general {}.
389 * Available usermodes:
390 *
391 * +b - bots - See bot and drone flooding notices
392 * +c - cconn - Client connection/quit notices
393 * +D - deaf - Don't receive channel messages
394 * +d - debug - See debugging notices
395 * +f - full - See I: line full notices
396 * +G - softcallerid - Server Side Ignore for users not on your channels
397 * +g - callerid - Server Side Ignore (for privmsgs etc)
398 * +i - invisible - Not shown in NAMES or WHO unless you share a
399 * a channel
400 * +k - skill - See server generated KILL messages
401 * +l - locops - See LOCOPS messages
402 * +n - nchange - See client nick changes
403 * +r - rej - See rejected client notices
404 * +s - servnotice - See general server notices
405 * +u - unauth - See unauthorized client notices
406 * +w - wallop - See server generated WALLOPS
407 * +x - external - See remote server connection and split notices
408 * +y - spy - See LINKS, STATS, TRACE notices etc.
409 * +z - operwall - See oper generated WALLOPS
410 */
411 # umodes = locops, servnotice, operwall, wallop;
412
413 /*
414 * privileges: controls the activities and commands an oper is
415 * allowed to do on the server. All options default to no.
416 * Available options:
417 *
418 * global_kill: allows remote users to be /KILL'd (OLD 'O' flag)
419 * remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
420 * remoteban: allows remote KLINE/UNKLINE
421 * kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
422 * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
423 * gline: allows GLINE (OLD 'G' flag)
424 * xline: allows XLINE (OLD 'X' flag)
425 * operwall: allows OPERWALL
426 * nick_changes: allows oper to see nickchanges (OLD 'N' flag)
427 * via usermode +n
428 * rehash: allows oper to REHASH config (OLD 'H' flag)
429 * die: allows DIE and RESTART (OLD 'D' flag)
430 * admin: gives admin privileges. admins
431 * may (un)load modules and see the
432 * real IPs of servers.
433 * hidden_admin: same as 'admin', but noone can recognize you as
434 * being an admin
435 * hidden_oper: not shown in /stats p (except for other operators)
436 */
437 /* You can either use
438 * die = yes;
439 * rehash = yes;
440 *
441 * or in a flags statement i.e.
442 * flags = die, rehash;
443 *
444 * You can also negate a flag with ~ i.e.
445 * flags = ~remote;
446 *
447 */
448 flags = global_kill, remote, kline, unkline, xline,
449 die, rehash, nick_changes, admin, operwall;
450 };
451
452 /*
453 * connect {}: controls servers we connect to (OLD C:, N:, H:, L:)
454 */
455 connect {
456 /* name: the name of the server */
457 name = "irc.uplink.com";
458
459 /*
460 * host: the host or IP to connect to. If a hostname is used it
461 * must match the reverse dns of the server.
462 */
463 host = "192.168.0.1";
464
465 /*
466 * vhost: the IP to bind to when we connect outward to servers.
467 * serverinfo::vhost and serverinfo::vhost6 will be overridden
468 * by this directive.
469 */
470 vhost = "192.168.0.2";
471
472 /*
473 * passwords: the passwords we send (OLD C:) and accept (OLD N:).
474 * The remote server will have these passwords reversed.
475 */
476 send_password = "password";
477 accept_password = "anotherpassword";
478
479 /*
480 * encrypted: controls whether the accept_password above has been
481 * encrypted. (OLD CRYPT_LINK_PASSWORD now optional per connect)
482 */
483 encrypted = no;
484
485 /* port: the port to connect to this server on */
486 port = 6666;
487
488 /*
489 * hub_mask: the mask of servers that this server may hub. Multiple
490 * entries are permitted
491 */
492 hub_mask = "*";
493
494 /*
495 * leaf_mask: the mask of servers this server may not hub. Multiple
496 * entries are permitted. Useful for forbidding EU -> US -> EU routes.
497 */
498 # leaf_mask = "*.uk";
499
500 /* fakename: the servername we pretend to be when we connect */
501 # fakename = "*.arpa";
502
503 /* class: the class this server is in */
504 class = "server";
505
506 /*
507 * autoconn: controls whether we autoconnect to this server or not,
508 * dependent on class limits. By default, this is disabled.
509 * compressed: controls whether traffic is compressed via ziplinks.
510 * By default, this is disabled
511 * cryptlink: enable full encryption for all data passing between our
512 * server and this link and rsa authentication.
513 * burst_away: This will send the /away string that users have set
514 * on the server burst. Note this can be a lot of data
515 * and slow down your server burst.
516 * topicburst: Send topics to this server during channel burst. Works
517 * only if the server we are connecting to is capable
518 * of TBURST/TB.
519 */
520 # flags = autoconn, compressed, cryptlink, burst_away, topicburst;
521 };
522
523 connect {
524 name = "encrypted.auth.example";
525 host = "some.host.somewhere";
526 port = 6667;
527
528 flags = cryptlink;
529
530 /*
531 * rsa_public_key_file: the path to the public keyfile of the server.
532 * Used instead of passwords.
533 */
534 rsa_public_key_file = "etc/remote.server.keyfile";
535
536 /*
537 * cipher preference: set the preferred cipher for this link
538 *
539 * Available ciphers are:
540 * BF/168 BF/128 CAST/128 IDEA/128 RC5.16/128
541 * RC5.12/128 RC5.8/128 3DES/168 DES/56
542 *
543 * NOTE: Some ciphers may not be supported by your OpenSSL.
544 * Check the output from 'configure' for available ciphers.
545 *
546 * NOTE2: To help you decide what cipher to use, tools/encspeed
547 * will show you approximately how fast each cipher is.
548 * However, blowfish is fast and secure, and is probably
549 * a good default for most situations.
550 *
551 * NOTE3: Default if none is set is BF/128
552 *
553 * The cipher *MUST* be the same in both directions. If you
554 * set a cipher preference, your uplink must set the same cipher,
555 * else it will not link.
556 */
557 # cipher_preference = "BF/168";
558 };
559
560 /*
561 * NOTE: Don't add an extra 'name=' entry if you use
562 * the connect "name"{} feature
563 */
564 connect "ipv6.some.server" {
565 host = "3ffd:dead:beef::1";
566 send_password = "password";
567 accept_password = "password";
568 port = 6666;
569
570 /*
571 * aftype: controls whether the connection uses "ipv4" or "ipv6".
572 * Default is ipv4.
573 */
574 aftype = ipv6;
575 class = "server";
576 };
577
578 /*
579 * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
580 * automatically (OLD hyb6 SLAVE_SERVERS)
581 */
582 cluster {
583 /*
584 * name: the server to share with, this can take wildcards
585 *
586 * NOTE: only local actions will be clustered, meaning if
587 * the server receives a shared kline/unkline/etc, it
588 * will not be propagated to clustered servers.
589 *
590 * Remote servers are not necessarily required to accept
591 * clustered lines, they need a shared{} for *THIS* server
592 * in order to accept them.
593 */
594 name = "*.arpa";
595
596 /*
597 * type: list of what to share, options are as follows:
598 * kline - share klines
599 * tkline - share temporary klines
600 * unkline - share unklines
601 * xline - share xlines
602 * txline - share temporary xlines
603 * unxline - share unxlines
604 * resv - share resvs
605 * tresv - share temporary resvs
606 * unresv - share unresvs
607 * locops - share locops
608 * all - share all of the above (default)
609 */
610 type = kline, unkline, locops, xline, resv;
611 };
612
613 /*
614 * shared {}: users that are allowed to remote kline (OLD U:)
615 *
616 * NOTE: This can be effectively used for remote klines.
617 * Please note that there is no password authentication
618 * for users setting remote klines. You must also be
619 * /oper'd in order to issue a remote kline.
620 */
621 shared {
622 /*
623 * name: the server the user must be on to set klines. If this is not
624 * specified, the user will be allowed to kline from all servers.
625 */
626 name = "irc2.some.server";
627
628 /*
629 * user: the user@host mask that is allowed to set klines. If this is
630 * not specified, all users on the server above will be allowed to set
631 * a remote kline.
632 */
633 user = "oper@my.host.is.spoofed";
634
635 /*
636 * type: list of what to share, options are as follows:
637 * kline - allow oper/server to kline
638 * tkline - allow temporary klines
639 * unkline - allow oper/server to unkline
640 * xline - allow oper/server to xline
641 * txline - allow temporary xlines
642 * unxline - allow oper/server to unxline
643 * resv - allow oper/server to resv
644 * tresv - allow temporary resvs
645 * unresv - allow oper/server to unresv
646 * locops - allow oper/server to locops - only used for servers that cluster
647 * all - allow oper/server to do all of the above (default)
648 */
649 type = kline, unkline, resv;
650 };
651
652 /*
653 * kill {}: users that are not allowed to connect (OLD K:)
654 * Oper issued klines will be added to the specified kline config
655 */
656 kill {
657 user = "bad@*.hacked.edu";
658 reason = "Obviously hacked account";
659 };
660
661 kill {
662 user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$";
663 type = regex;
664 };
665
666 /*
667 * deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
668 * Oper issued dlines will be added to the specified dline config
669 */
670 deny {
671 ip = "10.0.1.0/24";
672 reason = "Reconnecting vhosted bots";
673 };
674
675 /*
676 * exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:)
677 */
678 exempt {
679 ip = "192.168.0.0/16";
680 };
681
682 /*
683 * resv {}: nicks and channels users may not use/join (OLD Q:)
684 */
685 resv {
686 /* reason: the reason for the proceeding resv's */
687 reason = "There are no services on this network";
688
689 /* resv: the nicks and channels users may not join/use */
690 nick = "nickserv";
691 nick = "chanserv";
692 channel = "#services";
693
694 /* resv: wildcard masks are also supported in nicks only */
695 reason = "Clone bots";
696 nick = "clone*";
697 };
698
699 /*
700 * gecos {}: The X: replacement, used for banning users based on
701 * their "realname".
702 */
703 gecos {
704 name = "*sex*";
705 reason = "Possible spambot";
706 };
707
708 gecos {
709 name = "sub7server";
710 reason = "Trojan drone";
711 };
712
713 gecos {
714 name = "*http*";
715 reason = "Spambot";
716 };
717
718 gecos {
719 name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
720 type = regex;
721 };
722
723 /*
724 * channel {}: The channel block contains options pertaining to channels
725 */
726 channel {
727 /*
728 * disable_fake_channels: this option, if set to 'yes', will
729 * disallow clients to create or join channels that have one
730 * of the following ASCII characters in their name:
731 *
732 * 2 | bold
733 * 3 | mirc color
734 * 15 | plain text
735 * 22 | reverse
736 * 31 | underline
737 * 160 | non-breaking space
738 */
739 disable_fake_channels = yes;
740
741 /*
742 * restrict_channels: reverse channel RESVs logic, only reserved
743 * channels are allowed
744 */
745 restrict_channels = no;
746
747 /*
748 * disable_local_channels: prevent users from joining &channels.
749 */
750 disable_local_channels = no;
751
752 /*
753 * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
754 * that can join a +i channel without an invite.
755 */
756 use_invex = yes;
757
758 /*
759 * use_except: Enable/disable channel mode +e, a n!u@h list of masks
760 * that can join a channel through a ban (+b).
761 */
762 use_except = yes;
763
764 /*
765 * use_knock: Allows users to request an invite to a channel that
766 * is locked somehow (+ikl). If the channel is +p or you are banned
767 * the knock will not be sent.
768 */
769 use_knock = yes;
770
771 /*
772 * knock_delay: The amount of time a user must wait between issuing
773 * the knock command.
774 */
775 knock_delay = 1 minutes;
776
777 /*
778 * knock_delay_channel: How often a knock to any specific channel
779 * is permitted, regardless of the user sending the knock.
780 */
781 knock_delay_channel = 1 minute;
782
783 /*
784 * burst_topicwho: enable sending of who set topic on topicburst
785 * default is yes
786 */
787 burst_topicwho = yes;
788
789 /*
790 * max_chans_per_user: The maximum number of channels a user can
791 * join/be on.
792 */
793 max_chans_per_user = 25;
794
795 /* quiet_on_ban: stop banned people talking in channels. */
796 quiet_on_ban = yes;
797
798 /* max_bans: maximum number of +b/e/I modes in a channel */
799 max_bans = 25;
800
801 /*
802 * how many joins in how many seconds constitute a flood, use 0 to
803 * disable. +b opers will be notified (changeable via /set)
804 */
805 join_flood_count = 16;
806 join_flood_time = 8 seconds;
807
808 /*
809 * splitcode: The ircd will now check splitmode every few seconds.
810 *
811 * Either split users or split servers can activate splitmode, but
812 * both conditions must be met for the ircd to deactivate splitmode.
813 *
814 * You may force splitmode to be permanent by /quote set splitmode on
815 */
816
817 /*
818 * default_split_user_count: when the usercount is lower than this level,
819 * consider ourselves split. This must be set for automatic splitmode.
820 */
821 default_split_user_count = 0;
822
823 /*
824 * default_split_server_count: when the servercount is lower than this,
825 * consider ourselves split. This must be set for automatic splitmode.
826 */
827 default_split_server_count = 0;
828
829 /* split no create: disallow users creating channels on split. */
830 no_create_on_split = yes;
831
832 /* split: no join: disallow users joining channels at all on a split */
833 no_join_on_split = no;
834 };
835
836 /*
837 * serverhide {}: The serverhide block contains the options regarding
838 * serverhiding
839 */
840 serverhide {
841 /*
842 * flatten_links: this option will show all servers in /links appear
843 * that they are linked to this current server
844 */
845 flatten_links = no;
846
847 /*
848 * links_delay: how often to update the links file when it is
849 * flattened.
850 */
851 links_delay = 5 minutes;
852
853 /*
854 * hidden: hide this server from a /links output on servers that
855 * support it. This allows hub servers to be hidden etc.
856 */
857 hidden = no;
858
859 /*
860 * disable_hidden: prevent servers hiding themselves from a
861 * /links output.
862 */
863 disable_hidden = no;
864
865 /*
866 * hide_servers: hide remote servernames everywhere and instead use
867 * hidden_name and network_desc.
868 */
869 hide_servers = no;
870
871 /*
872 * Use this as the servername users see if hide_servers = yes.
873 */
874 hidden_name = "*.hidden.com";
875
876 /*
877 * hide_server_ips: If this is disabled, opers will be unable to see servers
878 * ips and will be shown a masked ip, admins will be shown the real ip.
879 *
880 * If this is enabled, nobody can see a servers ip. *This is a kludge*, it
881 * has the side effect of hiding the ips everywhere, including logfiles.
882 *
883 * We recommend you leave this disabled, and just take care with who you
884 * give admin=yes; to.
885 */
886 hide_server_ips = no;
887 };
888
889 /*
890 * general {}: The general block contains many of the options that were once
891 * compiled in options in config.h. The general block is read at start time.
892 */
893 general {
894 /* max_watch: maximum WATCH entries */
895 max_watch = 64;
896
897 /*
898 * gline_min_cidr: the minimum required length of a CIDR bitmask
899 * for IPv4 based glines
900 */
901 gline_min_cidr = 16;
902
903 /*
904 * gline_min_cidr6: the minimum required length of a CIDR bitmask
905 * for IPv6 based glines
906 */
907 gline_min_cidr6 = 48;
908
909 /*
910 * Whether to automatically set mode +i on connecting users.
911 */
912 invisible_on_connect = yes;
913
914 /*
915 * If you don't explicitly specify burst_away in your connect blocks, then
916 * they will default to the burst_away value below.
917 */
918 burst_away = no;
919
920 /*
921 * Show "actually using host <ip>" on /whois when possible.
922 */
923 use_whois_actually = yes;
924
925 /*
926 * Max time from the nickname change that still causes KILL
927 * automatically to switch for the current nick of that user. (seconds)
928 */
929 kill_chase_time_limit = 90;
930
931 /*
932 * If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed
933 * users in /trace etc. If this is defined they will be shown a masked IP.
934 */
935 hide_spoof_ips = yes;
936
937 /*
938 * Ignore bogus timestamps from other servers. Yes, this will desync
939 * the network, but it will allow chanops to resync with a valid non TS 0
940 *
941 * This should be enabled network wide, or not at all.
942 */
943 ignore_bogus_ts = no;
944
945 /*
946 * disable_auth: completely disable ident lookups; if you enable this,
947 * be careful of what you set need_ident to in your auth {} blocks
948 */
949 disable_auth = no;
950
951 /* disable_remote_commands: disable users doing commands on remote servers */
952 disable_remote_commands = no;
953
954 /*
955 * tkline_expire_notices: enables or disables temporary kline/xline
956 * expire notices.
957 */
958 tkline_expire_notices = no;
959
960 /*
961 * default_floodcount: the default value of floodcount that is configurable
962 * via /quote set floodcount. This is the amount of lines a user
963 * may send to any other user/channel in one second.
964 */
965 default_floodcount = 10;
966
967 /*
968 * failed_oper_notice: send a notice to all opers on the server when
969 * someone tries to OPER and uses the wrong password, host or ident.
970 */
971 failed_oper_notice = yes;
972
973 /*
974 * dots_in_ident: the amount of '.' characters permitted in an ident
975 * reply before the user is rejected.
976 */
977 dots_in_ident = 2;
978
979 /*
980 * dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts
981 * without a '.' in them. This will add one to the end. Only needed
982 * for older servers.
983 */
984 dot_in_ip6_addr = no;
985
986 /*
987 * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
988 * placed via the server. klines hand placed are exempt from limits.
989 * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
990 */
991 min_nonwildcard = 4;
992
993 /*
994 * min_nonwildcard_simple: the minimum non wildcard characters in
995 * gecos bans. wildcard chars: '*' '?' '#'
996 */
997 min_nonwildcard_simple = 3;
998
999 /* max_accept: maximum allowed /accept's for +g usermode */
1000 max_accept = 20;
1001
1002 /* anti_nick_flood: enable the nickflood control code */
1003 anti_nick_flood = yes;
1004
1005 /* nick flood: the nick changes allowed in the specified period */
1006 max_nick_time = 20 seconds;
1007 max_nick_changes = 5;
1008
1009 /*
1010 * anti_spam_exit_message_time: the minimum time a user must be connected
1011 * before custom quit messages are allowed.
1012 */
1013 anti_spam_exit_message_time = 5 minutes;
1014
1015 /*
1016 * ts delta: the time delta allowed between server clocks before
1017 * a warning is given, or before the link is dropped. all servers
1018 * should run ntpdate/rdate to keep clocks in sync
1019 */
1020 ts_warn_delta = 30 seconds;
1021 ts_max_delta = 5 minutes;
1022
1023 /*
1024 * kline_with_reason: show the user the reason why they are k/d/glined
1025 * on exit. May give away who set k/dline when set via tcm.
1026 */
1027 kline_with_reason = yes;
1028
1029 /*
1030 * kline_reason: show this message to users on channel
1031 * instead of the oper reason.
1032 */
1033 kline_reason = "Connection closed";
1034
1035 /*
1036 * reject_hold_time: wait this amount of time before disconnecting
1037 * a rejected client. Use 0 to disable.
1038 */
1039 reject_hold_time = 0;
1040
1041 /*
1042 * warn_no_nline: warn opers about servers that try to connect but
1043 * we don't have a connect {} block for. Twits with misconfigured
1044 * servers can get really annoying with this enabled.
1045 */
1046 warn_no_nline = yes;
1047
1048 /*
1049 * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1050 * operators and administrators. Doing so is a good idea in case
1051 * there are any exempted (exempt{}) server IPs you don't want to
1052 * see leaked.
1053 */
1054 stats_e_disabled = no;
1055
1056 /* stats_o_oper only: make stats o (opers) oper only */
1057 stats_o_oper_only = yes;
1058
1059 /* stats_P_oper_only: make stats P (ports) oper only */
1060 stats_P_oper_only = yes;
1061
1062 /*
1063 * stats i oper only: make stats i (auth {}) oper only. set to:
1064 * yes: show users no auth blocks, made oper only.
1065 * masked: show users first matching auth block
1066 * no: show users all auth blocks.
1067 */
1068 stats_i_oper_only = yes;
1069
1070 /*
1071 * stats_k_oper_only: make stats k/K (klines) oper only. set to:
1072 * yes: show users no auth blocks, made oper only
1073 * masked: show users first matching auth block
1074 * no: show users all auth blocks.
1075 */
1076 stats_k_oper_only = yes;
1077
1078 /*
1079 * caller_id_wait: time between notifying a +g user that somebody
1080 * is messaging them.
1081 */
1082 caller_id_wait = 1 minute;
1083
1084 /*
1085 * opers_bypass_callerid: allows operators to bypass +g and message
1086 * anyone who has it set (useful if you use services).
1087 */
1088 opers_bypass_callerid = no;
1089
1090 /*
1091 * pace_wait_simple: time between use of less intensive commands
1092 * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
1093 */
1094 pace_wait_simple = 1 second;
1095
1096 /*
1097 * pace_wait: time between more intensive commands
1098 * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
1099 */
1100 pace_wait = 10 seconds;
1101
1102 /*
1103 * short_motd: send clients a notice telling them to read the motd
1104 * instead of forcing a motd to clients who may simply ignore it.
1105 */
1106 short_motd = no;
1107
1108 /*
1109 * ping_cookie: require clients to respond exactly to a ping command,
1110 * can help block certain types of drones and FTP PASV mode spoofing.
1111 */
1112 ping_cookie = no;
1113
1114 /* no_oper_flood: increase flood limits for opers. */
1115 no_oper_flood = yes;
1116
1117 /*
1118 * true_no_oper_flood: completely eliminate flood limits for opers
1119 * and for clients with can_flood = yes in their auth {} blocks
1120 */
1121 true_no_oper_flood = yes;
1122
1123 /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
1124 oper_pass_resv = yes;
1125
1126 /*
1127 * idletime: the maximum amount of time a user may idle before
1128 * they are disconnected
1129 */
1130 idletime = 0;
1131
1132 /* REMOVE ME. The following line checks you've been reading. */
1133 havent_read_conf = 1;
1134
1135 /*
1136 * max_targets: the maximum amount of targets in a single
1137 * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1138 */
1139 max_targets = 4;
1140
1141 /*
1142 * client_flood: maximum amount of data in a clients queue before
1143 * they are dropped for flooding.
1144 */
1145 client_flood = 2560 bytes;
1146
1147 /*
1148 * message_locale: the default message locale
1149 * Use "standard" for the compiled in defaults.
1150 * To install the translated messages, go into messages/ in the
1151 * source directory and run `make install'.
1152 */
1153 message_locale = "standard";
1154
1155 /*
1156 * usermodes configurable: a list of usermodes for the options below
1157 *
1158 * +b - bots - See bot and drone flooding notices
1159 * +c - cconn - Client connection/quit notices
1160 * +D - deaf - Don't receive channel messages
1161 * +d - debug - See debugging notices
1162 * +f - full - See I: line full notices
1163 * +G - softcallerid - Server Side Ignore for users not on your channels
1164 * +g - callerid - Server Side Ignore (for privmsgs etc)
1165 * +i - invisible - Not shown in NAMES or WHO unless you share a
1166 * a channel
1167 * +k - skill - See server generated KILL messages
1168 * +l - locops - See LOCOPS messages
1169 * +n - nchange - See client nick changes
1170 * +r - rej - See rejected client notices
1171 * +s - servnotice - See general server notices
1172 * +u - unauth - See unauthorized client notices
1173 * +w - wallop - See server generated WALLOPS
1174 * +x - external - See remote server connection and split notices
1175 * +y - spy - See LINKS, STATS, TRACE notices etc.
1176 * +z - operwall - See oper generated WALLOPS
1177 */
1178
1179 /* oper_only_umodes: usermodes only opers may set */
1180 oper_only_umodes = bots, cconn, cconn_full, debug, full, skill,
1181 nchange, rej, spy, external, operwall,
1182 locops, unauth;
1183
1184 /* oper_umodes: default usermodes opers get when they /oper */
1185 oper_umodes = bots, locops, servnotice, operwall, wallop;
1186
1187 /*
1188 * servlink_path: path to 'servlink' program used by ircd to handle
1189 * encrypted/compressed server <-> server links.
1190 *
1191 * only define if servlink is not in same directory as ircd itself.
1192 */
1193 #servlink_path = "/usr/local/ircd/bin/servlink";
1194
1195 /*
1196 * default_cipher_preference: default cipher to use for cryptlink when none is
1197 * specified in connect block.
1198 */
1199 #default_cipher_preference = "BF/168";
1200
1201 /*
1202 * use_egd: if your system does not have *random devices yet you
1203 * want to use OpenSSL and encrypted links, enable this. Beware -
1204 * EGD is *very* CPU intensive when gathering data for its pool
1205 */
1206 # use_egd = yes;
1207
1208 /*
1209 * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
1210 * which automatically finds the path.
1211 */
1212 # egdpool_path = "/var/run/egd-pool";
1213
1214
1215 /*
1216 * compression_level: level of compression for compressed links between
1217 * servers.
1218 *
1219 * values are between: 1 (least compression, fastest)
1220 * and: 9 (most compression, slowest).
1221 */
1222 # compression_level = 6;
1223
1224 /*
1225 * throttle_time: the minimum amount of time between connections from
1226 * the same ip. exempt {} blocks are excluded from this throttling.
1227 * Offers protection against flooders who reconnect quickly.
1228 * Set to 0 to disable.
1229 */
1230 throttle_time = 10;
1231 };
1232
1233 glines {
1234 /* enable: enable glines, network wide temp klines */
1235 enable = yes;
1236
1237 /*
1238 * duration: the amount of time a gline will remain on your
1239 * server before expiring
1240 */
1241 duration = 1 day;
1242
1243 /*
1244 * logging: which types of rules you want to log when triggered
1245 * (choose reject or block)
1246 */
1247 logging = reject, block;
1248
1249 /*
1250 * NOTE: gline ACLs can cause a desync of glines throughout the
1251 * network, meaning some servers may have a gline triggered, and
1252 * others may not. Also, you only need insert rules for glines
1253 * that you want to block and/or reject. If you want to accept and
1254 * propagate the gline, do NOT put a rule for it.
1255 */
1256
1257 /* user@host for rule to apply to */
1258 user = "god@I.still.hate.packets";
1259 /* server for rule to apply to */
1260 name = "hades.arpa";
1261
1262 /*
1263 * action: action to take when a matching gline is found. options are:
1264 * reject - do not apply the gline locally
1265 * block - do not propagate the gline
1266 */
1267 action = reject, block;
1268
1269 user = "god@*";
1270 name = "*";
1271 action = block;
1272 };
1273
1274 modules {
1275 /*
1276 * module path: other paths to search for modules specified below
1277 * and in /modload.
1278 */
1279 path = "@LIBDIR@/modules";
1280 path = "@LIBDIR@/modules/autoload";
1281
1282 /* module: the name of a module to load on startup/rehash */
1283 #module = "some_module.so";
1284 };

Properties

Name Value
svn:eol-style native
svn:keywords "Author Date Id Revision"