ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid-8/doc/example.conf
Revision: 1310
Committed: Mon Mar 26 15:45:02 2012 UTC (12 years ago) by michael
File size: 34822 byte(s)
Log Message:
- move example configuration files to doc/ folder

File Contents

# User Rev Content
1 db 897 /* doc/example.conf - ircd-hybrid-7 Example configuration file
2 michael 1134 * Copyright (C) 2000-2011 Hybrid Development Team
3 db 897 *
4     * Written by ejb, wcampbel, db, leeh and others
5     * Other example configurations can be found in the source dir under
6     * etc/.
7     *
8     * $Id$
9     */
10    
11     /* IMPORTANT NOTES:
12     *
13     * auth {} blocks MUST be specified in order of precedence. The first one
14     * that matches a user will be used. So place spoofs first, then specials,
15     * then general access.
16     *
17     * Shell style (#), C++ style (//) and C style comments are supported.
18     *
19     * Files may be included by either:
20     * .include "filename"
21     * .include <filename>
22     *
23     * Times/durations are written as:
24     * 12 hours 30 minutes 1 second
25     *
26     * Valid units of time:
27     * month, week, day, hour, minute, second
28     *
29     * Valid units of size:
30     * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
31     *
32     * Sizes and times may be singular or plural.
33     */
34    
35     /* EFNET NOTE:
36     *
37     * This config file is NOT suitable for EFNet. EFNet admins should use
38     * example.efnet.conf
39     */
40    
41     /*
42     * serverinfo {}: contains information about the server. (OLD M:)
43     */
44     serverinfo {
45     /*
46 michael 1070 * name: the name of this server. This cannot be changed at runtime.
47 db 897 */
48     name = "hades.arpa";
49    
50     /*
51     * sid: a server's unique ID. This is three characters long and must
52     * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
53     * a digit, followed by 2 alpha-numerical letters.
54     * NOTE: The letters must be capitalized. This cannot be changed at runtime.
55     */
56     sid = "_CHANGE_ME_";
57    
58     /*
59     * description: the description of the server. '[' and ']' may not
60     * be used here for compatibility with older servers.
61     */
62     description = "hybrid-7 test server";
63    
64     /*
65     * network info: the name and description of the network this server
66     * is on. Shown in the 005 reply and used with serverhiding.
67     */
68     network_name = "MyNet";
69     network_desc = "This is My Network";
70    
71     /*
72     * hub: allow this server to act as a hub and have multiple servers
73     * connected to it.
74     */
75     hub = no;
76    
77     /*
78     * vhost: the IP to bind to when we connect outward to ipv4 servers.
79 michael 959 * This should be an ipv4 IP only, or "*" for INADDR_ANY.
80 db 897 */
81     #vhost = "192.169.0.1";
82    
83     /*
84     * vhost6: the IP to bind to when we connect outward to ipv6 servers.
85 michael 959 * This should be an ipv6 IP only, or "*" for INADDR_ANY.
86 db 897 */
87     #vhost6 = "3ffe:80e8:546::2";
88    
89     /* max_clients: the maximum number of clients allowed to connect */
90     max_clients = 512;
91    
92     /*
93 michael 951 * rsa_private_key_file: the path to the file containing our
94     * rsa key for cryptlink.
95 db 897 *
96     * Example command to store a 2048 bit RSA keypair in
97     * rsa.key, and the public key in rsa.pub:
98     *
99 michael 1229 * openssl genrsa -out rsa.key 2048
100 db 897 * openssl rsa -in rsa.key -pubout -out rsa.pub
101     * chown <ircd-user>.<ircd.group> rsa.key rsa.pub
102     * chmod 0600 rsa.key
103     * chmod 0644 rsa.pub
104     */
105     #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
106    
107     /*
108 michael 951 * ssl_certificate_file: the path to the file containing our
109 michael 1070 * ssl certificate for encrypted client connection.
110 db 897 *
111     * This assumes your private RSA key is stored in rsa.key. You
112     * MUST have an RSA key in order to generate the certificate
113     *
114     * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
115     *
116     * See http://www.openssl.org/docs/HOWTO/certificates.txt
117     *
118     * Please use the following values when generating the cert
119     *
120     * Organization Name: Network Name
121     * Organization Unit Name: changme.someirc.net
122     * Common Name: irc.someirc.net
123     * E-mail: you@domain.com
124     */
125     #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
126 michael 967
127 michael 1306
128     #ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
129    
130 michael 967 /*
131 michael 1306 * ssl_cipher_list:
132     *
133     * List of ciphers that are supported by _this_ server. Can be used to enforce
134     * specific ciphers for incoming SSL/TLS connections.
135     * If a client (which also includes incoming server connections) isn't capable
136     * of any cipher listed below, the connection will be simply rejected.
137     *
138     * A list of supported ciphers can be obtained by running:
139     *
140     * openssl ciphers -ssl3 -tls1 -v
141     *
142     * Multiple ciphers are separated by colons. The order of preference is from
143     * left to right.
144     */
145     #ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
146    
147     /*
148 michael 967 * ssl_server_protocol:
149     * SSL/TLS protocols we provide for incoming secure connections.
150     * This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1.
151     * SSLv2 is not suppported. This cannot be changed at runtime.
152     */
153     #ssl_server_protocol = sslv3, tlsv1;
154 db 897 };
155    
156     /*
157 michael 1229 * admin {}: contains admin information about the server
158 db 897 */
159     admin {
160     name = "Smurf target";
161     description = "Main Server Administrator";
162     email = "<syn@packets.r.us>";
163     };
164    
165     /*
166 michael 1229 * class {}: contains information about classes for users
167 db 897 */
168     class {
169     /* name: the name of the class. classes are text now */
170     name = "users";
171    
172     /*
173     * ping_time: how often a client must reply to a PING from the
174     * server before they are dropped.
175     */
176     ping_time = 90 seconds;
177    
178     /*
179     * number_per_ip: how many local users are allowed to connect
180     * from one IP (optional)
181     */
182     number_per_ip = 2;
183    
184     /*
185     * max_local: how many local users are allowed to connect
186     * from one ident@host (optional)
187     */
188     max_local = 2;
189    
190     /*
191     * max_global: network-wide limit of users per ident@host (optional)
192     */
193     max_global = 10;
194    
195     /*
196     * max_number: the maximum number of users allowed in this class (optional)
197     */
198     max_number = 100;
199    
200     /*
201     * the following lines are optional and allow you to define
202     * how many users can connect from one /NN subnet
203     */
204     cidr_bitlen_ipv4 = 24;
205     cidr_bitlen_ipv6 = 120;
206     number_per_cidr = 16;
207    
208     /*
209     * sendq: the amount of data allowed in a clients queue before
210     * they are dropped.
211     */
212     sendq = 100 kbytes;
213     };
214    
215     class {
216     name = "opers";
217     ping_time = 90 seconds;
218     number_per_ip = 10;
219     max_number = 100;
220     sendq = 100kbytes;
221     };
222    
223     class {
224     name = "server";
225     ping_time = 90 seconds;
226    
227     /*
228     * ping_warning: how fast a server must reply to a PING before
229     * a warning to opers is generated.
230     */
231     ping_warning = 15 seconds;
232    
233     /*
234     * connectfreq: only used in server classes. Specifies the delay
235     * between autoconnecting to servers.
236     */
237     connectfreq = 5 minutes;
238    
239     /* max number: the amount of servers to autoconnect to */
240     max_number = 1;
241    
242     /* sendq: servers need a higher sendq as they send more data */
243     sendq = 2 megabytes;
244     };
245    
246     /*
247 michael 1229 * listen {}: contains information about the ports ircd listens on
248 db 897 */
249     listen {
250     /*
251     * port: the specific port to listen on. If no host is specified
252     * before, it will listen on all available IPs.
253     *
254     * Ports are separated via a comma, a range may be specified using ".."
255     */
256    
257     /* port: listen on all available IPs, ports 6665 to 6669 */
258     port = 6665 .. 6669;
259    
260     /*
261     * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
262     * unless you are an administrator.
263     *
264     * NOTE: The "flags" directive has to come before "port". Always!
265 michael 951 *
266     * Currently available flags are:
267     *
268     * ssl - Port is for SSL client connections only
269     * server - Only server connections are permitted
270 michael 1229 * hidden - Port is hidden from /stats P, unless you're an admin
271 db 897 */
272     flags = hidden, ssl;
273     host = "192.168.0.1";
274     port = 6697;
275    
276     /*
277     * host: set a specific IP/host the ports after the line will listen
278     * on. This may be ipv4 or ipv6.
279     */
280     host = "1.2.3.4";
281     port = 7000, 7001;
282    
283     host = "3ffe:1234:a:b:c::d";
284     port = 7002;
285     };
286    
287     /*
288 michael 1229 * auth {}: allow users to connect to the ircd
289 db 897 */
290     auth {
291     /*
292     * user: the user@host allowed to connect. Multiple IPv4/IPv6 user
293     * lines are permitted per auth block.
294     */
295     user = "*@172.16.0.0/12";
296     user = "*test@123D:B567:*";
297    
298     /* password: an optional password that is required to use this block */
299     password = "letmein";
300    
301     /*
302     * encrypted: controls whether the auth password above has been
303     * encrypted.
304     */
305     encrypted = yes;
306    
307     /*
308     * spoof: fake the users host to this. This is free-form,
309     * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
310     */
311     spoof = "I.still.hate.packets";
312    
313     /* class: the class the user is placed in */
314     class = "opers";
315    
316     /*
317 michael 1229 * need_password - don't allow users who haven't supplied the correct
318     * password to connect using another auth{} block
319     * ('&' prefix on /stats I if disabled)
320     * need_ident - require the user to have identd to connect ('+' prefix on /stats I)
321     * spoof_notice - enable spoofing notification to admins
322     * exceed_limit - allow a user to exceed class limits ('>' prefix on /stats I)
323     * kline_exempt - exempt this user from k/glines ('^' prefix on /stats I)
324     * gline_exempt - exempt this user from glines ('_' prefix on /stats I)
325     * resv_exempt - exempt this user from resvs ('$' prefix on /stats I)
326     * no_tilde - remove ~ from a user with no ident ('-' prefix on /stats I)
327     * can_flood - allow this user to exceed flood limits ('|' prefix on /stats I)
328 db 897 */
329     flags = need_password, spoof_notice, exceed_limit, kline_exempt,
330 michael 1176 gline_exempt, resv_exempt, no_tilde, can_flood;
331 db 897 };
332    
333     auth {
334     /*
335     * redirect: the server and port to redirect a user to. A user does
336     * not have to obey the redirection, the ircd just suggests an alternative
337     * server for them.
338     */
339     redirserv = "this.is.not.a.real.server";
340     redirport = 6667;
341    
342     user = "*.server";
343    
344     /* class: a class is required even though it is not used */
345     class = "users";
346     };
347    
348     auth {
349     user = "*@*";
350     class = "users";
351     flags = need_ident;
352     };
353    
354     /*
355 michael 1229 * operator {}: defines ircd operators
356 db 897 *
357     * ircd-hybrid no longer supports local operators, privileges are
358     * controlled via flags.
359     */
360     operator {
361     /* name: the name of the oper */
362     name = "god";
363    
364     /*
365 michael 1285 * user: the user@host required for this operator. Multiple
366     * user="" lines are supported.
367 db 897 */
368 michael 1285 user = "*god@192.168.0.0/16";
369     user = "*@127.0.0.0/8";
370 db 897
371     /*
372     * password: the password required to oper. By default this will
373 michael 1070 * need to be encrypted by using the provided mkpasswd tool.
374     * Several password hash algorithms are available depending
375     * on your system's crypt() implementation. For example, a modern
376     * glibc already has support for SHA-256/512, and MD5 encryption
377     * algorithms.
378 db 897 */
379 michael 1070 password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4";
380 db 897
381     /*
382     * encrypted: controls whether the oper password above has been
383 michael 1070 * encrypted.
384 db 897 */
385     encrypted = yes;
386    
387     /*
388     * rsa_public_key_file: the public key for this oper when using Challenge.
389     * A password should not be defined when this is used, see
390     * doc/challenge.txt for more information.
391     */
392     # rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
393    
394     /* class: the class the oper joins when they successfully /oper */
395     class = "opers";
396    
397     /*
398     * umodes: default usermodes opers get when they /oper. If defined,
399     * it will override oper_umodes settings in general {}.
400     * Available usermodes:
401     *
402     * +b - bots - See bot and drone flooding notices
403     * +c - cconn - Client connection/quit notices
404 michael 951 * +C - cconn_full - Client connection/quit notices full
405 db 897 * +D - deaf - Don't receive channel messages
406     * +d - debug - See debugging notices
407     * +f - full - See I: line full notices
408     * +G - softcallerid - Server Side Ignore for users not on your channels
409     * +g - callerid - Server Side Ignore (for privmsgs etc)
410 michael 1294 * +H - hidden - Hides operator status to other users
411 db 897 * +i - invisible - Not shown in NAMES or WHO unless you share a
412     * a channel
413 michael 1290 * +j - rej - See rejected client notices
414 db 897 * +k - skill - See server generated KILL messages
415     * +l - locops - See LOCOPS messages
416     * +n - nchange - See client nick changes
417     * +s - servnotice - See general server notices
418     * +u - unauth - See unauthorized client notices
419     * +w - wallop - See server generated WALLOPS
420     * +x - external - See remote server connection and split notices
421     * +y - spy - See LINKS, STATS, TRACE notices etc.
422     * +z - operwall - See oper generated WALLOPS
423     */
424     # umodes = locops, servnotice, operwall, wallop;
425    
426     /*
427     * privileges: controls the activities and commands an oper is
428 michael 1228 * allowed to do on the server. All options default to no.
429 db 897 * Available options:
430     *
431 michael 1229 * module - allows MODLIST, MODRESTART, MODLOAD, MODUNLOAD
432     * global_kill - allows remote users to be /KILL'd
433     * remote - allows remote SQUIT and CONNECT
434     * remoteban - allows remote KLINE/UNKLINE
435 michael 1301 * dline - allows DLINE
436     * undline - allows UNDLINE
437     * kline - allows KILL and KLINE
438     * unkline - allows UNKLINE
439 michael 1229 * gline - allows GLINE
440     * xline - allows XLINE
441     * globops - allows GLOBOPS
442     * operwall - allows OPERWALL
443     * nick_changes - allows oper to see nickchanges via usermode +n
444     * rehash - allows oper to REHASH config
445     * die - allows DIE
446     * restart - allows RESTART
447     * admin - gives admin privileges. admins for example,
448     * may see the real IP addresses of servers.
449 db 897 */
450 michael 1228 flags = global_kill, remote, kline, unkline, xline, globops, restart,
451     die, rehash, nick_changes, admin, operwall, module;
452 db 897 };
453    
454 michael 1157 service {
455     name = "service.someserver";
456 michael 1302 name = "stats.someserver";
457 michael 1157 };
458    
459 db 897 /*
460 michael 1229 * connect {}: controls servers we connect to
461 db 897 */
462     connect {
463     /* name: the name of the server */
464     name = "irc.uplink.com";
465    
466     /*
467     * host: the host or IP to connect to. If a hostname is used it
468     * must match the reverse dns of the server.
469     */
470     host = "192.168.0.1";
471    
472     /*
473     * vhost: the IP to bind to when we connect outward to servers.
474     * serverinfo::vhost and serverinfo::vhost6 will be overridden
475     * by this directive.
476     */
477     vhost = "192.168.0.2";
478    
479     /*
480     * passwords: the passwords we send (OLD C:) and accept (OLD N:).
481     * The remote server will have these passwords reversed.
482     */
483     send_password = "password";
484     accept_password = "anotherpassword";
485    
486     /*
487     * encrypted: controls whether the accept_password above has been
488 michael 1070 * encrypted.
489 db 897 */
490     encrypted = no;
491    
492     /* port: the port to connect to this server on */
493     port = 6666;
494    
495     /*
496     * hub_mask: the mask of servers that this server may hub. Multiple
497     * entries are permitted
498     */
499     hub_mask = "*";
500    
501     /*
502     * leaf_mask: the mask of servers this server may not hub. Multiple
503     * entries are permitted. Useful for forbidding EU -> US -> EU routes.
504     */
505     # leaf_mask = "*.uk";
506    
507     /* class: the class this server is in */
508     class = "server";
509    
510 michael 1306 #ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
511    
512 db 897 /*
513 michael 1229 * autoconn - controls whether we autoconnect to this server or not,
514     * dependent on class limits. By default, this is disabled.
515     * burst_away - This will send the /away string that users have set
516 db 897 * on the server burst. Note this can be a lot of data
517     * and slow down your server burst.
518 michael 1229 * topicburst - Send topics to this server during channel burst. Works
519 db 897 * only if the server we are connecting to is capable
520     * of TBURST/TB.
521 michael 1303 * ssl - Initiates a TLS/SSL connection.
522 db 897 */
523 michael 1302 # flags = autoconn, burst_away, topicburst;
524 db 897 };
525    
526     connect {
527 michael 1285 name = "ipv6.some.server";
528 db 897 host = "3ffd:dead:beef::1";
529     send_password = "password";
530     accept_password = "password";
531     port = 6666;
532    
533     /*
534     * aftype: controls whether the connection uses "ipv4" or "ipv6".
535     * Default is ipv4.
536     */
537     aftype = ipv6;
538     class = "server";
539     };
540    
541     /*
542     * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
543 michael 1229 * automatically
544 db 897 */
545     cluster {
546     /*
547     * name: the server to share with, this can take wildcards
548     *
549     * NOTE: only local actions will be clustered, meaning if
550     * the server receives a shared kline/unkline/etc, it
551     * will not be propagated to clustered servers.
552     *
553     * Remote servers are not necessarily required to accept
554     * clustered lines, they need a shared{} for *THIS* server
555     * in order to accept them.
556     */
557     name = "*.arpa";
558    
559     /*
560     * type: list of what to share, options are as follows:
561 michael 1301 * dline - share dlines
562     * undline - share undlines
563 db 897 * kline - share klines
564     * unkline - share unklines
565     * xline - share xlines
566     * unxline - share unxlines
567     * resv - share resvs
568     * unresv - share unresvs
569     * locops - share locops
570     * all - share all of the above (default)
571     */
572     type = kline, unkline, locops, xline, resv;
573     };
574    
575     /*
576 michael 1229 * shared {}: users that are allowed to remote kline
577 db 897 *
578     * NOTE: This can be effectively used for remote klines.
579     * Please note that there is no password authentication
580     * for users setting remote klines. You must also be
581     * /oper'd in order to issue a remote kline.
582     */
583     shared {
584     /*
585     * name: the server the user must be on to set klines. If this is not
586     * specified, the user will be allowed to kline from all servers.
587     */
588     name = "irc2.some.server";
589    
590     /*
591     * user: the user@host mask that is allowed to set klines. If this is
592     * not specified, all users on the server above will be allowed to set
593     * a remote kline.
594     */
595     user = "oper@my.host.is.spoofed";
596    
597     /*
598     * type: list of what to share, options are as follows:
599 michael 1301 * dline - allow oper/server to dline
600     * undline - allow oper/server to undline
601 db 897 * kline - allow oper/server to kline
602     * unkline - allow oper/server to unkline
603     * xline - allow oper/server to xline
604     * unxline - allow oper/server to unxline
605     * resv - allow oper/server to resv
606     * unresv - allow oper/server to unresv
607     * locops - allow oper/server to locops - only used for servers that cluster
608     * all - allow oper/server to do all of the above (default)
609     */
610     type = kline, unkline, resv;
611     };
612    
613     /*
614 michael 1229 * kill {}: users that are not allowed to connect
615 db 897 * Oper issued klines will be added to the specified kline config
616     */
617     kill {
618     user = "bad@*.hacked.edu";
619     reason = "Obviously hacked account";
620     };
621    
622     kill {
623 michael 951 user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.tld$";
624    
625     /*
626     * NOTE: You have to set type=regex; when using a regular expression
627     * based user entry
628     */
629 db 897 type = regex;
630     };
631    
632     /*
633     * deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
634     * Oper issued dlines will be added to the specified dline config
635     */
636     deny {
637     ip = "10.0.1.0/24";
638     reason = "Reconnecting vhosted bots";
639     };
640    
641     /*
642 michael 1229 * exempt {}: IPs that are exempt from deny {} and Dlines
643 db 897 */
644     exempt {
645     ip = "192.168.0.0/16";
646     };
647    
648     /*
649 michael 1229 * resv {}: nicks and channels users may not use/join
650 db 897 */
651     resv {
652     /* reason: the reason for the proceeding resv's */
653 michael 1157 reason = "Reserved for services";
654 db 897
655     /* resv: the nicks and channels users may not join/use */
656 michael 1217 nick = "Global";
657     nick = "DevNull";
658     nick = "Services";
659     nick = "StatServ";
660     nick = "HostServ";
661 michael 1157 nick = "NickServ";
662     nick = "ChanServ";
663     nick = "MemoServ";
664     nick = "OperServ";
665 db 897 channel = "#services";
666    
667     /* resv: wildcard masks are also supported in nicks only */
668     reason = "Clone bots";
669     nick = "clone*";
670     };
671    
672     /*
673     * gecos {}: The X: replacement, used for banning users based on
674     * their "realname".
675     */
676     gecos {
677     name = "*sex*";
678     reason = "Possible spambot";
679     };
680    
681     gecos {
682     name = "sub7server";
683     reason = "Trojan drone";
684     };
685    
686     gecos {
687     name = "*http*";
688     reason = "Spambot";
689     };
690    
691     gecos {
692     name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
693 michael 951
694     /*
695     * NOTE: You have to set type=regex; when using a regular expression
696     * based name entry
697     */
698 db 897 type = regex;
699     };
700    
701     /*
702     * channel {}: The channel block contains options pertaining to channels
703     */
704     channel {
705     /*
706     * disable_fake_channels: this option, if set to 'yes', will
707     * disallow clients to create or join channels that have one
708     * of the following ASCII characters in their name:
709     *
710     * 2 | bold
711     * 3 | mirc color
712 michael 951 * 15 | plain text
713 db 897 * 22 | reverse
714     * 31 | underline
715     * 160 | non-breaking space
716     */
717     disable_fake_channels = yes;
718    
719     /*
720     * restrict_channels: reverse channel RESVs logic, only reserved
721     * channels are allowed
722     */
723     restrict_channels = no;
724    
725     /*
726     * disable_local_channels: prevent users from joining &channels.
727     */
728     disable_local_channels = no;
729    
730     /*
731     * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
732     * that can join a +i channel without an invite.
733     */
734     use_invex = yes;
735    
736     /*
737     * use_except: Enable/disable channel mode +e, a n!u@h list of masks
738     * that can join a channel through a ban (+b).
739     */
740     use_except = yes;
741    
742     /*
743     * use_knock: Allows users to request an invite to a channel that
744     * is locked somehow (+ikl). If the channel is +p or you are banned
745     * the knock will not be sent.
746     */
747     use_knock = yes;
748    
749     /*
750     * knock_delay: The amount of time a user must wait between issuing
751     * the knock command.
752     */
753 michael 951 knock_delay = 5 minutes;
754 db 897
755     /*
756     * knock_delay_channel: How often a knock to any specific channel
757     * is permitted, regardless of the user sending the knock.
758     */
759     knock_delay_channel = 1 minute;
760    
761     /*
762     * burst_topicwho: enable sending of who set topic on topicburst
763     * default is yes
764     */
765     burst_topicwho = yes;
766    
767     /*
768     * max_chans_per_user: The maximum number of channels a user can
769     * join/be on.
770     */
771     max_chans_per_user = 25;
772    
773     /* quiet_on_ban: stop banned people talking in channels. */
774     quiet_on_ban = yes;
775    
776     /* max_bans: maximum number of +b/e/I modes in a channel */
777     max_bans = 25;
778    
779     /*
780     * how many joins in how many seconds constitute a flood, use 0 to
781     * disable. +b opers will be notified (changeable via /set)
782     */
783     join_flood_count = 16;
784     join_flood_time = 8 seconds;
785    
786     /*
787     * splitcode: The ircd will now check splitmode every few seconds.
788     *
789     * Either split users or split servers can activate splitmode, but
790     * both conditions must be met for the ircd to deactivate splitmode.
791     *
792     * You may force splitmode to be permanent by /quote set splitmode on
793     */
794    
795     /*
796     * default_split_user_count: when the usercount is lower than this level,
797     * consider ourselves split. This must be set for automatic splitmode.
798     */
799     default_split_user_count = 0;
800    
801     /*
802     * default_split_server_count: when the servercount is lower than this,
803     * consider ourselves split. This must be set for automatic splitmode.
804     */
805     default_split_server_count = 0;
806    
807 michael 959 /* no_create_on_split: disallow users creating channels on split. */
808 db 897 no_create_on_split = yes;
809    
810 michael 959 /* no_join_on_split: disallow users joining channels at all on a split. */
811 db 897 no_join_on_split = no;
812     };
813    
814     /*
815     * serverhide {}: The serverhide block contains the options regarding
816     * serverhiding
817     */
818     serverhide {
819     /*
820     * flatten_links: this option will show all servers in /links appear
821     * that they are linked to this current server
822     */
823     flatten_links = no;
824    
825     /*
826     * links_delay: how often to update the links file when it is
827     * flattened.
828     */
829     links_delay = 5 minutes;
830    
831     /*
832     * hidden: hide this server from a /links output on servers that
833     * support it. This allows hub servers to be hidden etc.
834     */
835     hidden = no;
836    
837     /*
838     * disable_hidden: prevent servers hiding themselves from a
839     * /links output.
840     */
841     disable_hidden = no;
842    
843     /*
844     * hide_servers: hide remote servernames everywhere and instead use
845     * hidden_name and network_desc.
846     */
847     hide_servers = no;
848    
849     /*
850     * Use this as the servername users see if hide_servers = yes.
851     */
852     hidden_name = "*.hidden.com";
853    
854     /*
855 michael 951 * hide_server_ips: If this is disabled, opers will be unable to see
856     * servers ips and will be shown a masked ip, admins will be shown the
857     * real ip.
858 db 897 *
859 michael 951 * If this is enabled, nobody can see a servers ip. *This is a kludge*,
860     * it has the side effect of hiding the ips everywhere, including
861     * logfiles.
862 db 897 *
863     * We recommend you leave this disabled, and just take care with who you
864     * give admin=yes; to.
865     */
866     hide_server_ips = no;
867     };
868    
869     /*
870     * general {}: The general block contains many of the options that were once
871     * compiled in options in config.h. The general block is read at start time.
872     */
873     general {
874 michael 1157 /* services_name: servername of nick/channel services */
875     services_name = "service.someserver";
876    
877 michael 951 /* max_watch: maximum WATCH entries a client can have. */
878 michael 1070 max_watch = 60;
879 db 897
880     /*
881     * gline_min_cidr: the minimum required length of a CIDR bitmask
882     * for IPv4 based glines
883     */
884     gline_min_cidr = 16;
885    
886     /*
887     * gline_min_cidr6: the minimum required length of a CIDR bitmask
888     * for IPv6 based glines
889     */
890     gline_min_cidr6 = 48;
891    
892     /*
893     * Whether to automatically set mode +i on connecting users.
894     */
895     invisible_on_connect = yes;
896    
897     /*
898     * Show "actually using host <ip>" on /whois when possible.
899     */
900     use_whois_actually = yes;
901    
902     /*
903     * Max time from the nickname change that still causes KILL
904 michael 1074 * automatically to switch for the current nick of that user.
905 db 897 */
906 michael 1074 kill_chase_time_limit = 90 seconds;
907 db 897
908     /*
909 michael 1228 * If hide_spoof_ips is disabled, opers will be allowed to see the real
910     * IP of spoofed users in /trace etc. If this is defined they will be
911     * shown a masked IP.
912 db 897 */
913     hide_spoof_ips = yes;
914    
915     /*
916     * Ignore bogus timestamps from other servers. Yes, this will desync
917     * the network, but it will allow chanops to resync with a valid non TS 0
918     *
919     * This should be enabled network wide, or not at all.
920     */
921     ignore_bogus_ts = no;
922    
923     /*
924     * disable_auth: completely disable ident lookups; if you enable this,
925     * be careful of what you set need_ident to in your auth {} blocks
926     */
927     disable_auth = no;
928    
929     /* disable_remote_commands: disable users doing commands on remote servers */
930     disable_remote_commands = no;
931    
932     /*
933     * tkline_expire_notices: enables or disables temporary kline/xline
934     * expire notices.
935     */
936     tkline_expire_notices = no;
937    
938     /*
939     * default_floodcount: the default value of floodcount that is configurable
940     * via /quote set floodcount. This is the amount of lines a user
941     * may send to any other user/channel in one second.
942     */
943     default_floodcount = 10;
944    
945     /*
946     * failed_oper_notice: send a notice to all opers on the server when
947     * someone tries to OPER and uses the wrong password, host or ident.
948     */
949     failed_oper_notice = yes;
950    
951     /*
952     * dots_in_ident: the amount of '.' characters permitted in an ident
953     * reply before the user is rejected.
954     */
955     dots_in_ident = 2;
956    
957     /*
958     * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
959     * placed via the server. klines hand placed are exempt from limits.
960     * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
961     */
962     min_nonwildcard = 4;
963    
964     /*
965     * min_nonwildcard_simple: the minimum non wildcard characters in
966     * gecos bans. wildcard chars: '*' '?' '#'
967     */
968     min_nonwildcard_simple = 3;
969    
970     /* max_accept: maximum allowed /accept's for +g usermode */
971     max_accept = 20;
972    
973     /* anti_nick_flood: enable the nickflood control code */
974     anti_nick_flood = yes;
975    
976     /* nick flood: the nick changes allowed in the specified period */
977     max_nick_time = 20 seconds;
978     max_nick_changes = 5;
979    
980     /*
981     * anti_spam_exit_message_time: the minimum time a user must be connected
982     * before custom quit messages are allowed.
983     */
984     anti_spam_exit_message_time = 5 minutes;
985    
986     /*
987     * ts delta: the time delta allowed between server clocks before
988     * a warning is given, or before the link is dropped. all servers
989     * should run ntpdate/rdate to keep clocks in sync
990     */
991     ts_warn_delta = 30 seconds;
992     ts_max_delta = 5 minutes;
993    
994     /*
995     * kline_with_reason: show the user the reason why they are k/d/glined
996     * on exit. May give away who set k/dline when set via tcm.
997     */
998     kline_with_reason = yes;
999    
1000     /*
1001     * kline_reason: show this message to users on channel
1002     * instead of the oper reason.
1003     */
1004     kline_reason = "Connection closed";
1005    
1006     /*
1007     * reject_hold_time: wait this amount of time before disconnecting
1008     * a rejected client. Use 0 to disable.
1009     */
1010     reject_hold_time = 0;
1011    
1012     /*
1013     * warn_no_nline: warn opers about servers that try to connect but
1014     * we don't have a connect {} block for. Twits with misconfigured
1015     * servers can get really annoying with this enabled.
1016     */
1017     warn_no_nline = yes;
1018    
1019     /*
1020     * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1021     * operators and administrators. Doing so is a good idea in case
1022     * there are any exempted (exempt{}) server IPs you don't want to
1023     * see leaked.
1024     */
1025     stats_e_disabled = no;
1026    
1027     /* stats_o_oper only: make stats o (opers) oper only */
1028     stats_o_oper_only = yes;
1029    
1030     /* stats_P_oper_only: make stats P (ports) oper only */
1031     stats_P_oper_only = yes;
1032    
1033     /*
1034     * stats i oper only: make stats i (auth {}) oper only. set to:
1035     * yes: show users no auth blocks, made oper only.
1036     * masked: show users first matching auth block
1037     * no: show users all auth blocks.
1038     */
1039     stats_i_oper_only = yes;
1040    
1041     /*
1042     * stats_k_oper_only: make stats k/K (klines) oper only. set to:
1043     * yes: show users no auth blocks, made oper only
1044     * masked: show users first matching auth block
1045     * no: show users all auth blocks.
1046     */
1047     stats_k_oper_only = yes;
1048    
1049     /*
1050     * caller_id_wait: time between notifying a +g user that somebody
1051     * is messaging them.
1052     */
1053     caller_id_wait = 1 minute;
1054    
1055     /*
1056     * opers_bypass_callerid: allows operators to bypass +g and message
1057     * anyone who has it set (useful if you use services).
1058     */
1059     opers_bypass_callerid = no;
1060    
1061     /*
1062     * pace_wait_simple: time between use of less intensive commands
1063     * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
1064     */
1065     pace_wait_simple = 1 second;
1066    
1067     /*
1068     * pace_wait: time between more intensive commands
1069     * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
1070     */
1071     pace_wait = 10 seconds;
1072    
1073     /*
1074     * short_motd: send clients a notice telling them to read the motd
1075     * instead of forcing a motd to clients who may simply ignore it.
1076     */
1077     short_motd = no;
1078    
1079     /*
1080     * ping_cookie: require clients to respond exactly to a ping command,
1081     * can help block certain types of drones and FTP PASV mode spoofing.
1082     */
1083     ping_cookie = no;
1084    
1085     /* no_oper_flood: increase flood limits for opers. */
1086     no_oper_flood = yes;
1087    
1088     /*
1089     * true_no_oper_flood: completely eliminate flood limits for opers
1090     * and for clients with can_flood = yes in their auth {} blocks
1091     */
1092     true_no_oper_flood = yes;
1093    
1094     /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
1095     oper_pass_resv = yes;
1096    
1097     /* REMOVE ME. The following line checks you've been reading. */
1098     havent_read_conf = 1;
1099    
1100     /*
1101     * max_targets: the maximum amount of targets in a single
1102     * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1103     */
1104     max_targets = 4;
1105    
1106     /*
1107     * client_flood: maximum amount of data in a clients queue before
1108     * they are dropped for flooding.
1109     */
1110     client_flood = 2560 bytes;
1111    
1112     /*
1113     * message_locale: the default message locale
1114     * Use "standard" for the compiled in defaults.
1115     * To install the translated messages, go into messages/ in the
1116     * source directory and run `make install'.
1117     */
1118     message_locale = "standard";
1119    
1120     /*
1121     * usermodes configurable: a list of usermodes for the options below
1122     *
1123     * +b - bots - See bot and drone flooding notices
1124     * +c - cconn - Client connection/quit notices
1125 michael 959 * +C - cconn_full - Client connection/quit notices full
1126 db 897 * +D - deaf - Don't receive channel messages
1127     * +d - debug - See debugging notices
1128     * +f - full - See I: line full notices
1129     * +G - softcallerid - Server Side Ignore for users not on your channels
1130     * +g - callerid - Server Side Ignore (for privmsgs etc)
1131 michael 1294 * +H - hidden - Hides operator status to other users
1132 db 897 * +i - invisible - Not shown in NAMES or WHO unless you share a
1133     * a channel
1134 michael 1290 * +j - rej - See rejected client notices
1135 db 897 * +k - skill - See server generated KILL messages
1136     * +l - locops - See LOCOPS messages
1137     * +n - nchange - See client nick changes
1138     * +s - servnotice - See general server notices
1139     * +u - unauth - See unauthorized client notices
1140     * +w - wallop - See server generated WALLOPS
1141     * +x - external - See remote server connection and split notices
1142     * +y - spy - See LINKS, STATS, TRACE notices etc.
1143     * +z - operwall - See oper generated WALLOPS
1144     */
1145    
1146     /* oper_only_umodes: usermodes only opers may set */
1147 michael 1294 oper_only_umodes = bots, cconn, cconn_full, debug, full, hidden, skill,
1148 db 897 nchange, rej, spy, external, operwall,
1149     locops, unauth;
1150    
1151     /* oper_umodes: default usermodes opers get when they /oper */
1152     oper_umodes = bots, locops, servnotice, operwall, wallop;
1153    
1154     /*
1155     * use_egd: if your system does not have *random devices yet you
1156     * want to use OpenSSL and encrypted links, enable this. Beware -
1157     * EGD is *very* CPU intensive when gathering data for its pool
1158     */
1159     # use_egd = yes;
1160    
1161     /*
1162     * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
1163     * which automatically finds the path.
1164     */
1165     # egdpool_path = "/var/run/egd-pool";
1166    
1167     /*
1168     * throttle_time: the minimum amount of time between connections from
1169     * the same ip. exempt {} blocks are excluded from this throttling.
1170     * Offers protection against flooders who reconnect quickly.
1171     * Set to 0 to disable.
1172     */
1173     throttle_time = 10;
1174     };
1175    
1176     glines {
1177     /* enable: enable glines, network wide temp klines */
1178     enable = yes;
1179    
1180     /*
1181     * duration: the amount of time a gline will remain on your
1182     * server before expiring
1183     */
1184     duration = 1 day;
1185    
1186     /*
1187 michael 1247 * log: which types of rules you want to log when triggered
1188 db 897 * (choose reject or block)
1189     */
1190 michael 1247 log = reject, block;
1191 db 897
1192     /*
1193     * NOTE: gline ACLs can cause a desync of glines throughout the
1194     * network, meaning some servers may have a gline triggered, and
1195     * others may not. Also, you only need insert rules for glines
1196     * that you want to block and/or reject. If you want to accept and
1197     * propagate the gline, do NOT put a rule for it.
1198     */
1199    
1200     /* user@host for rule to apply to */
1201     user = "god@I.still.hate.packets";
1202     /* server for rule to apply to */
1203     name = "hades.arpa";
1204    
1205     /*
1206     * action: action to take when a matching gline is found. options are:
1207     * reject - do not apply the gline locally
1208     * block - do not propagate the gline
1209     */
1210     action = reject, block;
1211    
1212     user = "god@*";
1213     name = "*";
1214     action = block;
1215     };
1216    
1217     modules {
1218     /*
1219 michael 951 * path: other paths to search for modules specified below
1220 db 897 * and in /modload.
1221     */
1222 michael 1070 path = "/usr/local/ircd/lib/ircd-hybrid/modules";
1223     path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload";
1224 db 897
1225     /* module: the name of a module to load on startup/rehash */
1226 michael 959 #module = "some_module.la";
1227 db 897 };
1228 michael 1247
1229     /*
1230     * log {}: contains information about logfiles.
1231     */
1232     log {
1233     /* Do you want to enable logging to ircd.log? */
1234     use_logging = yes;
1235     timestamp = yes;
1236    
1237     file {
1238     type = oper;
1239     name = "/home/ircd/var/log/oper.log";
1240 michael 1250 size = unlimited;
1241 michael 1247 };
1242    
1243     file {
1244     type = user;
1245 michael 1249 name = "/home/ircd/var/log/user.log";
1246 michael 1247 size = 50 megabytes;
1247     };
1248    
1249     file {
1250     type = kill;
1251     name = "/home/ircd/var/log/kill.log";
1252     size = 50 megabytes;
1253     };
1254    
1255     file {
1256     type = kline;
1257     name = "/home/ircd/var/log/kline.log";
1258     size = 50 megabytes;
1259     };
1260    
1261     file {
1262     type = dline;
1263     name = "/home/ircd/var/log/dline.log";
1264     size = 50 megabytes;
1265     };
1266    
1267     file {
1268     type = gline;
1269     name = "/home/ircd/var/log/gline.log";
1270     size = 50 megabytes;
1271     };
1272    
1273     file {
1274     type = debug;
1275     name = "/home/ircd/var/log/debug.log";
1276     size = 50 megabytes;
1277     };
1278     };

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision