[ViewVC] Diff of: svn/ircd-hybrid/branches/8.2.x/doc/reference.conf

Comparing:
ircd-hybrid-8/doc/example.conf (file contents), Revision 1412 by michael, Sat May 19 18:39:17 2012 UTC vs.
ircd-hybrid/trunk/doc/reference.conf (file contents), Revision 2196 by michael, Tue Jun 4 18:30:12 2013 UTC

-<
+/* doc/example.conf - ircd-hybrid-8 Example configuration file
-<
+ * Copyright (C) 2000-2012 Hybrid Development Team
->
+/* ircd-hybrid reference configuration file
->
+ * Copyright (C) 2000-2013 Hybrid Development Team
+ * Written by ejb, wcampbel, db, leeh and others
-–
+ * Other example configurations can be found in the source dir under
-–
+ * etc/.
+ * $Id$
+ */
-<
+/* IMPORTANT NOTES:
->
+/*
->
+ * ########################################################################
->
+ * IMPORTANT NOTES:
+ * auth {} blocks MUST be specified in order of precedence.  The first one
+ * that matches a user will be used.  So place spoofs first, then specials,
+ * then general access.
-+
+ * ########################################################################
+ * Shell style (#), C++ style (//) and C style comments are supported.
+ *        12 hours 30 minutes 1 second
+ * Valid units of time:
-<
+ *        month, week, day, hour, minute, second
->
+ *        year, month, week, day, hour, minute, second
+ * Valid units of size:
+ *        megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
+ * Sizes and times may be singular or plural.
+ */
-<
+/* EFNET NOTE:
-<
+ *
-<
+ * This config file is NOT suitable for EFNet.  EFNet admins should use
-<
+ * example.efnet.conf
-<
+ */
-<
->
+/*
+ * serverinfo {}:  contains information about the server
+ */
+         * sid: a server's unique ID.  This is three characters long and must
+         * be in the form [0-9][A-Z0-9][A-Z0-9].  The first character must be
+         * a digit, followed by 2 alpha-numerical letters.
-<
+         * NOTE: The letters must be capitalized.  This cannot be changed at runtime.
->
+         * NOTE: The letters must be capitalized. This cannot be changed at runtime.
+         */
-<
+        sid = "_CHANGE_ME_";
->
+        sid = "0HY";
+        /*
-<
+         * description: the description of the server.  '[' and ']' may not
-<
+         * be used here for compatibility with older servers.
->
+         * description: the description of the server.
+         */
-<
+        description = "hybrid-7 test server";
->
+        description = "ircd-hybrid test server";
+        /*
+         * network info: the name and description of the network this server
-<
+         * is on.  Shown in the 005 reply and used with serverhiding.
->
+         * is on. Shown in the 005 reply and used with serverhiding.
+         */
+        network_name = "MyNet";
+        network_desc = "This is My Network";
+         * vhost: the IP to bind to when we connect outward to ipv4 servers.
+         * This should be an ipv4 IP only, or "*" for INADDR_ANY.
+         */
-<
+        #vhost = "192.169.0.1";
->
+#       vhost = "192.169.0.1";
+        /*
+         * vhost6: the IP to bind to when we connect outward to ipv6 servers.
+         * This should be an ipv6 IP only, or "*" for INADDR_ANY.
+         */
-<
+        #vhost6 = "3ffe:80e8:546::2";
->
+#       vhost6 = "3ffe:80e8:546::2";
-<
+        /* max_clients: the maximum number of clients allowed to connect */
->
+        /* max_clients: the maximum number of clients allowed to connect. */
+        max_clients = 512;
+        /*
-+
+         * max_nick_length: only applies to local clients. Must be in the
-+
+         * range of 9 to 30. Default is 9 if nothing else is specified.
-+
+         */
-+
+        max_nick_length = 9;
-+
-+
+        /*
-+
+         * max_topic_length: only applies to topics set by local clients.
-+
+         * Must be in the range of 80 to 300. Default is 80 if nothing
-+
+         * else is specified.
-+
+         */
-+
+        max_topic_length = 160;
-+
-+
+        /*
+         * rsa_private_key_file: the path to the file containing our
+         * rsa key for cryptlink.
+         *      chmod 0600 rsa.key
+         *      chmod 0644 rsa.pub
+         */
-<
+        #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
->
+#       rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
+        /*
+         * ssl_certificate_file: the path to the file containing our
+         * ssl certificate for encrypted client connection.
+         * This assumes your private RSA key is stored in rsa.key. You
-<
+         * MUST have an RSA key in order to generate the certificate
->
+         * MUST have an RSA key in order to generate the certificate.
->
+         *
->
+         * Example command:
+         *      openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
+         *      Common Name: irc.someirc.net
+         *      E-mail: you@domain.com
+         */
-<
+        #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
-<
->
+#       ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
+        /*
+         * ssl_dh_param_file:
+         *      openssl dhparam -out dhparam.pem 1024
-<
+         * Further information regarding specific OpenSSL dhparam
-<
+         * command-line options can be found in the OpenSSL manual.
->
+         * Prime size must be at least 1024 bits. Further information
->
+         * regarding specific OpenSSL dhparam command-line options
->
+         * can be found in the OpenSSL manual.
+         */
-<
+        #ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
->
+#       ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
+        /*
+         * ssl_cipher_list:
-<
+         * List of ciphers that are supported by _this_ server. Can be used to enforce
-<
+         * specific ciphers for incoming SSL/TLS connections.
-<
+         * If a client (which also includes incoming server connections) isn't capable
-<
+         * of any cipher listed below, the connection will simply be rejected.
->
+         * List of ciphers that are supported by _this_ server. Can be used to
->
+         * enforce specific ciphers for incoming SSL/TLS connections.
->
+         * If a client (which also includes incoming server connections) isn't
->
+         * capable of any cipher listed below, the connection will simply be
->
+         * rejected.
+         * A list of supported ciphers can be obtained by running:
+         *      openssl ciphers -ssl3 -tls1 -v
-<
+         * Multiple ciphers are separated by colons. The order of preference is from
-<
+         * left to right.
->
+         * Multiple ciphers are separated by colons. The order of preference is
->
+         * from left to right.
+         */
-<
+        #ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
->
+#       ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
+        /*
+         * ssl_server_method:
+         * SSL/TLS methods we provide for incoming (server method) and
+         * outgoing (client method) SSL/TLS connections.
+         * This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1.
-–
+         * SSLv2 is not suppported.
+         */
-<
+        #ssl_server_method = tlsv1, sslv3;
-<
+        #ssl_client_method = tlsv1;
->
+#       ssl_server_method = tlsv1, sslv3;
->
+#       ssl_client_method = tlsv1;
+};
+/*
+ * class {}:  contains information about classes for users
+ */
+class {
-<
+        /* name: the name of the class.  classes are text now */
->
+        /* name: the name of the class. */
+        name = "users";
+        /*
+        /*
+         * the following lines are optional and allow you to define
-<
+         * how many users can connect from one /NN subnet
->
+         * how many users can connect from one /NN subnet.
+         */
+        cidr_bitlen_ipv4 = 24;
+        cidr_bitlen_ipv6 = 120;
+        number_per_cidr = 16;
+        /*
-<
+         * sendq: the amount of data allowed in a clients queue before
->
+         * sendq: the amount of data allowed in a clients send queue before
+         * they are dropped.
+         */
+        sendq = 100 kbytes;
-+
-+
+        /*
-+
+         * recvq: maximum amount of data in a clients receive queue before
-+
+         * they are dropped for flooding. Defaults to 2560 if the chosen
-+
+         * value isn't within the range of 512 to 8000.
-+
+         */
-+
+        recvq = 2560 bytes;
+};
+class {
+        ping_time = 90 seconds;
+        number_per_ip = 10;
+        max_number = 100;
-<
+        sendq = 100kbytes;
->
+        sendq = 100 kbytes;
->
->
+        /*
->
+         * min_idle: minimum idle time that is shown in /whois.
->
+         */
->
+        min_idle = 3 hours;
->
->
+        /*
->
+         * max_idle: maximum idle time that is shown in /whois.
->
+         */
->
+        max_idle = 8 hours;
->
->
+        /*
->
+         * flags:
->
+         *
->
+         * random_idle          - idle time is randomly selected within the
->
+         *                        range of min_idle to max_idle
->
+         * hide_idle_from_opers - fake idle time will be shown to operators, too
->
+         */
->
+        flags = random_idle, hide_idle_from_opers;
+};
+class {
+        ping_time = 90 seconds;
+        /*
-<
+         * ping_warning: how fast a server must reply to a PING before
-<
+         * a warning to opers is generated.
-<
+         */
-<
+        ping_warning = 15 seconds;
-<
-<
+        /*
-<
+         * connectfreq: only used in server classes.  Specifies the delay
->
+         * connectfreq: only used in server classes. Specifies the delay
+         * between autoconnecting to servers.
+         */
+        connectfreq = 5 minutes;
-<
+        /* max number: the amount of servers to autoconnect to */
->
+        /* max number: the amount of servers to autoconnect to. */
+        max_number = 1;
-<
+        /* sendq: servers need a higher sendq as they send more data */
->
+        /* sendq: servers need a higher sendq as they send more data. */
+        sendq = 2 megabytes;
+};
+/*
-+
+ * motd {}: specifies various MOTD files. Applies to local users only.
-+
+ */
-+
+motd {
-+
+        /*
-+
+         * mask: multiple mask entries are permitted. Mask can either be
-+
+         * a class name or a hostname.
-+
+         */
-+
+        mask = "*.at";
-+
+        mask = "*.de";
-+
+        mask = "*.ch";
-+
-+
+        /*
-+
+         * file: path to the actual motd file.
-+
+         */
-+
+        file = "/usr/local/ircd/etc/german.motd";
-+
+};
-+
-+
+/*
+ * listen {}:  contains information about the ports ircd listens on
+ */
+listen {
+        /*
-<
+         * port: the specific port to listen on.  If no host is specified
->
+         * port: the specific port to listen on. If no host is specified
+         * before, it will listen on all available IPs.
+         * Ports are separated via a comma, a range may be specified using ".."
+         * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
+         * unless you are an administrator.
-<
+         * NOTE: The "flags" directive has to come before "port".  Always!
->
+         * NOTE: The "flags" directive has to come before "port". Always!
+         * Currently available flags are:
-<
+         *  ssl    - Port is for SSL client connections only
->
+         *  ssl    - Port may only accept TLS/SSL connections
+         *  server - Only server connections are permitted
+         *  hidden - Port is hidden from /stats P, unless you're an admin
+         */
+        /*
+         * host: set a specific IP/host the ports after the line will listen
-<
+         * on.  This may be ipv4 or ipv6.
->
+         * on. This may be ipv4 or ipv6.
+         */
+        host = "1.2.3.4";
+        port = 7000, 7001;
+ */
+auth {
+        /*
-<
+         * user: the user@host allowed to connect.  Multiple IPv4/IPv6 user
->
+         * user: the user@host allowed to connect. Multiple user
+         * lines are permitted per auth block.
+         */
+        user = "*@172.16.0.0/12";
+        encrypted = yes;
+        /*
-<
+         * spoof: fake the users host to this.  This is free-form,
-<
+         * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
->
+         * spoof: fake the users host to this. This is free-form, just do
->
+         * everyone a favor and don't abuse it. ('=' prefix on /stats I)
+         */
+        spoof = "I.still.hate.packets";
+         * resv_exempt   - exempt this user from resvs ('$' prefix on /stats I)
+         * no_tilde      - remove ~ from a user with no ident ('-' prefix on /stats I)
+         * can_flood     - allow this user to exceed flood limits ('|' prefix on /stats I)
-+
+         * webirc        - enables WEBIRC authentication for web-based clients such as Mibbit
-+
+         *                 ('<' prefix on /stats I)
+         */
+        flags = need_password, spoof_notice, exceed_limit, kline_exempt,
+                gline_exempt, resv_exempt, no_tilde, can_flood;
+auth {
+        /*
-<
+         * redirect: the server and port to redirect a user to.  A user does
-<
+         * not have to obey the redirection, the ircd just suggests an alternative
->
+         * redirect: the server and port to redirect a user to. A user does not
->
+         * have to obey the redirection, the ircd just suggests an alternative
+         * server for them.
+         */
+        redirserv = "this.is.not.a.real.server";
+/*
+ * operator {}:  defines ircd operators
-–
+ *
-–
+ * ircd-hybrid no longer supports local operators, privileges are
-–
+ * controlled via flags.
+ */
+operator {
+        /* name: the name of the oper */
-<
+        name = "god";
->
+        name = "sheep";
+        /*
+         * user: the user@host required for this operator. Multiple
+         * user="" lines are supported.
+         */
-<
+        user = "*god@192.168.0.0/16";
->
+        user = "*sheep@192.168.0.0/16";
+        user = "*@127.0.0.0/8";
+        /*
-<
+         * password: the password required to oper.  By default this will
->
+         * password: the password required to oper. By default this will
+         * need to be encrypted by using the provided mkpasswd tool.
+         * Several password hash algorithms are available depending
+         * on your system's crypt() implementation. For example, a modern
+        class = "opers";
+        /*
-<
+         * umodes: default usermodes opers get when they /oper.  If defined,
->
+         * umodes: default usermodes opers get when they /oper. If defined,
+         * it will override oper_umodes settings in general {}.
+         * Available usermodes:
+         * +b - bots         - See bot and drone flooding notices
+         * +c - cconn        - Client connection/quit notices
-–
+         * +C - cconn_full   - Client connection/quit notices full
+         * +D - deaf         - Don't receive channel messages
+         * +d - debug        - See debugging notices
-<
+         * +f - full         - See I: line full notices
->
+         * +e - external     - See remote server connection and split notices
->
+         * +F - farconnect   - Remote client connection/quit notices
->
+         * +f - full         - See auth{} block full notices
+         * +G - softcallerid - Server Side Ignore for users not on your channels
+         * +g - callerid     - Server Side Ignore (for privmsgs etc)
+         * +H - hidden       - Hides operator status to other users
+         * +k - skill        - See server generated KILL messages
+         * +l - locops       - See LOCOPS messages
+         * +n - nchange      - See client nick changes
-+
+         * +R - nononreg     - Only receive private messages from registered clients
+         * +s - servnotice   - See general server notices
+         * +u - unauth       - See unauthorized client notices
+         * +w - wallop       - See server generated WALLOPS
-–
+         * +x - external     - See remote server connection and split notices
+         * +y - spy          - See LINKS, STATS, TRACE notices etc.
+         * +z - operwall     - See oper generated WALLOPS
+         */
-<
+#       umodes = locops, servnotice, operwall, wallop;
->
+        umodes = locops, servnotice, operwall, wallop;
+        /*
+         * privileges: controls the activities and commands an oper is
+         * allowed to do on the server. All options default to no.
+         * Available options:
-<
+         * module       - allows MODLIST, MODRESTART, MODLOAD, MODUNLOAD
-<
+         * global_kill  - allows remote users to be /KILL'd
-<
+         * remote       - allows remote SQUIT and CONNECT
-<
+         * remoteban    - allows remote KLINE/UNKLINE
-<
+         * dline        - allows DLINE
-<
+         * undline      - allows UNDLINE
-<
+         * kline        - allows KILL and KLINE
-<
+         * unkline      - allows UNKLINE
-<
+         * gline        - allows GLINE
-<
+         * xline        - allows XLINE
-<
+         * globops      - allows GLOBOPS
-<
+         * operwall     - allows OPERWALL
-<
+         * nick_changes - allows oper to see nickchanges via usermode +n
-<
+         * rehash       - allows oper to REHASH config
-<
+         * die          - allows DIE
-<
+         * restart      - allows RESTART
-<
+         * admin        - gives admin privileges. admins for example,
-<
+         *                may see the real IP addresses of servers.
->
+         * module         - allows MODULE
->
+         * connect        - allows local CONNECT              | ('P' flag)
->
+         * connect:remote - allows remote CONNECT             | ('Q' flag)
->
+         * squit          - allows local SQUIT                | ('R' flag)
->
+         * squit:remote   - allows remote SQUIT               | ('S' flag)
->
+         * kill           - allows to KILL local clients      | ('N' flag)
->
+         * kill:remote    - allows remote users to be /KILL'd | ('O' flag)
->
+         * remoteban      - allows remote KLINE/UNKLINE       | ('B' flag)
->
+         * dline          - allows DLINE                      |
->
+         * undline        - allows UNDLINE                    |
->
+         * kline          - allows KLINE                      | ('K' flag)
->
+         * unkline        - allows UNKLINE                    | ('U' flag)
->
+         * gline          - allows GLINE                      | ('G' flag)
->
+         * xline          - allows XLINE                      | ('X' flag)
->
+         * locops         - allows LOCOPS                     |
->
+         * globops        - allows GLOBOPS                    |
->
+         * wallops        - allows WALLOPS                    |
->
+         * operwall       - allows OPERWALL                   | ('L' flag)
->
+         * rehash         - allows oper to REHASH config      | ('H' flag)
->
+         * die            - allows DIE                        | ('D' flag)
->
+         * restart        - allows RESTART                    |
->
+         * set            - allows SET                        |
->
+         * admin          - gives administrator privileges    | ('A' flag)
+         */
-<
+        flags = global_kill, remote, kline, unkline, xline, globops, restart,
-<
+                die, rehash, nick_changes, admin, operwall, module;
->
+        flags = kill, kill:remote, connect, connect:remote, kline, unkline,
->
+                xline, globops, restart, die, rehash, admin, operwall, module;
+};
-+
+/*
-+
+ * service {}: specifies what server may act as a network service
-+
+ *
-+
+ * NOTE: it is absolutely important that every single server on the network
-+
+ *       has the same service{} block.
-+
+ */
+service {
+        name = "service.someserver";
+        name = "stats.someserver";
+        name = "irc.uplink.com";
+        /*
-<
+         * host: the host or IP to connect to.  If a hostname is used it
->
+         * host: the host or IP to connect to. If a hostname is used it
+         * must match the reverse dns of the server.
+         */
+        host = "192.168.0.1";
+        port = 6666;
+        /*
-<
+         * hub_mask: the mask of servers that this server may hub.  Multiple
-<
+         * entries are permitted
->
+         * hub_mask: the mask of servers that this server may hub. Multiple
->
+         * entries are permitted.
+         */
+        hub_mask = "*";
+        /*
-<
+         * leaf_mask: the mask of servers this server may not hub.  Multiple
-<
+         * entries are permitted.  Useful for forbidding EU -> US -> EU routes.
->
+         * leaf_mask: the mask of servers this server may not hub. Multiple
->
+         * entries are permitted. Useful for forbidding EU -> US -> EU routes.
+         */
+#       leaf_mask = "*.uk";
+        /* class: the class this server is in */
+        class = "server";
-<
+        #ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
->
+        /*
->
+         * ssl_cipher_list:
->
+         *
->
+         * List of ciphers that the server we are connecting to must support.
->
+         * If the server isn't capable of any cipher listed below, the
->
+         * connection will simply be rejected.
->
+         * Can be used to enforce stronger ciphers, even though this option
->
+         * is not necessarily required to establish a SSL/TLS connection.
->
+         *
->
+         * Multiple ciphers are separated by colons. The order of preference
->
+         * is from left to right.
->
+         */
->
+#       ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
+        /*
+         * autoconn   - controls whether we autoconnect to this server or not,
+         *              dependent on class limits. By default, this is disabled.
-–
+         * burst_away - This will send the /away string that users have set
-–
+         *              on the server burst. Note this can be a lot of data
-–
+         *              and slow down your server burst.
-–
+         * topicburst - Send topics to this server during channel burst. Works
-–
+         *              only if the server we are connecting to is capable
-–
+         *              of TBURST/TB.
+         * ssl        - Initiates a TLS/SSL connection.
+         */
-<
+#       flags = autoconn, burst_away, topicburst;
->
+#       flags = autoconn, ssl;
+};
+connect {
+ * NOTE: This can be effectively used for remote klines.
+ *       Please note that there is no password authentication
-<
+ *       for users setting remote klines.  You must also be
->
+ *       for users setting remote klines. You must also be
+ *       /oper'd in order to issue a remote kline.
+ */
+shared {
+        /*
-<
+         * name: the server the user must be on to set klines.  If this is not
->
+         * name: the server the user must be on to set klines. If this is not
+         * specified, the user will be allowed to kline from all servers.
+         */
+        name = "irc2.some.server";
+        /*
-<
+         * user: the user@host mask that is allowed to set klines.  If this is
->
+         * user: the user@host mask that is allowed to set klines. If this is
+         * not specified, all users on the server above will be allowed to set
+         * a remote kline.
+         */
+        reason = "Obviously hacked account";
+};
-–
+kill {
-–
+        user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.tld$";
-–
-–
+        /*
-–
+         * NOTE: You have to set type=regex; when using a regular expression
-–
+         * based user entry
-–
+         */
-–
+        type = regex;
-–
+};
-–
+/*
+ * deny {}:  IPs that are not allowed to connect (before DNS/ident lookup)
+ * Oper issued dlines will be added to the specified dline config
+};
+/*
-<
+ * exempt {}: IPs that are exempt from deny {} and Dlines
->
+ * exempt {}:  IPs that are exempt from deny {} and Dlines
+ */
+exempt {
+        ip = "192.168.0.0/16";
+/*
+ * resv {}:  nicks and channels users may not use/join
+ */
-+
+resv { mask = "clone*"; reason = "Clone bots"; };
-+
+resv { mask = "ChanServ"; reason = "Reserved for services"; };
-+
+resv { mask = "NickServ"; reason = "Reserved for services"; };
-+
+resv { mask = "OperServ"; reason = "Reserved for services"; };
-+
+resv { mask = "MemoServ"; reason = "Reserved for services"; };
-+
+resv { mask = "BotServ"; reason = "Reserved for services"; };
-+
+resv { mask = "HelpServ"; reason = "Reserved for services"; };
-+
+resv { mask = "HostServ"; reason = "Reserved for services"; };
-+
+resv { mask = "StatServ"; reason = "Reserved for services"; };
-+
+resv { mask = "#*services*"; reason = "Reserved for services"; };
-+
+resv {
-<
+        /* reason: the reason for the proceeding resv's */
-<
+        reason = "Reserved for services";
->
+        /*
->
+         * mask: masks starting with a '#' are automatically considered
->
+         * as channel name mask.
->
+         */
->
+        mask = "#helsinki";
->
+        reason = "Channel is reserved for finnish inhabitants";
-<
+        /* resv: the nicks and channels users may not join/use */
-<
+        nick = "Global";
-<
+        nick = "DevNull";
-<
+        nick = "Services";
-<
+        nick = "StatServ";
-<
+        nick = "HostServ";
-<
+        nick = "NickServ";
-<
+        nick = "ChanServ";
-<
+        nick = "MemoServ";
-<
+        nick = "OperServ";
-<
+        channel = "#services";
-<
-<
+        /* resv: wildcard masks are also supported in nicks only */
-<
+        reason = "Clone bots";
-<
+        nick = "clone*";
->
+        /*
->
+         * exempt: can be either a ISO 3166 alpha-2 two letter country
->
+         * code, or a nick!user@host mask. CIDR is supported. Exempt
->
+         * entries can be stacked.
->
+         */
->
+        exempt = "FI";
+};
+/*
-<
+ * gecos {}:  The X: replacement, used for banning users based on
-<
+ * their "realname".
->
+ * gecos {}:  Used for banning users based on their "realname".
+ */
+gecos {
+        name = "*sex*";
+        reason = "Trojan drone";
+};
-–
+gecos {
-–
+        name = "*http*";
-–
+        reason = "Spambot";
-–
+};
-–
-–
+gecos {
-–
+        name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
-–
-–
+        /*
-–
+         * NOTE: You have to set type=regex; when using a regular expression
-–
+         * based name entry
-–
+         */
-–
+        type = regex;
-–
+};
-–
+/*
+ * channel {}:  The channel block contains options pertaining to channels
+ */
+         *   3 | mirc color
+         *  15 | plain text
+         *  22 | reverse
-+
+         *  29 | italic
+         *  31 | underline
+         * 160 | non-breaking space
+         */
+        disable_fake_channels = yes;
+        /*
-–
+         * restrict_channels: reverse channel RESVs logic, only reserved
-–
+         * channels are allowed
-–
+         */
-–
+        restrict_channels = no;
-–
-–
+        /*
-–
+         * disable_local_channels: prevent users from joining &channels.
-–
+         */
-–
+        disable_local_channels = no;
-–
-–
+        /*
-–
+         * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
-–
+         * that can join a +i channel without an invite.
-–
+         */
-–
+        use_invex = yes;
-–
-–
+        /*
-–
+         * use_except: Enable/disable channel mode +e, a n!u@h list of masks
-–
+         * that can join a channel through a ban (+b).
-–
+         */
-–
+        use_except = yes;
-–
-–
+        /*
-–
+         * use_knock: Allows users to request an invite to a channel that
-–
+         * is locked somehow (+ikl).  If the channel is +p or you are banned
-–
+         * the knock will not be sent.
-–
+         */
-–
+        use_knock = yes;
-–
-–
+        /*
+         * knock_delay: The amount of time a user must wait between issuing
+         * the knock command.
+         */
+         */
+        max_chans_per_user = 25;
-<
+        /* quiet_on_ban: stop banned people talking in channels. */
-<
+        quiet_on_ban = yes;
->
+        /*
->
+         * max_chans_per_oper: The maximum number of channels an oper can
->
+         * join/be on.
->
+         */
->
+        max_chans_per_oper = 50;
+        /* max_bans: maximum number of +b/e/I modes in a channel */
-<
+        max_bans = 25;
->
+        max_bans = 100;
+        /*
+         * how many joins in how many seconds constitute a flood, use 0 to
+        /*
+         * default_split_user_count: when the usercount is lower than this level,
-<
+         * consider ourselves split.  This must be set for automatic splitmode.
->
+         * consider ourselves split. This must be set for automatic splitmode.
+         */
+        default_split_user_count = 0;
+        /*
+         * default_split_server_count: when the servercount is lower than this,
-<
+         * consider ourselves split.  This must be set for automatic splitmode.
->
+         * consider ourselves split. This must be set for automatic splitmode.
+         */
+        default_split_server_count = 0;
+ */
+serverhide {
+        /*
-+
+         * disable_remote_commands: disable users doing commands
-+
+         * on remote servers.
-+
+         */
-+
+        disable_remote_commands = no;
-+
-+
+        /*
+         * flatten_links: this option will show all servers in /links appear
-<
+         * that they are linked to this current server
->
+         * that they are linked to this current server.
+         */
+        flatten_links = no;
+        /*
+         * hidden: hide this server from a /links output on servers that
-<
+         * support it.  This allows hub servers to be hidden etc.
->
+         * support it. This allows hub servers to be hidden etc.
+         */
+        hidden = no;
+        /*
-–
+         * disable_hidden: prevent servers hiding themselves from a
-–
+         * /links output.
-–
+         */
-–
+        disable_hidden = no;
-–
-–
+        /*
+         * hide_servers: hide remote servernames everywhere and instead use
+         * hidden_name and network_desc.
+         */
+        hide_servers = no;
+        /*
-+
+         * hide_services: define this if you want to hide the location of
-+
+         * services servers that are specified in the service{} block.
-+
+         */
-+
+        hide_services = no;
-+
-+
+        /*
+         * Use this as the servername users see if hide_servers = yes.
+         */
+        hidden_name = "*.hidden.com";
+         * logfiles.
+         * We recommend you leave this disabled, and just take care with who you
-<
+         * give admin=yes; to.
->
+         * give administrator privileges to.
+         */
+        hide_server_ips = no;
+};
+/*
+ * general {}:  The general block contains many of the options that were once
-<
+ * compiled in options in config.h.  The general block is read at start time.
->
+ * compiled in options in config.h
+ */
+general {
+        /* services_name: servername of nick/channel services */
+        /* max_watch: maximum WATCH entries a client can have. */
+        max_watch = 60;
-+
+        /* gline_enable: enable glines, network wide temp klines. */
-+
+        gline_enable = yes;
-+
-+
+        /*
-+
+         * gline_duration: the amount of time a gline will remain on your
-+
+         * server before expiring.
-+
+         */
-+
+        gline_duration = 1 day;
-+
-+
+        /*
-+
+         * gline_request_duration: how long a pending G-line can be around.
-+
+         * 10 minutes should be plenty.
-+
+         */
-+
+        gline_request_duration = 10 minutes;
-+
+        /*
+         * gline_min_cidr: the minimum required length of a CIDR bitmask
-<
+         * for IPv4 based glines
->
+         * for IPv4 based glines.
+         */
+        gline_min_cidr = 16;
+        /*
+         * gline_min_cidr6: the minimum required length of a CIDR bitmask
-<
+         * for IPv6 based glines
->
+         * for IPv6 based glines.
+         */
+        gline_min_cidr6 = 48;
+        invisible_on_connect = yes;
+        /*
-<
+         * Show "actually using host <ip>" on /whois when possible.
-<
+         */
-<
+        use_whois_actually = yes;
-<
-<
+        /*
-<
+         * Max time from the nickname change that still causes KILL
-<
+         * automatically to switch for the current nick of that user.
->
+         * kill_chase_time_limit: maximum time from the nickname change that
->
+         * still causes KILL automatically to switch for the current nick of
->
+         * that user.
+         */
+        kill_chase_time_limit = 90 seconds;
+        /*
-<
+         * If hide_spoof_ips is disabled, opers will be allowed to see the real
->
+         * hide_spoof_ips: if disabled, opers will be allowed to see the real
+         * IP of spoofed users in /trace etc. If this is defined they will be
+         * shown a masked IP.
+         */
+        hide_spoof_ips = yes;
+        /*
-<
+         * Ignore bogus timestamps from other servers.  Yes, this will desync
-<
+         * the network, but it will allow chanops to resync with a valid non TS 0
->
+         * Ignore bogus timestamps from other servers. Yes, this will desync the
->
+         * network, but it will allow chanops to resync with a valid non TS 0
+         * This should be enabled network wide, or not at all.
+         */
+         */
+        disable_auth = no;
-–
+        /* disable_remote_commands: disable users doing commands on remote servers */
-–
+        disable_remote_commands = no;
-–
+        /*
+         * tkline_expire_notices: enables or disables temporary kline/xline
+         * expire notices.
+        /*
+         * default_floodcount: the default value of floodcount that is configurable
-<
+         * via /quote set floodcount.  This is the amount of lines a user
->
+         * via /quote set floodcount. This is the amount of lines a user
+         * may send to any other user/channel in one second.
+         */
+        default_floodcount = 10;
+        /*
+         * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
-<
+         * placed via the server.  klines hand placed are exempt from limits.
-<
+         * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
->
+         * placed via the server. K-lines hand placed are exempt from limits.
->
+         * Wildcard chars: '.', ':', '*', '?', '@', '!'
+         */
+        min_nonwildcard = 4;
+        /*
+         * min_nonwildcard_simple: the minimum non wildcard characters in
-<
+         * gecos bans.  wildcard chars: '*' '?' '#'
->
+         * gecos bans. Wildcard chars: '*', '?'
+         */
+        min_nonwildcard_simple = 3;
-<
+        /* max_accept: maximum allowed /accept's for +g usermode */
->
+        /* max_accept: maximum allowed /accept's for +g usermode. */
+        max_accept = 20;
-<
+        /* anti_nick_flood: enable the nickflood control code */
->
+        /* anti_nick_flood: enable the nickflood control code. */
+        anti_nick_flood = yes;
+        /* nick flood: the nick changes allowed in the specified period */
+        /*
+         * ts delta: the time delta allowed between server clocks before
-<
+         * a warning is given, or before the link is dropped.  all servers
->
+         * a warning is given, or before the link is dropped. All servers
+         * should run ntpdate/rdate to keep clocks in sync
+         */
+        ts_warn_delta = 30 seconds;
+        ts_max_delta = 5 minutes;
+        /*
-–
+         * kline_with_reason: show the user the reason why they are k/d/glined
-–
+         * on exit.  May give away who set k/dline when set via tcm.
-–
+         */
-–
+        kline_with_reason = yes;
-–
-–
+        /*
-–
+         * kline_reason: show this message to users on channel
-–
+         * instead of the oper reason.
-–
+         */
-–
+        kline_reason = "Connection closed";
-–
-–
+        /*
-–
+         * reject_hold_time: wait this amount of time before disconnecting
-–
+         * a rejected client. Use 0 to disable.
-–
+         */
-–
+        reject_hold_time = 0;
-–
-–
+        /*
+         * warn_no_nline: warn opers about servers that try to connect but
-<
+         * we don't have a connect {} block for.  Twits with misconfigured
->
+         * we don't have a connect {} block for. Twits with misconfigured
+         * servers can get really annoying with this enabled.
+         */
+        warn_no_nline = yes;
+        /*
+         * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
-<
+         * operators and administrators.  Doing so is a good idea in case
->
+         * operators and administrators. Doing so is a good idea in case
+         * there are any exempted (exempt{}) server IPs you don't want to
+         * see leaked.
+         */
+        stats_P_oper_only = yes;
+        /*
-<
+         * stats i oper only: make stats i (auth {}) oper only. set to:
-<
+         *     yes:    show users no auth blocks, made oper only.
-<
+         *     masked: show users first matching auth block
-<
+         *     no:     show users all auth blocks.
->
+         * stats i oper only: make stats i (auth {}) oper only. Set to:
->
+         *     yes    - show users no auth blocks, made oper only.
->
+         *     masked - show users first matching auth block
->
+         *     no     - show users all auth blocks.
+         */
+        stats_i_oper_only = yes;
+        /*
-<
+         * stats_k_oper_only: make stats k/K (klines) oper only.  set to:
-<
+         *     yes:    show users no auth blocks, made oper only
-<
+         *     masked: show users first matching auth block
-<
+         *     no:     show users all auth blocks.
->
+         * stats_k_oper_only: make stats k/K (klines) oper only. Set to:
->
+         *     yes    - show users no auth blocks, made oper only
->
+         *     masked - show users first matching auth block
->
+         *     no     - show users all auth blocks.
+         */
+        stats_k_oper_only = yes;
+        /*
+         * pace_wait: time between more intensive commands
-<
+         * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
->
+         * (AWAY, INFO, LINKS, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
+         */
+        pace_wait = 10 seconds;
+        /*
+         * true_no_oper_flood: completely eliminate flood limits for opers
-<
+         * and for clients with can_flood = yes in their auth {} blocks
->
+         * and for clients with can_flood = yes in their auth {} blocks.
+         */
+        true_no_oper_flood = yes;
-<
+        /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
->
+        /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels. */
+        oper_pass_resv = yes;
+        /* REMOVE ME.  The following line checks you've been reading. */
+        /*
+         * max_targets: the maximum amount of targets in a single
-<
+         * PRIVMSG/NOTICE.  Set to 999 NOT 0 for unlimited.
->
+         * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
+         */
+        max_targets = 4;
+        /*
-–
+         * client_flood: maximum amount of data in a clients queue before
-–
+         * they are dropped for flooding.
-–
+         */
-–
+        client_flood = 2560 bytes;
-–
-–
+        /*
-–
+         * message_locale: the default message locale
-–
+         * Use "standard" for the compiled in defaults.
-–
+         * To install the translated messages, go into messages/ in the
-–
+         * source directory and run `make install'.
-–
+         */
-–
+        message_locale = "standard";
-–
-–
+        /*
+         * usermodes configurable: a list of usermodes for the options below
+         * +b - bots         - See bot and drone flooding notices
+         * +c - cconn        - Client connection/quit notices
-–
+         * +C - cconn_full   - Client connection/quit notices full
+         * +D - deaf         - Don't receive channel messages
+         * +d - debug        - See debugging notices
-<
+         * +f - full         - See I: line full notices
->
+         * +e - external     - See remote server connection and split notices
->
+         * +F - farconnect   - Remote client connection/quit notices
->
+         * +f - full         - See auth{} block full notices
+         * +G - softcallerid - Server Side Ignore for users not on your channels
+         * +g - callerid     - Server Side Ignore (for privmsgs etc)
+         * +H - hidden       - Hides operator status to other users
+         * +k - skill        - See server generated KILL messages
+         * +l - locops       - See LOCOPS messages
+         * +n - nchange      - See client nick changes
-+
+         * +R - nononreg     - Only receive private messages from registered clients
+         * +s - servnotice   - See general server notices
+         * +u - unauth       - See unauthorized client notices
+         * +w - wallop       - See server generated WALLOPS
-–
+         * +x - external     - See remote server connection and split notices
+         * +y - spy          - See LINKS, STATS, TRACE notices etc.
+         * +z - operwall     - See oper generated WALLOPS
+         */
+        /* oper_only_umodes: usermodes only opers may set */
-<
+        oper_only_umodes = bots, cconn, cconn_full, debug, full, hidden, skill,
->
+        oper_only_umodes = bots, cconn, debug, full, hidden, skill,
+                           nchange, rej, spy, external, operwall,
-<
+                           locops, unauth;
->
+                           locops, unauth, farconnect;
+        /* oper_umodes: default usermodes opers get when they /oper */
+        oper_umodes = bots, locops, servnotice, operwall, wallop;
+        /*
+         * use_egd: if your system does not have *random devices yet you
-<
+         * want to use OpenSSL and encrypted links, enable this.  Beware -
-<
+         * EGD is *very* CPU intensive when gathering data for its pool
->
+         * want to use OpenSSL and encrypted links, enable this. Beware -
->
+         * EGD is *very* CPU intensive when gathering data for its pool.
+         */
+#       use_egd = yes;
+        /*
+         * throttle_time: the minimum amount of time between connections from
-<
+         * the same ip.  exempt {} blocks are excluded from this throttling.
-<
+         * Offers protection against flooders who reconnect quickly.
->
+         * the same ip. exempt {} blocks are excluded from this throttling.
->
+         * Offers protection against flooders who reconnect quickly.
+         * Set to 0 to disable.
+         */
+        throttle_time = 10;
+};
-–
+glines {
-–
+        /* enable: enable glines, network wide temp klines */
-–
+        enable = yes;
-–
-–
+        /*
-–
+         * duration: the amount of time a gline will remain on your
-–
+         * server before expiring
-–
+         */
-–
+        duration = 1 day;
-–
-–
+        /*
-–
+         * log: which types of rules you want to log when triggered
-–
+         * (choose reject or block)
-–
+         */
-–
+        log = reject, block;
-–
-–
+        /*
-–
+         * NOTE: gline ACLs can cause a desync of glines throughout the
-–
+         * network, meaning some servers may have a gline triggered, and
-–
+         * others may not. Also, you only need insert rules for glines
-–
+         * that you want to block and/or reject. If you want to accept and
-–
+         * propagate the gline, do NOT put a rule for it.
-–
+         */
-–
-–
+        /* user@host for rule to apply to */
-–
+        user = "god@I.still.hate.packets";
-–
+        /* server for rule to apply to */
-–
+        name = "hades.arpa";
-–
-–
+        /*
-–
+         * action: action to take when a matching gline is found. options are:
-–
+         *  reject - do not apply the gline locally
-–
+         *  block  - do not propagate the gline
-–
+         */
-–
+        action = reject, block;
-–
-–
+        user = "god@*";
-–
+        name = "*";
-–
+        action = block;
-–
+};
-–
+modules {
+        /*
+         * path: other paths to search for modules specified below
-<
+         * and in /modload.
->
+         * and in "/module load".
+         */
+        path = "/usr/local/ircd/lib/ircd-hybrid/modules";
+        path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload";
-<
+        /* module: the name of a module to load on startup/rehash */
-<
+        #module = "some_module.la";
->
+        /* module: the name of a module to load on startup/rehash. */
->
+#       module = "some_module.la";
+};
+/*
+        file {
+                type = oper;
-<
+                name = "/home/ircd/var/log/oper.log";
->
+                name = "/usr/local/ircd/var/log/oper.log";
+                size = unlimited;
+        };
+        file {
+                type = user;
-<
+                name = "/home/ircd/var/log/user.log";
->
+                name = "/usr/local/ircd/var/log/user.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = kill;
-<
+                name = "/home/ircd/var/log/kill.log";
->
+                name = "/usr/local/ircd/var/log/kill.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = kline;
-<
+                name = "/home/ircd/var/log/kline.log";
->
+                name = "/usr/local/ircd/var/log/kline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = dline;
-<
+                name = "/home/ircd/var/log/dline.log";
->
+                name = "/usr/local/ircd/var/log/dline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = gline;
-<
+                name = "/home/ircd/var/log/gline.log";
->
+                name = "/usr/local/ircd/var/log/gline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = debug;
-<
+                name = "/home/ircd/var/log/debug.log";
->
+                name = "/usr/local/ircd/var/log/debug.log";
+                size = 50 megabytes;
-<
+        };
->
+        };
+};

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)

Comparing: ircd-hybrid-8/doc/example.conf (file contents), Revision 1412 by michael, Sat May 19 18:39:17 2012 UTC vs. ircd-hybrid/trunk/doc/reference.conf (file contents), Revision 2196 by michael, Tue Jun 4 18:30:12 2013 UTC

Diff Legend

Comparing:
ircd-hybrid-8/doc/example.conf (file contents), Revision 1412 by michael, Sat May 19 18:39:17 2012 UTC vs.
ircd-hybrid/trunk/doc/reference.conf (file contents), Revision 2196 by michael, Tue Jun 4 18:30:12 2013 UTC