ViewVC Help

View File | Revision Log | Show Annotations | View Changeset | Root Listing

root/svn/ircd-hybrid/branches/8.2.x/doc/reference.conf

Comparing:
ircd-hybrid/trunk/doc/example.conf (file contents), Revision 1644 by michael, Tue Nov 6 22:20:16 2012 UTC vs.
ircd-hybrid/branches/8.2.x/doc/reference.conf (file contents), Revision 4123 by michael, Tue Jul 1 17:26:06 2014 UTC

#	Line 1 | Line 1
1	<	/* doc/example.conf - ircd-hybrid-8 Example configuration file
2	<	* Copyright (C) 2000-2012 Hybrid Development Team
1	>	/*
2	>	* This is an example configuration file for ircd-hybrid
3		*
4	<	* Written by ejb, wcampbel, db, leeh and others
5	<	* Other example configurations can be found in the source dir under
6	<	* doc/.
4	>	* Copyright (c) 2000-2014 ircd-hybrid development team
5		*
6		* $Id$
7		*/
8
9	<	/* IMPORTANT NOTES:
9	>	/*
10	>	* ########################################################################
11	>	* IMPORTANT NOTE:
12		*
13	<	* auth {} blocks MUST be specified in order of precedence.  The first one
14	<	* that matches a user will be used.  So place spoofs first, then specials,
13	>	* auth {} blocks MUST be specified in order of precedence. The first one
14	>	* that matches a user will be used. So place spoofs first, then specials,
15		* then general access.
16	+	* ########################################################################
17		*
18		* Shell style (#), C++ style (//) and C style comments are supported.
19		*
#	Line 22 | Line 23
23		*
24		* Times/durations are written as:
25		*        12 hours 30 minutes 1 second
26	<	*
26	>	*
27		* Valid units of time:
28	<	*        month, week, day, hour, minute, second
28	>	*        year, month, week, day, hour, minute, second
29		*
30		* Valid units of size:
31		*        megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
32		*
33	<	* Sizes and times may be singular or plural.
33	<	*/
34	<
35	<	/* EFNET NOTE:
36	<	*
37	<	* This config file is NOT suitable for EFNet.  EFNet admins should use
38	<	* example.efnet.conf
33	>	* Sizes and times may be singular or plural.
34		*/
35	<
35	>
36	>
37		/*
38		* serverinfo {}:  contains information about the server
39		*/
40		serverinfo {
41		/*
42	<	* name: the name of this server.  This cannot be changed at runtime.
42	>	* name: the name of this server. This cannot be changed at runtime.
43		*/
44		name = "hades.arpa";
45
46		/*
47	<	* sid: a server's unique ID.  This is three characters long and must
48	<	* be in the form [0-9][A-Z0-9][A-Z0-9].  The first character must be
47	>	* sid: a server's unique ID. This is three characters long and must
48	>	* be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
49		* a digit, followed by 2 alpha-numerical letters.
50	<	* NOTE: The letters must be capitalized.  This cannot be changed at runtime.
50	>	*
51	>	* NOTE: The letters must be capitalized. This cannot be changed at runtime.
52		*/
53	<	sid = "_CHANGE_ME_";
53	>	sid = "0HY";
54
55		/*
56		* description: the description of the server.
#	Line 62 | Line 59 | serverinfo {
59
60		/*
61		* network info: the name and description of the network this server
62	<	* is on.  Shown in the 005 reply and used with serverhiding.
62	>	* is on. Shown in the 005 reply and used with serverhiding.
63		*/
64		network_name = "MyNet";
65		network_desc = "This is My Network";
#	Line 77 | Line 74 | serverinfo {
74		* vhost: the IP to bind to when we connect outward to ipv4 servers.
75		* This should be an ipv4 IP only, or "*" for INADDR_ANY.
76		*/
77	<	#vhost = "192.169.0.1";
77	>	#       vhost = "192.169.0.1";
78
79		/*
80	<	* vhost6: the IP to bind to when we connect outward to ipv6 servers.
81	<	* This should be an ipv6 IP only, or "*" for INADDR_ANY.
80	>	* vhost6: the address to bind to when we make outgoing connections
81	>	* to IPv6 servers. This should be an IPv6 address, or "*" for INADDR_ANY.
82		*/
83	<	#vhost6 = "3ffe:80e8:546::2";
83	>	#       vhost6 = "3ffe:80e8:546::2";
84
85	<	/* max_clients: the maximum number of clients allowed to connect */
85	>	/* max_clients: the maximum number of clients allowed to connect. */
86		max_clients = 512;
87
88		/*
89	<	* rsa_private_key_file: the path to the file containing our
90	<	* rsa key for cryptlink.
89	>	* max_nick_length: only applies to local clients. Must be in the
90	>	* range of 9 to 30. Default is 9 if nothing else is specified.
91	>	*/
92	>	max_nick_length = 9;
93	>
94	>	/*
95	>	* max_topic_length: only applies to topics set by local clients.
96	>	* Must be in the range of 80 to 300. Default is 80 if nothing
97	>	* else is specified.
98	>	*/
99	>	max_topic_length = 160;
100	>
101	>	/*
102	>	* rsa_private_key_file: the path to the file containing the
103	>	* RSA key.
104	>	*
105	>	* Example commands to store a 2048 bit RSA key in rsa.key:
106		*
95	–	* Example command to store a 2048 bit RSA keypair in
96	–	* rsa.key, and the public key in rsa.pub:
97	–	*
107		*      openssl genrsa -out rsa.key 2048
108	<	*      openssl rsa -in rsa.key -pubout -out rsa.pub
100	<	*      chown <ircd-user>.<ircd.group> rsa.key rsa.pub
108	>	*      chown <ircd-user>.<ircd.group> rsa.key
109		*      chmod 0600 rsa.key
102	–	*      chmod 0644 rsa.pub
110		*/
111	<	#rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
111	>	#       rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
112
113		/*
114		* ssl_certificate_file: the path to the file containing our
115	<	* ssl certificate for encrypted client connection.
115	>	* SSL certificate for encrypted client connection.
116		*
117		* This assumes your private RSA key is stored in rsa.key. You
118	<	* MUST have an RSA key in order to generate the certificate
118	>	* MUST have an RSA key in order to generate the certificate.
119	>	*
120	>	* Example command:
121		*
122		*      openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
123		*
#	Line 121 | Line 130 | serverinfo {
130		*      Common Name: irc.someirc.net
131		*      E-mail: you@domain.com
132		*/
133	<	#ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
133	>	#       ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
134
135		/*
136		* ssl_dh_param_file:
137		*
138		* Path to the PEM encoded Diffie-Hellman parameter file.
139	<	* DH parameters are strictly required when using ciphers
140	<	* with EDH (ephemeral Diffie-Hellman) key exchange.
139	>	* DH parameters are required when using ciphers with EDH
140	>	* (ephemeral Diffie-Hellman) key exchange.
141		*
142		* A DH parameter file can be created by running:
143		*
144	<	*      openssl dhparam -out dhparam.pem 1024
144	>	*      openssl dhparam -out dhparam.pem 2048
145		*
146		* Prime size must be at least 1024 bits. Further information
147		* regarding specific OpenSSL dhparam command-line options
148		* can be found in the OpenSSL manual.
149		*/
150	<	#ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
150	>	#       ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
151	>
152	>	/*
153	>	* ssl_dh_elliptic_curve:
154	>	*
155	>	* Defines the curve to use for the Elliptic Curve Diffie-Hellman (ECDH) algorithm.
156	>	*
157	>	* A list of supported curves by OpenSSL can be obtained by running:
158	>	*
159	>	*      openssl ecparam -list_curves
160	>	*/
161	>	#       ssl_dh_elliptic_curve = "secp521r1";
162
163		/*
164		* ssl_cipher_list:
165		*
166	<	* List of ciphers that are supported by _this_ server. Can be used to
166	>	* List of ciphers to support on _this_ server. Can be used to
167		* enforce specific ciphers for incoming SSL/TLS connections.
168	<	* If a client (which also includes incoming server connections) isn't
169	<	* capable of any cipher listed below, the connection will simply be
170	<	* rejected.
168	>	* If a client (which also includes incoming server connections) is not
169	>	* capable of using any of the ciphers listed here, the connection will
170	>	* simply be rejected.
171		*
172	<	* A list of supported ciphers can be obtained by running:
172	>	* A list of supported ciphers by OpenSSL can be obtained by running:
173		*
174		*      openssl ciphers -ssl3 -tls1 -v
175		*
176		* Multiple ciphers are separated by colons. The order of preference is
177		* from left to right.
178		*/
179	<	#ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
179	>	#       ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
180	>
181	>	/*
182	>	* ssl_message_digest_algorithm:
183	>	*
184	>	* Defines what cryptographic hash function to use for generating fingerprint
185	>	* hashes of X.509 certificates.
186	>	* Default is SHA-256 if nothing else is specified.
187	>	*
188	>	* A list of supported message digest algorithms by OpenSSL can be obtained by running:
189	>	*
190	>	*      openssl list-message-digest-algorithms
191	>	*/
192	>	#       ssl_message_digest_algorithm = "sha256";
193
194		/*
195		* ssl_server_method:
#	Line 166 | Line 199 | serverinfo {
199		* outgoing (client method) SSL/TLS connections.
200		* This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1.
201		*/
202	<	#ssl_server_method = tlsv1, sslv3;
203	<	#ssl_client_method = tlsv1;
202	>	#       ssl_server_method = tlsv1, sslv3;
203	>	#       ssl_client_method = tlsv1;
204		};
205
206		/*
#	Line 183 | Line 216 | admin {
216		* class {}:  contains information about classes for users
217		*/
218		class {
219	<	/* name: the name of the class */
219	>	/* name: the name of the class. */
220		name = "users";
221
222		/*
#	Line 194 | Line 227 | class {
227
228		/*
229		* number_per_ip: how many local users are allowed to connect
230	<	* from one IP  (optional)
230	>	* from a single IP address  (optional)
231		*/
232		number_per_ip = 2;
233
234		/*
235		* max_local: how many local users are allowed to connect
236	<	* from one ident@host  (optional)
236	>	* from a single ident@host  (optional)
237		*/
238		max_local = 2;
239
#	Line 216 | Line 249 | class {
249
250		/*
251		* the following lines are optional and allow you to define
252	<	* how many users can connect from one /NN subnet
252	>	* how many users can connect from one /NN subnet.
253		*/
254		cidr_bitlen_ipv4 = 24;
255		cidr_bitlen_ipv6 = 120;
256		number_per_cidr = 16;
257
258		/*
259	<	* sendq: the amount of data allowed in a clients send queue before
259	>	* sendq: the amount of data allowed in a client's send queue before
260		* they are dropped.
261		*/
262		sendq = 100 kbytes;
263
264		/*
265	<	* recvq: maximum amount of data in a clients receive queue before
265	>	* recvq: the amount of data allowed in a client's receive queue before
266		* they are dropped for flooding. Defaults to 2560 if the chosen
267		* value isn't within the range of 512 to 8000.
268		*/
#	Line 242 | Line 275 | class {
275		number_per_ip = 10;
276		max_number = 100;
277		sendq = 100 kbytes;
278	+
279	+
280	+	/*
281	+	* max_channels: maximum number of channels users in this class can join.
282	+	*/
283	+	max_channels = 60;
284	+
285	+	/*
286	+	* min_idle: minimum idle time that is shown in /whois.
287	+	*/
288	+	min_idle = 3 hours;
289	+
290	+	/*
291	+	* max_idle: maximum idle time that is shown in /whois.
292	+	*/
293	+	max_idle = 8 hours;
294	+
295	+	/*
296	+	* flags:
297	+	*
298	+	* random_idle          - a fake idle time is set randomly between
299	+	*                        min_idle and max_idle
300	+	* hide_idle_from_opers - the fake idle time will also be shown to operators
301	+	*/
302	+	flags = random_idle, hide_idle_from_opers;
303		};
304
305		class {
#	Line 249 | Line 307 | class {
307		ping_time = 90 seconds;
308
309		/*
310	<	* connectfreq: only used in server classes.  Specifies the delay
310	>	* connectfreq: only used in server classes. Specifies the delay
311		* between autoconnecting to servers.
312		*/
313		connectfreq = 5 minutes;
314
315	<	/* max number: the amount of servers to autoconnect to */
315	>	/* max number: the number of servers to autoconnect to. */
316		max_number = 1;
317
318	<	/* sendq: servers need a higher sendq as they send more data */
318	>	/* sendq: servers need a higher sendq as they send more data. */
319		sendq = 2 megabytes;
320		};
321
322		/*
323	+	* motd {}: Allows the display of a different MOTD to a client
324	+	* depending on its origin. Applies to local users only.
325	+	*/
326	+	motd {
327	+	/*
328	+	* mask: multiple mask entries are permitted. Mask can either be
329	+	* a class name or a hostname. CIDR is supported.
330	+	*/
331	+	mask = "*.at";
332	+	mask = "*.de";
333	+	mask = "*.ch";
334	+
335	+	/*
336	+	* file: path to the actual motd file.
337	+	*/
338	+	file = "/usr/local/ircd/etc/german.motd";
339	+	};
340	+
341	+	/*
342		* listen {}:  contains information about the ports ircd listens on
343		*/
344		listen {
345		/*
346	<	* port: the specific port to listen on.  If no host is specified
347	<	* before, it will listen on all available IPs.
346	>	* port: the port to listen on. If no host is specified earlier
347	>	* in the listen {} block, it will listen on all available IPs.
348		*
349	<	* Ports are separated via a comma, a range may be specified using ".."
349	>	* Ports are separated by commas; a range may be specified using ".."
350		*/
351	<
352	<	/* port: listen on all available IPs, ports 6665 to 6669 */
351	>
352	>	/* port: listen on all available IP addresses, ports 6665 to 6669 */
353		port = 6665 .. 6669;
354
355		/*
356	<	* Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
356	>	* Listen on 192.168.0.1/6697 with SSL enabled and hidden from STATS P
357		* unless you are an administrator.
358		*
359	<	* NOTE: The "flags" directive has to come before "port".  Always!
359	>	* NOTE: The "flags" directive always has to come before "port".
360		*
361		* Currently available flags are:
362		*
363	<	*  ssl    - Port is for SSL client connections only
363	>	*  ssl    - Port may only accept TLS/SSL connections
364		*  server - Only server connections are permitted
365		*  hidden - Port is hidden from /stats P, unless you're an admin
366		*/
#	Line 292 | Line 369 | listen {
369		port = 6697;
370
371		/*
372	<	* host: set a specific IP/host the ports after the line will listen
373	<	* on.  This may be ipv4 or ipv6.
372	>	* host: set a specific IP address/host to listen on using the
373	>	* subsequent port definitions. This may be IPv4 or IPv6.
374		*/
375		host = "1.2.3.4";
376		port = 7000, 7001;
#	Line 308 | Line 385 | listen {
385		auth {
386		/*
387		* user: the user@host allowed to connect. Multiple user
388	<	* lines are permitted per auth block.
388	>	* lines are permitted within each auth block.
389		*/
390		user = "*@172.16.0.0/12";
391		user = "*test@123D:B567:*";
#	Line 323 | Line 400 | auth {
400		encrypted = yes;
401
402		/*
403	<	* spoof: fake the users host to this.  This is free-form,
404	<	* just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
403	>	* spoof: fake the user's host to this. This is free-form, just do
404	>	* everyone a favor and don't abuse it. ('=' prefix on /stats I)
405		*/
406		spoof = "I.still.hate.packets";
407
#	Line 343 | Line 420 | auth {
420		* resv_exempt   - exempt this user from resvs ('$' prefix on /stats I)
421		* no_tilde      - remove ~ from a user with no ident ('-' prefix on /stats I)
422		* can_flood     - allow this user to exceed flood limits ('|' prefix on /stats I)
423	+	* webirc        - enables WEBIRC authentication for web-based clients such as Mibbit
424	+	*                 ('<' prefix on /stats I)
425		*/
426		flags = need_password, spoof_notice, exceed_limit, kline_exempt,
427		gline_exempt, resv_exempt, no_tilde, can_flood;
#	Line 350 | Line 429 | auth {
429
430		auth {
431		/*
432	<	* redirect: the server and port to redirect a user to.  A user does
433	<	* not have to obey the redirection, the ircd just suggests an alternative
432	>	* redirect: the server and port to redirect a user to. A user does not
433	>	* have to obey the redirection; the ircd just suggests an alternative
434		* server for them.
435		*/
436		redirserv = "this.is.not.a.real.server";
437		redirport = 6667;
438	<
438	>
439		user = "*.server";
440
441		/* class: a class is required even though it is not used */
#	Line 371 | Line 450 | auth {
450
451		/*
452		* operator {}:  defines ircd operators
374	–	*
375	–	* ircd-hybrid no longer supports local operators, privileges are
376	–	* controlled via flags.
453		*/
454		operator {
455		/* name: the name of the oper */
456		name = "sheep";
457
458		/*
459	<	* user: the user@host required for this operator. Multiple
460	<	* user="" lines are supported.
459	>	* user: the user@host required for this operator. Multiple user
460	>	* lines are permitted within each operator block.
461		*/
462		user = "*sheep@192.168.0.0/16";
463		user = "*@127.0.0.0/8";
464
465		/*
466	<	* password: the password required to oper.  By default this will
466	>	* password: the password required to oper. By default this will
467		* need to be encrypted by using the provided mkpasswd tool.
468		* Several password hash algorithms are available depending
469		* on your system's crypt() implementation. For example, a modern
470	<	* glibc already has support for SHA-256/512, and MD5 encryption
470	>	* glibc already has support for the SHA-256/512 and MD5 encryption
471		* algorithms.
472		*/
473		password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4";
#	Line 404 | Line 480 | operator {
480
481		/*
482		* rsa_public_key_file: the public key for this oper when using Challenge.
483	<	* A password should not be defined when this is used, see
483	>	* A password should not be defined when this is used; see
484		* doc/challenge.txt for more information.
485		*/
486		#       rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
487
488	+	/*
489	+	* ssl_certificate_fingerprint: enhances security by additionally checking
490	+	* the oper's client certificate fingerprint against the specified
491	+	* fingerprint below.
492	+	*
493	+	* Hint: your users can use the following command to obtain a SHA-256 hash
494	+	* of their ssl certificate:
495	+	*
496	+	*      openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g'
497	+	*/
498	+	#       ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
499	+
500	+	/*
501	+	* ssl_connection_required: client must be connected over SSL/TLS
502	+	* in order to be able to use this oper{} block.
503	+	* Default is 'no' if nothing else is specified.
504	+	*/
505	+	ssl_connection_required = no;
506	+
507		/* class: the class the oper joins when they successfully /oper */
508		class = "opers";
509
510		/*
511	<	* umodes: default usermodes opers get when they /oper.  If defined,
511	>	* umodes: the default usermodes opers get when they /oper. If defined,
512		* it will override oper_umodes settings in general {}.
513		* Available usermodes:
514		*
515		* +b - bots         - See bot and drone flooding notices
516		* +c - cconn        - Client connection/quit notices
422	–	* +C - cconn_full   - Client connection/quit notices full
517		* +D - deaf         - Don't receive channel messages
518		* +d - debug        - See debugging notices
519	+	* +e - external     - See remote server connection and split notices
520	+	* +F - farconnect   - Remote client connection/quit notices
521		* +f - full         - See auth{} block full notices
522		* +G - softcallerid - Server Side Ignore for users not on your channels
523		* +g - callerid     - Server Side Ignore (for privmsgs etc)
524		* +H - hidden       - Hides operator status to other users
525	<	* +i - invisible    - Not shown in NAMES or WHO unless you share a
430	<	*                     a channel
525	>	* +i - invisible    - Not shown in NAMES or WHO unless you share a channel
526		* +j - rej          - See rejected client notices
527		* +k - skill        - See server generated KILL messages
528		* +l - locops       - See LOCOPS messages
529		* +n - nchange      - See client nick changes
530	+	* +p - hidechans    - Hides channel list in WHOIS
531	+	* +q - hideidle     - Hides idle and signon time in WHOIS
532	+	* +R - nononreg     - Only receive private messages from registered clients
533		* +s - servnotice   - See general server notices
534		* +u - unauth       - See unauthorized client notices
535		* +w - wallop       - See server generated WALLOPS
438	–	* +x - external     - See remote server connection and split notices
536		* +y - spy          - See LINKS, STATS, TRACE notices etc.
440	–	* +z - operwall     - See oper generated WALLOPS
537		*/
538	<	#       umodes = locops, servnotice, operwall, wallop;
538	>	umodes = locops, servnotice, wallop;
539
540		/*
541	<	* privileges: controls the activities and commands an oper is
541	>	* privileges: controls the activities and commands an oper is
542		* allowed to do on the server. All options default to no.
543		* Available options:
544		*
545	<	* module       - allows MODULE
546	<	* global_kill  - allows remote users to be /KILL'd
547	<	* remote       - allows remote SQUIT and CONNECT
548	<	* remoteban    - allows remote KLINE/UNKLINE
549	<	* dline        - allows DLINE
550	<	* undline      - allows UNDLINE
551	<	* kline        - allows KILL and KLINE
552	<	* unkline      - allows UNKLINE
553	<	* gline        - allows GLINE
554	<	* xline        - allows XLINE
555	<	* globops      - allows GLOBOPS
556	<	* operwall     - allows OPERWALL
557	<	* nick_changes - allows oper to see nickchanges via usermode +n
558	<	* rehash       - allows oper to REHASH config
559	<	* die          - allows DIE
560	<	* restart      - allows RESTART
561	<	* set          - allows SET
562	<	* admin        - gives admin privileges. admins for example,
563	<	*                may see the real IP addresses of servers.
545	>	* module         - allows MODULE
546	>	* connect        - allows local CONNECT              | ('P' flag)
547	>	* connect:remote - allows remote CONNECT             | ('Q' flag)
548	>	* squit          - allows local SQUIT                | ('R' flag)
549	>	* squit:remote   - allows remote SQUIT               | ('S' flag)
550	>	* kill           - allows to KILL local clients      | ('N' flag)
551	>	* kill:remote    - allows remote users to be /KILL'd | ('O' flag)
552	>	* remoteban      - allows remote KLINE/UNKLINE       | ('B' flag)
553	>	* dline          - allows DLINE                      |
554	>	* undline        - allows UNDLINE                    |
555	>	* kline          - allows KLINE                      | ('K' flag)
556	>	* unkline        - allows UNKLINE                    | ('U' flag)
557	>	* gline          - allows GLINE                      | ('G' flag)
558	>	* xline          - allows XLINE                      | ('X' flag)
559	>	* unxline        - allows UNXLINE                    |
560	>	* locops         - allows LOCOPS                     |
561	>	* globops        - allows GLOBOPS                    |
562	>	* wallops        - allows WALLOPS                    |
563	>	* rehash         - allows oper to REHASH config      | ('H' flag)
564	>	* die            - allows DIE                        | ('D' flag)
565	>	* restart        - allows RESTART                    |
566	>	* set            - allows SET                        |
567	>	* admin          - gives administrator privileges    | ('A' flag)
568		*/
569	<	flags = global_kill, remote, kline, unkline, xline, globops, restart,
570	<	die, rehash, nick_changes, admin, operwall, module;
569	>	flags = kill, kill:remote, connect, connect:remote, kline, unkline,
570	>	xline, globops, restart, die, rehash, admin, module;
571		};
572
573		/*
574	<	* service {}: specifies what server may act as a network service
574	>	* service {}: specifies a server which may act as a network service
575		*
576	<	* NOTE: it is absolutely important that every single server on the network
576	>	* NOTE: it is very important that every server on the network
577		*       has the same service{} block.
578		*/
579		service {
#	Line 482 | Line 582 | service {
582		};
583
584		/*
585	<	* connect {}:  controls servers we connect to
585	>	* connect {}: define a server to connect to
586		*/
587		connect {
588		/* name: the name of the server */
589		name = "irc.uplink.com";
590
591		/*
592	<	* host: the host or IP to connect to.  If a hostname is used it
593	<	* must match the reverse dns of the server.
592	>	* host: the host or IP address to connect to. If a hostname is used it
593	>	* must match the reverse DNS of the server.
594		*/
595		host = "192.168.0.1";
596
597		/*
598	<	* vhost: the IP to bind to when we connect outward to servers.
598	>	* vhost: the IP address to bind to when making outgoing connections to
599	>	* servers.
600		* serverinfo::vhost and serverinfo::vhost6 will be overridden
601		* by this directive.
602		*/
603		vhost = "192.168.0.2";
604
605		/*
606	<	* passwords: the passwords we send (OLD C:) and accept (OLD N:).
607	<	* The remote server will have these passwords reversed.
606	>	* passwords: the passwords to send (OLD C:) and accept (OLD N:).
607	>	* The remote server will have these passwords swapped.
608		*/
609		send_password = "password";
610		accept_password = "anotherpassword";
#	Line 518 | Line 619 | connect {
619		port = 6666;
620
621		/*
622	<	* hub_mask: the mask of servers that this server may hub.  Multiple
623	<	* entries are permitted
622	>	* hub_mask: the mask of servers that this server may hub. Multiple
623	>	* entries are permitted.
624		*/
625		hub_mask = "*";
626
627		/*
628	<	* leaf_mask: the mask of servers this server may not hub.  Multiple
629	<	* entries are permitted.  Useful for forbidding EU -> US -> EU routes.
628	>	* leaf_mask: the mask of servers this server may not hub. Multiple
629	>	* entries are permitted. Useful for forbidding EU -> US -> EU routes.
630		*/
631		#       leaf_mask = "*.uk";
632
#	Line 536 | Line 637 | connect {
637		* ssl_cipher_list:
638		*
639		* List of ciphers that the server we are connecting to must support.
640	<	* If the server isn't capable of any cipher listed below, the
641	<	* connection will simply be rejected.
640	>	* If the server is not capable of using any of the ciphers listed below,
641	>	* the connection will simply be rejected.
642		* Can be used to enforce stronger ciphers, even though this option
643		* is not necessarily required to establish a SSL/TLS connection.
644		*
645		* Multiple ciphers are separated by colons. The order of preference
646		* is from left to right.
647		*/
648	<	#ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
648	>	#       ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
649	>
650	>	/*
651	>	* ssl_certificate_fingerprint: enhances security by additionally checking
652	>	* the server's client certificate fingerprint against the specified
653	>	* fingerprint below.
654	>	*/
655	>	#       ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
656
657		/*
658		* autoconn   - controls whether we autoconnect to this server or not,
#	Line 575 | Line 683 | connect {
683		*/
684		cluster {
685		/*
686	<	* name: the server to share with, this can take wildcards
686	>	* name: the server to share with; this can take wildcards
687		*
688	<	* NOTE: only local actions will be clustered, meaning if
688	>	* NOTE: only local actions will be clustered, meaning that if
689		*       the server receives a shared kline/unkline/etc, it
690		*       will not be propagated to clustered servers.
691		*
#	Line 588 | Line 696 | cluster {
696		name = "*.arpa";
697
698		/*
699	<	* type: list of what to share, options are as follows:
699	>	* type: list of what to share; options are as follows:
700		*      dline   - share dlines
701		*      undline - share undlines
702		*      kline   - share klines
#	Line 606 | Line 714 | cluster {
714		/*
715		* shared {}: users that are allowed to remote kline
716		*
717	<	* NOTE: This can be effectively used for remote klines.
717	>	* NOTE: This can effectively be used for remote klines.
718		*       Please note that there is no password authentication
719	<	*       for users setting remote klines.  You must also be
719	>	*       for users setting remote klines. You must also be
720		*       /oper'd in order to issue a remote kline.
721		*/
722		shared {
723		/*
724	<	* name: the server the user must be on to set klines.  If this is not
725	<	* specified, the user will be allowed to kline from all servers.
724	>	* name: the server the user must be connected to in order to set klines.
725	>	* If this is not specified, the user will be allowed to kline from all
726	>	* servers.
727		*/
728		name = "irc2.some.server";
729
730		/*
731	<	* user: the user@host mask that is allowed to set klines.  If this is
731	>	* user: the user@host mask that is allowed to set klines. If this is
732		* not specified, all users on the server above will be allowed to set
733		* a remote kline.
734		*/
#	Line 650 | Line 759 | kill {
759		reason = "Obviously hacked account";
760		};
761
653	–	kill {
654	–	user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.tld$";
655	–
656	–	/*
657	–	* NOTE: You have to set type=regex; when using a regular expression
658	–	* based user entry
659	–	*/
660	–	type = regex;
661	–	};
662	–
762		/*
763	<	* deny {}:  IPs that are not allowed to connect (before DNS/ident lookup)
763	>	* deny {}:  IP addresses that are not allowed to connect
764	>	* (before DNS/ident lookup)
765		* Oper issued dlines will be added to the specified dline config
766		*/
767		deny {
#	Line 670 | Line 770 | deny {
770		};
771
772		/*
773	<	* exempt {}: IPs that are exempt from deny {} and Dlines
773	>	* exempt {}:  IP addresses that are exempt from deny {} and Dlines
774		*/
775		exempt {
776		ip = "192.168.0.0/16";
#	Line 679 | Line 779 | exempt {
779		/*
780		* resv {}:  nicks and channels users may not use/join
781		*/
782	+	resv { mask = "clone*"; reason = "Clone bots"; };
783	+	resv { mask = "Global"; reason = "Reserved for services"; };
784	+	resv { mask = "ChanServ"; reason = "Reserved for services"; };
785	+	resv { mask = "NickServ"; reason = "Reserved for services"; };
786	+	resv { mask = "OperServ"; reason = "Reserved for services"; };
787	+	resv { mask = "MemoServ"; reason = "Reserved for services"; };
788	+	resv { mask = "BotServ"; reason = "Reserved for services"; };
789	+	resv { mask = "HelpServ"; reason = "Reserved for services"; };
790	+	resv { mask = "HostServ"; reason = "Reserved for services"; };
791	+	resv { mask = "StatServ"; reason = "Reserved for services"; };
792	+	resv { mask = "#*services*"; reason = "Reserved for services"; };
793	+
794		resv {
795	<	/* reason: the reason for the proceeding resv's */
796	<	reason = "Reserved for services";
795	>	/*
796	>	* mask: masks starting with a '#' are automatically considered
797	>	* as channel name masks.
798	>	*/
799	>	mask = "#helsinki";
800	>	reason = "Channel is reserved for Finnish inhabitants";
801
802	<	/* resv: the nicks and channels users may not join/use */
803	<	nick = "Global";
804	<	nick = "DevNull";
805	<	nick = "BotServ";
806	<	nick = "Services";
807	<	nick = "StatServ";
692	<	nick = "HelpServ";
693	<	nick = "HostServ";
694	<	nick = "NickServ";
695	<	nick = "ChanServ";
696	<	nick = "MemoServ";
697	<	nick = "OperServ";
698	<	channel = "#services";
699	<
700	<	/* resv: wildcard masks are also supported in nicks only */
701	<	reason = "Clone bots";
702	<	nick = "clone*";
802	>	/*
803	>	* exempt: can be either a ISO 3166 alpha-2 two letter country
804	>	* code, or a nick!user@host mask. CIDR is supported. Exempt
805	>	* entries can be stacked.
806	>	*/
807	>	exempt = "FI";
808		};
809
810		/*
811	<	* gecos {}:  The X: replacement, used for banning users based on
707	<	* their "realname".
811	>	* gecos {}:  Used for banning users based on their "realname".
812		*/
813		gecos {
814		name = "*sex*";
#	Line 716 | Line 820 | gecos {
820		reason = "Trojan drone";
821		};
822
719	–	gecos {
720	–	name = "*http*";
721	–	reason = "Spambot";
722	–	};
723	–
724	–	gecos {
725	–	name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
726	–
727	–	/*
728	–	* NOTE: You have to set type=regex; when using a regular expression
729	–	* based name entry
730	–	*/
731	–	type = regex;
732	–	};
733	–
823		/*
824		* channel {}:  The channel block contains options pertaining to channels
825		*/
826		channel {
827		/*
828		* disable_fake_channels: this option, if set to 'yes', will
829	<	* disallow clients to create or join channels that have one
829	>	* disallow clients from creating or joining channels that have one
830		* of the following ASCII characters in their name:
831		*
832		*   2 | bold
#	Line 751 | Line 840 | channel {
840		disable_fake_channels = yes;
841
842		/*
843	<	* restrict_channels: reverse channel RESVs logic, only reserved
844	<	* channels are allowed
843	>	* invite_client_count, invite_client_time: how many INVITE commands
844	>	* are permitted per client per invite_client_time.
845		*/
846	<	restrict_channels = no;
846	>	invite_client_count = 10;
847	>	invite_client_time = 5 minutes;
848
849		/*
850	<	* knock_delay: The amount of time a user must wait between issuing
851	<	* the knock command.
850	>	* knock_client_count, knock_client_time: how many KNOCK commands
851	>	* are permitted per client per knock_client_time.
852		*/
853	<	knock_delay = 5 minutes;
853	>	knock_client_count = 1;
854	>	knock_client_time = 5 minutes;
855
856		/*
857	<	* knock_delay_channel: How often a knock to any specific channel
858	<	* is permitted, regardless of the user sending the knock.
857	>	* knock_delay_channel: how often a KNOCK to any specific channel
858	>	* is permitted, regardless of the user sending the KNOCK.
859		*/
860		knock_delay_channel = 1 minute;
861
862		/*
863	<	* max_chans_per_user: The maximum number of channels a user can
864	<	* join/be on.
774	<	*/
775	<	max_chans_per_user = 25;
776	<
777	<	/*
778	<	* max_chans_per_oper: The maximum number of channels an oper can
779	<	* join/be on.
863	>	* max_channels: the maximum number of channels a user can join/be on.
864	>	* This is a default value which can be overriden with class{} blocks.
865		*/
866	<	max_chans_per_oper = 50;
782	<
783	<	/* quiet_on_ban: stop banned people talking in channels. */
784	<	quiet_on_ban = yes;
866	>	max_channels = 25;
867
868		/* max_bans: maximum number of +b/e/I modes in a channel */
869		max_bans = 100;
870
871		/*
872	<	* how many joins in how many seconds constitute a flood, use 0 to
872	>	* how many joins in how many seconds constitute a flood. Use 0 to
873		* disable. +b opers will be notified (changeable via /set)
874		*/
875		join_flood_count = 16;
876		join_flood_time = 8 seconds;
877
878		/*
879	<	* splitcode: The ircd will now check splitmode every few seconds.
879	>	* The ircd will now check splitmode (whether a server is split from
880	>	* the network) every few seconds; this functionality is known as
881	>	* splitcode and is influenced by the options below.
882		*
883		* Either split users or split servers can activate splitmode, but
884		* both conditions must be met for the ircd to deactivate splitmode.
885	<	*
885	>	*
886		* You may force splitmode to be permanent by /quote set splitmode on
887		*/
888
889		/*
890		* default_split_user_count: when the usercount is lower than this level,
891	<	* consider ourselves split.  This must be set for automatic splitmode.
891	>	* consider ourselves split. This must be set for automatic splitmode.
892		*/
893		default_split_user_count = 0;
894
895		/*
896		* default_split_server_count: when the servercount is lower than this,
897	<	* consider ourselves split.  This must be set for automatic splitmode.
897	>	* consider ourselves split. This must be set for automatic splitmode.
898		*/
899		default_split_server_count = 0;
900
901	<	/* no_create_on_split: disallow users creating channels on split. */
901	>	/* no_create_on_split: do not allow users to create channels on split. */
902		no_create_on_split = yes;
903
904	<	/* no_join_on_split: disallow users joining channels at all on a split. */
904	>	/* no_join_on_split: do not allow users to join channels on a split. */
905		no_join_on_split = no;
906		};
907
908		/*
909		* serverhide {}:  The serverhide block contains the options regarding
910	<	* serverhiding
910	>	* to server hiding
911		*/
912		serverhide {
913		/*
914	+	* disable_remote_commands: disable users issuing commands
915	+	* on remote servers.
916	+	*/
917	+	disable_remote_commands = no;
918	+
919	+	/*
920		* flatten_links: this option will show all servers in /links appear
921	<	* that they are linked to this current server
921	>	* as though they are linked to this current server.
922		*/
923		flatten_links = no;
924
#	Line 840 | Line 930 | serverhide {
930
931		/*
932		* hidden: hide this server from a /links output on servers that
933	<	* support it.  This allows hub servers to be hidden etc.
933	>	* support it. This allows hub servers to be hidden etc.
934		*/
935		hidden = no;
936
#	Line 851 | Line 941 | serverhide {
941		hide_servers = no;
942
943		/*
944	+	* hide_services: define this if you want to hide the location of
945	+	* services servers that are specified in the service{} block.
946	+	*/
947	+	hide_services = no;
948	+
949	+	/*
950		* Use this as the servername users see if hide_servers = yes.
951		*/
952		hidden_name = "*.hidden.com";
953
954		/*
955		* hide_server_ips: If this is disabled, opers will be unable to see
956	<	* servers ips and will be shown a masked ip, admins will be shown the
957	<	* real ip.
956	>	* servers' IP addresses and will be shown a masked IP address; admins
957	>	* will be shown the real IP address.
958		*
959	<	* If this is enabled, nobody can see a servers ip. *This is a kludge*,
960	<	* it has the side effect of hiding the ips everywhere, including
961	<	* logfiles.
959	>	* If this is enabled, nobody can see a server's IP address.
960	>	* *This is a kludge*: it has the side effect of hiding the IP addresses
961	>	* everywhere, including logfiles.
962		*
963		* We recommend you leave this disabled, and just take care with who you
964	<	* give admin=yes; to.
964	>	* give administrator privileges to.
965		*/
966		hide_server_ips = no;
967		};
968
969		/*
970		* general {}:  The general block contains many of the options that were once
971	<	* compiled in options in config.h.  The general block is read at start time.
971	>	* compiled in options in config.h
972		*/
973		general {
974	+	/*
975	+	* cycle_on_host_change: sends a fake QUIT/JOIN combination
976	+	* when services change the hostname of a specific client.
977	+	*/
978	+	cycle_on_host_change = yes;
979	+
980		/* services_name: servername of nick/channel services */
981		services_name = "service.someserver";
982
983		/* max_watch: maximum WATCH entries a client can have. */
984	<	max_watch = 60;
984	>	max_watch = 30;
985	>
986	>	/* max_accept: maximum allowed /accept's for +g usermode. */
987	>	max_accept = 30;
988
989	<	/* gline_enable: enable glines, network wide temp klines */
989	>	/* gline_enable: enable glines (network-wide temporary klines). */
990		gline_enable = yes;
991
992		/*
993		* gline_duration: the amount of time a gline will remain on your
994	<	* server before expiring
994	>	* server before expiring.
995		*/
996		gline_duration = 1 day;
997
998		/*
999	<	* gline_request_duration:  how long a pending G-line can be around.
1000	<	* 10 minutes should be plenty
999	>	* gline_request_duration: how long a pending G-line can be around.
1000	>	* 10 minutes should be plenty.
1001		*/
1002		gline_request_duration = 10 minutes;
1003
1004		/*
1005		* gline_min_cidr: the minimum required length of a CIDR bitmask
1006	<	* for IPv4 based glines
1006	>	* for IPv4 based glines.
1007		*/
1008		gline_min_cidr = 16;
1009
1010		/*
1011		* gline_min_cidr6: the minimum required length of a CIDR bitmask
1012	<	* for IPv6 based glines
1012	>	* for IPv6 based glines.
1013		*/
1014		gline_min_cidr6 = 48;
1015
1016		/*
1017	<	* Whether to automatically set mode +i on connecting users.
1017	>	* invisible_on_connect: whether to automatically set mode +i on
1018	>	* connecting users.
1019		*/
1020		invisible_on_connect = yes;
1021
1022		/*
1023	<	* Max time from the nickname change that still causes KILL
1024	<	* automatically to switch for the current nick of that user.
1023	>	* kill_chase_time_limit: KILL chasing is a feature whereby a KILL
1024	>	* issued for a user who has recently changed nickname will be applied
1025	>	* automatically to the new nick. kill_chase_time_limit is the maximum
1026	>	* time following a nickname change that this chasing will apply.
1027		*/
1028	<	kill_chase_time_limit = 90 seconds;
1028	>	kill_chase_time_limit = 30 seconds;
1029
1030		/*
1031	<	* If hide_spoof_ips is disabled, opers will be allowed to see the real
1032	<	* IP of spoofed users in /trace etc. If this is defined they will be
1033	<	* shown a masked IP.
1031	>	* hide_spoof_ips: if disabled, opers will be allowed to see the real
1032	>	* IP address of spoofed users in /trace etc. If this is defined they
1033	>	* will be shown a masked IP.
1034		*/
1035		hide_spoof_ips = yes;
1036
1037		/*
1038	<	* Ignore bogus timestamps from other servers.  Yes, this will desync
1039	<	* the network, but it will allow chanops to resync with a valid non TS 0
1038	>	* Ignore bogus timestamps from other servers. Yes, this will desync the
1039	>	* network, but it will allow chanops to resync with a valid non TS 0
1040		*
1041		* This should be enabled network wide, or not at all.
1042		*/
#	Line 940 | Line 1048 | general {
1048		*/
1049		disable_auth = no;
1050
943	–	/* disable_remote_commands: disable users doing commands on remote servers */
944	–	disable_remote_commands = no;
945	–
1051		/*
1052		* tkline_expire_notices: enables or disables temporary kline/xline
1053		* expire notices.
#	Line 951 | Line 1056 | general {
1056
1057		/*
1058		* default_floodcount: the default value of floodcount that is configurable
1059	<	* via /quote set floodcount.  This is the amount of lines a user
1059	>	* via /quote set floodcount. This is the number of lines a user
1060		* may send to any other user/channel in one second.
1061		*/
1062		default_floodcount = 10;
1063
1064		/*
1065	<	* failed_oper_notice: send a notice to all opers on the server when
1065	>	* failed_oper_notice: send a notice to all opers on the server when
1066		* someone tries to OPER and uses the wrong password, host or ident.
1067		*/
1068		failed_oper_notice = yes;
1069
1070		/*
1071	<	* dots_in_ident: the amount of '.' characters permitted in an ident
1071	>	* dots_in_ident: the number of '.' characters permitted in an ident
1072		* reply before the user is rejected.
1073		*/
1074		dots_in_ident = 2;
1075
1076		/*
1077	<	* min_nonwildcard: the minimum non wildcard characters in k/d/g lines
1078	<	* placed via the server.  klines hand placed are exempt from limits.
1079	<	* wildcard chars: '.' ':' '*' '?' '@' '!' '#'
1077	>	* min_nonwildcard: the minimum number of non-wildcard characters in
1078	>	* k/d/g lines placed via the server. K-lines hand-placed are exempt from
1079	>	* this limit.
1080	>	* Wildcard chars: '.', ':', '*', '?', '@', '!'
1081		*/
1082		min_nonwildcard = 4;
1083
1084		/*
1085	<	* min_nonwildcard_simple: the minimum non wildcard characters in
1086	<	* gecos bans.  wildcard chars: '*' '?' '#'
1085	>	* min_nonwildcard_simple: the minimum number of non-wildcard characters
1086	>	* in gecos bans. Wildcard chars: '*', '?'
1087		*/
1088		min_nonwildcard_simple = 3;
1089
1090	<	/* max_accept: maximum allowed /accept's for +g usermode */
985	<	max_accept = 20;
986	<
987	<	/* anti_nick_flood: enable the nickflood control code */
1090	>	/* anti_nick_flood: enable the nickflood control code. */
1091		anti_nick_flood = yes;
1092
1093	<	/* nick flood: the nick changes allowed in the specified period */
1093	>	/* nick flood: the number of nick changes allowed in the specified period */
1094		max_nick_time = 20 seconds;
1095		max_nick_changes = 5;
1096
#	Line 998 | Line 1101 | general {
1101		anti_spam_exit_message_time = 5 minutes;
1102
1103		/*
1104	<	* ts delta: the time delta allowed between server clocks before
1105	<	* a warning is given, or before the link is dropped.  all servers
1106	<	* should run ntpdate/rdate to keep clocks in sync
1104	>	* ts_warn_delta, ts_max_delta: the time delta allowed between server
1105	>	* clocks before a warning is given, or before the link is dropped.
1106	>	* All servers should run ntpdate/rdate to keep clocks in sync
1107		*/
1108	<	ts_warn_delta = 30 seconds;
1109	<	ts_max_delta = 5 minutes;
1108	>	ts_warn_delta = 10 seconds;
1109	>	ts_max_delta = 2 minutes;
1110
1111		/*
1112	<	* warn_no_nline: warn opers about servers that try to connect but
1113	<	* we don't have a connect {} block for.  Twits with misconfigured
1114	<	* servers can get really annoying with this enabled.
1112	>	* warn_no_connect_block: warn opers about servers that try to connect
1113	>	* but for which we don't have a connect {} block. Twits with
1114	>	* misconfigured servers can become really annoying with this enabled.
1115		*/
1116	<	warn_no_nline = yes;
1116	>	warn_no_connect_block = yes;
1117
1118		/*
1119		* stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1120	<	* operators and administrators.  Doing so is a good idea in case
1120	>	* operators and administrators. Doing so is a good idea in case
1121		* there are any exempted (exempt{}) server IPs you don't want to
1122		* see leaked.
1123		*/
1124		stats_e_disabled = no;
1125
1126	<	/* stats_o_oper only: make stats o (opers) oper only */
1126	>	/* stats_o_oper_only: make stats o (opers) oper only */
1127		stats_o_oper_only = yes;
1128
1129		/* stats_P_oper_only: make stats P (ports) oper only */
1130		stats_P_oper_only = yes;
1131
1132	+	/* stats_u_oper_only: make stats u (uptime) oper only */
1133	+	stats_u_oper_only = no;
1134	+
1135		/*
1136	<	* stats i oper only: make stats i (auth {}) oper only. set to:
1137	<	*     yes:    show users no auth blocks, made oper only.
1138	<	*     masked: show users first matching auth block
1139	<	*     no:     show users all auth blocks.
1136	>	* stats_i_oper_only: make stats i (auth {}) oper only. Set to:
1137	>	*     yes    - show users no auth blocks, made oper only.
1138	>	*     masked - show users the first matching auth block
1139	>	*     no     - show users all auth blocks.
1140		*/
1141		stats_i_oper_only = yes;
1142
1143		/*
1144	<	* stats_k_oper_only: make stats k/K (klines) oper only.  set to:
1145	<	*     yes:    show users no auth blocks, made oper only
1146	<	*     masked: show users first matching auth block
1147	<	*     no:     show users all auth blocks.
1144	>	* stats_k_oper_only: make stats k/K (klines) oper only. Set to:
1145	>	*     yes    - show users no auth blocks, made oper only
1146	>	*     masked - show users the first matching auth block
1147	>	*     no     - show users all auth blocks.
1148		*/
1149		stats_k_oper_only = yes;
1150
#	Line 1055 | Line 1161 | general {
1161		opers_bypass_callerid = no;
1162
1163		/*
1164	<	* pace_wait_simple: time between use of less intensive commands
1165	<	* (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
1164	>	* pace_wait_simple: minimum time required between use of less
1165	>	* intensive commands
1166	>	* (ADMIN, HELP, LUSERS, VERSION, remote WHOIS)
1167		*/
1168		pace_wait_simple = 1 second;
1169
1170		/*
1171	<	* pace_wait: time between more intensive commands
1172	<	* (AWAY, INFO, LINKS, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
1171	>	* pace_wait: minimum time required between use of more intensive commands
1172	>	* (AWAY, INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS)
1173		*/
1174		pace_wait = 10 seconds;
1175
1176		/*
1177	<	* short_motd: send clients a notice telling them to read the motd
1178	<	* instead of forcing a motd to clients who may simply ignore it.
1177	>	* short_motd: send clients a notice telling them to read the MOTD
1178	>	* instead of forcing an MOTD to clients who may simply ignore it.
1179		*/
1180		short_motd = no;
1181
#	Line 1083 | Line 1190 | general {
1190
1191		/*
1192		* true_no_oper_flood: completely eliminate flood limits for opers
1193	<	* and for clients with can_flood = yes in their auth {} blocks
1193	>	* and for clients with can_flood = yes in their auth {} blocks.
1194		*/
1195		true_no_oper_flood = yes;
1196
1197	<	/* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
1197	>	/* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels. */
1198		oper_pass_resv = yes;
1199
1200	<	/* REMOVE ME.  The following line checks you've been reading. */
1200	>	/* REMOVE ME. The following line checks that you have been reading. */
1201		havent_read_conf = 1;
1202
1203		/*
1204	<	* max_targets: the maximum amount of targets in a single
1205	<	* PRIVMSG/NOTICE.  Set to 999 NOT 0 for unlimited.
1204	>	* max_targets: the maximum number of targets in a single
1205	>	* PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1206		*/
1207		max_targets = 4;
1208
1209		/*
1103	–	* message_locale: the default message locale
1104	–	* Use "standard" for the compiled in defaults.
1105	–	* To install the translated messages, go into messages/ in the
1106	–	* source directory and run `make install'.
1107	–	*/
1108	–	message_locale = "standard";
1109	–
1110	–	/*
1210		* usermodes configurable: a list of usermodes for the options below
1211		*
1212		* +b - bots         - See bot and drone flooding notices
1213		* +c - cconn        - Client connection/quit notices
1115	–	* +C - cconn_full   - Client connection/quit notices full
1214		* +D - deaf         - Don't receive channel messages
1215		* +d - debug        - See debugging notices
1216	+	* +e - external     - See remote server connection and split notices
1217	+	* +F - farconnect   - Remote client connection/quit notices
1218		* +f - full         - See auth{} block full notices
1219		* +G - softcallerid - Server Side Ignore for users not on your channels
1220		* +g - callerid     - Server Side Ignore (for privmsgs etc)
1221		* +H - hidden       - Hides operator status to other users
1222	<	* +i - invisible    - Not shown in NAMES or WHO unless you share a
1123	<	*                     a channel
1222	>	* +i - invisible    - Not shown in NAMES or WHO unless you share a channel
1223		* +j - rej          - See rejected client notices
1224		* +k - skill        - See server generated KILL messages
1225		* +l - locops       - See LOCOPS messages
1226		* +n - nchange      - See client nick changes
1227	+	* +p - hidechans    - Hides channel list in WHOIS
1228	+	* +q - hideidle     - Hides idle and signon time in WHOIS
1229	+	* +R - nononreg     - Only receive private messages from registered clients
1230		* +s - servnotice   - See general server notices
1231		* +u - unauth       - See unauthorized client notices
1232		* +w - wallop       - See server generated WALLOPS
1131	–	* +x - external     - See remote server connection and split notices
1233		* +y - spy          - See LINKS, STATS, TRACE notices etc.
1133	–	* +z - operwall     - See oper generated WALLOPS
1234		*/
1235
1236		/* oper_only_umodes: usermodes only opers may set */
1237	<	oper_only_umodes = bots, cconn, cconn_full, debug, full, hidden, skill,
1238	<	nchange, rej, spy, external, operwall,
1239	<	locops, unauth;
1237	>	oper_only_umodes = bots, cconn, debug, full, hidden, skill,
1238	>	nchange, rej, spy, external,
1239	>	locops, unauth, farconnect;
1240
1241		/* oper_umodes: default usermodes opers get when they /oper */
1242	<	oper_umodes = bots, locops, servnotice, operwall, wallop;
1242	>	oper_umodes = bots, locops, servnotice, wallop;
1243
1244		/*
1245		* use_egd: if your system does not have *random devices yet you
1246	<	* want to use OpenSSL and encrypted links, enable this.  Beware -
1247	<	* EGD is *very* CPU intensive when gathering data for its pool
1246	>	* want to use OpenSSL and encrypted links, enable this. Beware -
1247	>	* EGD is *very* CPU intensive when gathering data for its pool.
1248		*/
1249		#       use_egd = yes;
1250
#	Line 1154 | Line 1254 | general {
1254		*/
1255		#       egdpool_path = "/var/run/egd-pool";
1256
1257	+
1258	+	/*
1259	+	* throttle_count: the maximum number of connections from the same
1260	+	* IP address allowed in throttle_time duration.
1261	+	*/
1262	+	throttle_count = 1;
1263	+
1264		/*
1265	<	* throttle_time: the minimum amount of time between connections from
1266	<	* the same ip.  exempt {} blocks are excluded from this throttling.
1267	<	* Offers protection against flooders who reconnect quickly.
1265	>	* throttle_time: the minimum amount of time required between
1266	>	* connections from the same IP address. exempt {} blocks are
1267	>	* excluded from this throttling.
1268	>	* Offers protection against flooders who reconnect quickly.
1269		* Set to 0 to disable.
1270		*/
1271	<	throttle_time = 10;
1271	>	throttle_time = 2 seconds;
1272		};
1273
1274		modules {
#	Line 1171 | Line 1279 | modules {
1279		path = "/usr/local/ircd/lib/ircd-hybrid/modules";
1280		path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload";
1281
1282	<	/* module: the name of a module to load on startup/rehash */
1283	<	#module = "some_module.la";
1282	>	/* module: the name of a module to load on startup/rehash. */
1283	>	#       module = "some_module.la";
1284		};
1285
1286		/*
#	Line 1184 | Line 1292 | log {
1292
1293		file {
1294		type = oper;
1295	<	name = "/home/ircd/var/log/oper.log";
1295	>	name = "/usr/local/ircd/var/log/oper.log";
1296		size = unlimited;
1297		};
1298
1299		file {
1300		type = user;
1301	<	name = "/home/ircd/var/log/user.log";
1301	>	name = "/usr/local/ircd/var/log/user.log";
1302		size = 50 megabytes;
1303		};
1304
1305		file {
1306		type = kill;
1307	<	name = "/home/ircd/var/log/kill.log";
1307	>	name = "/usr/local/ircd/var/log/kill.log";
1308		size = 50 megabytes;
1309		};
1310
1311		file {
1312		type = kline;
1313	<	name = "/home/ircd/var/log/kline.log";
1313	>	name = "/usr/local/ircd/var/log/kline.log";
1314		size = 50 megabytes;
1315		};
1316
1317		file {
1318		type = dline;
1319	<	name = "/home/ircd/var/log/dline.log";
1319	>	name = "/usr/local/ircd/var/log/dline.log";
1320		size = 50 megabytes;
1321		};
1322
1323		file {
1324		type = gline;
1325	<	name = "/home/ircd/var/log/gline.log";
1325	>	name = "/usr/local/ircd/var/log/gline.log";
1326	>	size = 50 megabytes;
1327	>	};
1328	>
1329	>	file {
1330	>	type = xline;
1331	>	name = "/usr/local/ircd/var/log/xline.log";
1332	>	size = 50 megabytes;
1333	>	};
1334	>
1335	>	file {
1336	>	type = resv;
1337	>	name = "/usr/local/ircd/var/log/resv.log";
1338		size = 50 megabytes;
1339		};
1340
1341		file {
1342		type = debug;
1343	<	name = "/home/ircd/var/log/debug.log";
1343	>	name = "/usr/local/ircd/var/log/debug.log";
1344		size = 50 megabytes;
1345	<	};
1345	>	};
1346		};

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines (old)
>	Changed lines (new)