[ViewVC] Diff of: svn/ircd-hybrid/branches/8.2.x/doc/reference.conf

Comparing:
ircd-hybrid/trunk/doc/example.conf (file contents), Revision 1783 by michael, Thu Jan 24 19:26:51 2013 UTC vs.
ircd-hybrid/trunk/doc/reference.conf (file contents), Revision 2267 by michael, Mon Jun 17 23:30:36 2013 UTC

-<
+/* doc/example.conf - ircd-hybrid-8 Example configuration file
->
+/* ircd-hybrid reference configuration file
+ * Copyright (C) 2000-2013 Hybrid Development Team
+ * Written by ejb, wcampbel, db, leeh and others
-–
+ * Other example configurations can be found in the source dir under
-–
+ * doc/.
+ * $Id$
+ */
-<
+/* IMPORTANT NOTES:
->
+/*
->
+ * ########################################################################
->
+ * IMPORTANT NOTES:
+ * auth {} blocks MUST be specified in order of precedence.  The first one
+ * that matches a user will be used.  So place spoofs first, then specials,
+ * then general access.
-+
+ * ########################################################################
+ * Shell style (#), C++ style (//) and C style comments are supported.
+ * Sizes and times may be singular or plural.
+ */
-<
+/* EFNET NOTE:
-<
+ *
-<
+ * This config file is NOT suitable for EFNet.  EFNet admins should use
-<
+ * example.efnet.conf
-<
+ */
-<
->
+/*
+ * serverinfo {}:  contains information about the server
+ */
+         * sid: a server's unique ID.  This is three characters long and must
+         * be in the form [0-9][A-Z0-9][A-Z0-9].  The first character must be
+         * a digit, followed by 2 alpha-numerical letters.
-<
+         * NOTE: The letters must be capitalized.  This cannot be changed at runtime.
->
+         * NOTE: The letters must be capitalized. This cannot be changed at runtime.
+         */
-<
+        sid = "_CHANGE_ME_";
->
+        sid = "0HY";
+        /*
+         * description: the description of the server.
+        /*
+         * network info: the name and description of the network this server
-<
+         * is on.  Shown in the 005 reply and used with serverhiding.
->
+         * is on. Shown in the 005 reply and used with serverhiding.
+         */
+        network_name = "MyNet";
+        network_desc = "This is My Network";
+         * vhost: the IP to bind to when we connect outward to ipv4 servers.
+         * This should be an ipv4 IP only, or "*" for INADDR_ANY.
+         */
-<
+        #vhost = "192.169.0.1";
->
+#       vhost = "192.169.0.1";
+        /*
+         * vhost6: the IP to bind to when we connect outward to ipv6 servers.
+         * This should be an ipv6 IP only, or "*" for INADDR_ANY.
+         */
-<
+        #vhost6 = "3ffe:80e8:546::2";
->
+#       vhost6 = "3ffe:80e8:546::2";
-<
+        /* max_clients: the maximum number of clients allowed to connect */
->
+        /* max_clients: the maximum number of clients allowed to connect. */
+        max_clients = 512;
+        /*
+         *      chmod 0600 rsa.key
+         *      chmod 0644 rsa.pub
+         */
-<
+        #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
->
+#       rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
+        /*
+         * ssl_certificate_file: the path to the file containing our
+         * ssl certificate for encrypted client connection.
+         * This assumes your private RSA key is stored in rsa.key. You
-<
+         * MUST have an RSA key in order to generate the certificate
->
+         * MUST have an RSA key in order to generate the certificate.
->
+         *
->
+         * Example command:
+         *      openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
+         *      Common Name: irc.someirc.net
+         *      E-mail: you@domain.com
+         */
-<
+        #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
->
+#       ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
+        /*
+         * ssl_dh_param_file:
+         * regarding specific OpenSSL dhparam command-line options
+         * can be found in the OpenSSL manual.
+         */
-<
+        #ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
->
+#       ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
+        /*
+         * ssl_cipher_list:
+         * Multiple ciphers are separated by colons. The order of preference is
+         * from left to right.
+         */
-<
+        #ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
->
+#       ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
+        /*
+         * ssl_server_method:
+         * outgoing (client method) SSL/TLS connections.
+         * This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1.
+         */
-<
+        #ssl_server_method = tlsv1, sslv3;
-<
+        #ssl_client_method = tlsv1;
->
+#       ssl_server_method = tlsv1, sslv3;
->
+#       ssl_client_method = tlsv1;
+};
+/*
+ * class {}:  contains information about classes for users
+ */
+class {
-<
+        /* name: the name of the class */
->
+        /* name: the name of the class. */
+        name = "users";
+        /*
+        /*
+         * the following lines are optional and allow you to define
-<
+         * how many users can connect from one /NN subnet
->
+         * how many users can connect from one /NN subnet.
+         */
+        cidr_bitlen_ipv4 = 24;
+        cidr_bitlen_ipv6 = 120;
+        sendq = 100 kbytes;
+        /*
-<
+         * min_idle: minimum idle time that is shown in /whois
->
+         * min_idle: minimum idle time that is shown in /whois.
+         */
+        min_idle = 3 hours;
+        /*
-<
+         * max_idle: maximum idle time that is shown in /whois
->
+         * max_idle: maximum idle time that is shown in /whois.
+         */
+        max_idle = 8 hours;
+        ping_time = 90 seconds;
+        /*
-<
+         * connectfreq: only used in server classes.  Specifies the delay
->
+         * connectfreq: only used in server classes. Specifies the delay
+         * between autoconnecting to servers.
+         */
+        connectfreq = 5 minutes;
-<
+        /* max number: the amount of servers to autoconnect to */
->
+        /* max number: the amount of servers to autoconnect to. */
+        max_number = 1;
-<
+        /* sendq: servers need a higher sendq as they send more data */
->
+        /* sendq: servers need a higher sendq as they send more data. */
+        sendq = 2 megabytes;
+};
+/*
-+
+ * motd {}: Allows to show a different MOTD to a client
-+
+ * depending on its origin. Applies to local users only.
-+
+ */
-+
+motd {
-+
+        /*
-+
+         * mask: multiple mask entries are permitted. Mask can either be
-+
+         * a class name or a hostname.
-+
+         */
-+
+        mask = "*.at";
-+
+        mask = "*.de";
-+
+        mask = "*.ch";
-+
-+
+        /*
-+
+         * file: path to the actual motd file.
-+
+         */
-+
+        file = "/usr/local/ircd/etc/german.motd";
-+
+};
-+
-+
+/*
+ * listen {}:  contains information about the ports ircd listens on
+ */
+listen {
+        /*
-<
+         * port: the specific port to listen on.  If no host is specified
->
+         * port: the specific port to listen on. If no host is specified
+         * before, it will listen on all available IPs.
+         * Ports are separated via a comma, a range may be specified using ".."
+         * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
+         * unless you are an administrator.
-<
+         * NOTE: The "flags" directive has to come before "port".  Always!
->
+         * NOTE: The "flags" directive has to come before "port". Always!
+         * Currently available flags are:
+        /*
+         * host: set a specific IP/host the ports after the line will listen
-<
+         * on.  This may be ipv4 or ipv6.
->
+         * on. This may be ipv4 or ipv6.
+         */
+        host = "1.2.3.4";
+        port = 7000, 7001;
+        encrypted = yes;
+        /*
-<
+         * spoof: fake the users host to this.  This is free-form,
-<
+         * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
->
+         * spoof: fake the users host to this. This is free-form, just do
->
+         * everyone a favor and don't abuse it. ('=' prefix on /stats I)
+         */
+        spoof = "I.still.hate.packets";
+         * resv_exempt   - exempt this user from resvs ('$' prefix on /stats I)
+         * no_tilde      - remove ~ from a user with no ident ('-' prefix on /stats I)
+         * can_flood     - allow this user to exceed flood limits ('|' prefix on /stats I)
-<
+         * webirc        - enables WEBIRC authentication for web-based clients such as Mibbit
->
+         * webirc        - enables WEBIRC authentication for web-based clients such as Mibbit
+         *                 ('<' prefix on /stats I)
+         */
+        flags = need_password, spoof_notice, exceed_limit, kline_exempt,
+auth {
+        /*
-<
+         * redirect: the server and port to redirect a user to.  A user does
-<
+         * not have to obey the redirection, the ircd just suggests an alternative
->
+         * redirect: the server and port to redirect a user to. A user does not
->
+         * have to obey the redirection, the ircd just suggests an alternative
+         * server for them.
+         */
+        redirserv = "this.is.not.a.real.server";
+/*
+ * operator {}:  defines ircd operators
-–
+ *
-–
+ * ircd-hybrid no longer supports local operators, privileges are
-–
+ * controlled via flags.
+ */
+operator {
+        /* name: the name of the oper */
+        user = "*@127.0.0.0/8";
+        /*
-<
+         * password: the password required to oper.  By default this will
->
+         * password: the password required to oper. By default this will
+         * need to be encrypted by using the provided mkpasswd tool.
+         * Several password hash algorithms are available depending
+         * on your system's crypt() implementation. For example, a modern
+         */
+#       rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
-+
+        /*
-+
+         * ssl_certificate_fingerprint: enhances security by additionally checking
-+
+         * the oper's client certificate fingerprint against the specified
-+
+         * fingerprint below.
-+
+         *
-+
+         * Hint: your users can use the following command to obtain a SHA-256 hash
-+
+         * of their ssl certificate:
-+
+         *
-+
+         *      openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g'
-+
+         */
-+
+#       ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
-+
-+
+        /*
-+
+         * ssl_connection_required: client must be connected over SSL/TLS
-+
+         * in order to be able to use this oper{} block.
-+
+         */
-+
+        ssl_connection_required = no;
-+
+        /* class: the class the oper joins when they successfully /oper */
+        class = "opers";
+        /*
-<
+         * umodes: default usermodes opers get when they /oper.  If defined,
->
+         * umodes: default usermodes opers get when they /oper. If defined,
+         * it will override oper_umodes settings in general {}.
+         * Available usermodes:
+         * +b - bots         - See bot and drone flooding notices
+         * +c - cconn        - Client connection/quit notices
-–
+         * +C - cconn_full   - Client connection/quit notices full
+         * +D - deaf         - Don't receive channel messages
+         * +d - debug        - See debugging notices
-+
+         * +e - external     - See remote server connection and split notices
-+
+         * +F - farconnect   - Remote client connection/quit notices
+         * +f - full         - See auth{} block full notices
+         * +G - softcallerid - Server Side Ignore for users not on your channels
+         * +g - callerid     - Server Side Ignore (for privmsgs etc)
+         * +H - hidden       - Hides operator status to other users
-<
+         * +i - invisible    - Not shown in NAMES or WHO unless you share a
-<
+         *                     a channel
->
+         * +i - invisible    - Not shown in NAMES or WHO unless you share a channel
+         * +j - rej          - See rejected client notices
+         * +k - skill        - See server generated KILL messages
+         * +l - locops       - See LOCOPS messages
+         * +n - nchange      - See client nick changes
-+
+         * +R - nononreg     - Only receive private messages from registered clients
+         * +s - servnotice   - See general server notices
+         * +u - unauth       - See unauthorized client notices
+         * +w - wallop       - See server generated WALLOPS
-–
+         * +x - external     - See remote server connection and split notices
+         * +y - spy          - See LINKS, STATS, TRACE notices etc.
+         * +z - operwall     - See oper generated WALLOPS
+         */
-<
+#       umodes = locops, servnotice, operwall, wallop;
->
+        umodes = locops, servnotice, operwall, wallop;
+        /*
+         * privileges: controls the activities and commands an oper is
+         * allowed to do on the server. All options default to no.
+         * Available options:
-<
+         * module       - allows MODULE
-<
+         * global_kill  - allows remote users to be /KILL'd
-<
+         * remote       - allows remote SQUIT and CONNECT
-<
+         * remoteban    - allows remote KLINE/UNKLINE
-<
+         * dline        - allows DLINE
-<
+         * undline      - allows UNDLINE
-<
+         * kline        - allows KILL and KLINE
-<
+         * unkline      - allows UNKLINE
-<
+         * gline        - allows GLINE
-<
+         * xline        - allows XLINE
-<
+         * globops      - allows GLOBOPS
-<
+         * operwall     - allows OPERWALL
-<
+         * nick_changes - allows oper to see nickchanges via usermode +n
-<
+         * rehash       - allows oper to REHASH config
-<
+         * die          - allows DIE
-<
+         * restart      - allows RESTART
-<
+         * set          - allows SET
-<
+         * admin        - gives admin privileges. admins for example,
-<
+         *                may see the real IP addresses of servers.
->
+         * module         - allows MODULE
->
+         * connect        - allows local CONNECT              | ('P' flag)
->
+         * connect:remote - allows remote CONNECT             | ('Q' flag)
->
+         * squit          - allows local SQUIT                | ('R' flag)
->
+         * squit:remote   - allows remote SQUIT               | ('S' flag)
->
+         * kill           - allows to KILL local clients      | ('N' flag)
->
+         * kill:remote    - allows remote users to be /KILL'd | ('O' flag)
->
+         * remoteban      - allows remote KLINE/UNKLINE       | ('B' flag)
->
+         * dline          - allows DLINE                      |
->
+         * undline        - allows UNDLINE                    |
->
+         * kline          - allows KLINE                      | ('K' flag)
->
+         * unkline        - allows UNKLINE                    | ('U' flag)
->
+         * gline          - allows GLINE                      | ('G' flag)
->
+         * xline          - allows XLINE                      | ('X' flag)
->
+         * locops         - allows LOCOPS                     |
->
+         * globops        - allows GLOBOPS                    |
->
+         * wallops        - allows WALLOPS                    |
->
+         * operwall       - allows OPERWALL                   | ('L' flag)
->
+         * rehash         - allows oper to REHASH config      | ('H' flag)
->
+         * die            - allows DIE                        | ('D' flag)
->
+         * restart        - allows RESTART                    |
->
+         * set            - allows SET                        |
->
+         * admin          - gives administrator privileges    | ('A' flag)
+         */
-<
+        flags = global_kill, remote, kline, unkline, xline, globops, restart,
-<
+                die, rehash, nick_changes, admin, operwall, module;
->
+        flags = kill, kill:remote, connect, connect:remote, kline, unkline,
->
+                xline, globops, restart, die, rehash, admin, operwall, module;
+};
+/*
+        name = "irc.uplink.com";
+        /*
-<
+         * host: the host or IP to connect to.  If a hostname is used it
->
+         * host: the host or IP to connect to. If a hostname is used it
+         * must match the reverse dns of the server.
+         */
+        host = "192.168.0.1";
+        port = 6666;
+        /*
-<
+         * hub_mask: the mask of servers that this server may hub.  Multiple
-<
+         * entries are permitted
->
+         * hub_mask: the mask of servers that this server may hub. Multiple
->
+         * entries are permitted.
+         */
+        hub_mask = "*";
+        /*
-<
+         * leaf_mask: the mask of servers this server may not hub.  Multiple
-<
+         * entries are permitted.  Useful for forbidding EU -> US -> EU routes.
->
+         * leaf_mask: the mask of servers this server may not hub. Multiple
->
+         * entries are permitted. Useful for forbidding EU -> US -> EU routes.
+         */
+#       leaf_mask = "*.uk";
+         * Multiple ciphers are separated by colons. The order of preference
+         * is from left to right.
+         */
-<
+        #ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
->
+#       ssl_cipher_list = "DHE-RSA-AES256-SHA:AES256-SHA";
->
->
+        /*
->
+         * ssl_certificate_fingerprint: enhances security by additionally checking
->
+         * the server's client certificate fingerprint against the specified
->
+         * fingerprint below.
->
+         */
->
+#       ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
+        /*
+         * autoconn   - controls whether we autoconnect to this server or not,
+ * NOTE: This can be effectively used for remote klines.
+ *       Please note that there is no password authentication
-<
+ *       for users setting remote klines.  You must also be
->
+ *       for users setting remote klines. You must also be
+ *       /oper'd in order to issue a remote kline.
+ */
+shared {
+        /*
-<
+         * name: the server the user must be on to set klines.  If this is not
->
+         * name: the server the user must be on to set klines. If this is not
+         * specified, the user will be allowed to kline from all servers.
+         */
+        name = "irc2.some.server";
+        /*
-<
+         * user: the user@host mask that is allowed to set klines.  If this is
->
+         * user: the user@host mask that is allowed to set klines. If this is
+         * not specified, all users on the server above will be allowed to set
+         * a remote kline.
+         */
+        reason = "Obviously hacked account";
+};
-–
+kill {
-–
+        user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.tld$";
-–
-–
+        /*
-–
+         * NOTE: You have to set type=regex; when using a regular expression
-–
+         * based user entry
-–
+         */
-–
+        type = regex;
-–
+};
-–
+/*
+ * deny {}:  IPs that are not allowed to connect (before DNS/ident lookup)
+ * Oper issued dlines will be added to the specified dline config
+};
+/*
-<
+ * exempt {}: IPs that are exempt from deny {} and Dlines
->
+ * exempt {}:  IPs that are exempt from deny {} and Dlines
+ */
+exempt {
+        ip = "192.168.0.0/16";
+/*
+ * resv {}:  nicks and channels users may not use/join
+ */
-+
+resv { mask = "clone*"; reason = "Clone bots"; };
-+
+resv { mask = "ChanServ"; reason = "Reserved for services"; };
-+
+resv { mask = "NickServ"; reason = "Reserved for services"; };
-+
+resv { mask = "OperServ"; reason = "Reserved for services"; };
-+
+resv { mask = "MemoServ"; reason = "Reserved for services"; };
-+
+resv { mask = "BotServ"; reason = "Reserved for services"; };
-+
+resv { mask = "HelpServ"; reason = "Reserved for services"; };
-+
+resv { mask = "HostServ"; reason = "Reserved for services"; };
-+
+resv { mask = "StatServ"; reason = "Reserved for services"; };
-+
+resv { mask = "#*services*"; reason = "Reserved for services"; };
-+
+resv {
-<
+        /* reason: the reason for the proceeding resv's */
-<
+        reason = "Reserved for services";
->
+        /*
->
+         * mask: masks starting with a '#' are automatically considered
->
+         * as channel name mask.
->
+         */
->
+        mask = "#helsinki";
->
+        reason = "Channel is reserved for finnish inhabitants";
-<
+        /* resv: the nicks and channels users may not join/use */
-<
+        nick = "Global";
-<
+        nick = "DevNull";
-<
+        nick = "BotServ";
-<
+        nick = "Services";
-<
+        nick = "StatServ";
-<
+        nick = "HelpServ";
-<
+        nick = "HostServ";
-<
+        nick = "NickServ";
-<
+        nick = "ChanServ";
-<
+        nick = "MemoServ";
-<
+        nick = "OperServ";
-<
+        channel = "#services";
-<
-<
+        /* resv: wildcard masks are also supported in nicks only */
-<
+        reason = "Clone bots";
-<
+        nick = "clone*";
->
+        /*
->
+         * exempt: can be either a ISO 3166 alpha-2 two letter country
->
+         * code, or a nick!user@host mask. CIDR is supported. Exempt
->
+         * entries can be stacked.
->
+         */
->
+        exempt = "FI";
+};
+/*
-<
+ * gecos {}:  The X: replacement, used for banning users based on
-<
+ * their "realname".
->
+ * gecos {}:  Used for banning users based on their "realname".
+ */
+gecos {
+        name = "*sex*";
+        reason = "Trojan drone";
+};
-–
+gecos {
-–
+        name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
-–
-–
+        /*
-–
+         * NOTE: You have to set type=regex; when using a regular expression
-–
+         * based name entry
-–
+         */
-–
+        type = regex;
-–
+};
-–
+/*
+ * channel {}:  The channel block contains options pertaining to channels
+ */
+        disable_fake_channels = yes;
+        /*
-–
+         * restrict_channels: reverse channel RESVs logic, only reserved
-–
+         * channels are allowed
-–
+         */
-–
+        restrict_channels = no;
-–
-–
+        /*
+         * knock_delay: The amount of time a user must wait between issuing
+         * the knock command.
+         */
+         */
+        max_chans_per_oper = 50;
-–
+        /* quiet_on_ban: stop banned people talking in channels. */
-–
+        quiet_on_ban = yes;
-–
+        /* max_bans: maximum number of +b/e/I modes in a channel */
+        max_bans = 100;
+        /*
+         * default_split_user_count: when the usercount is lower than this level,
-<
+         * consider ourselves split.  This must be set for automatic splitmode.
->
+         * consider ourselves split. This must be set for automatic splitmode.
+         */
+        default_split_user_count = 0;
+        /*
+         * default_split_server_count: when the servercount is lower than this,
-<
+         * consider ourselves split.  This must be set for automatic splitmode.
->
+         * consider ourselves split. This must be set for automatic splitmode.
+         */
+        default_split_server_count = 0;
+ */
+serverhide {
+        /*
-+
+         * disable_remote_commands: disable users doing commands
-+
+         * on remote servers.
-+
+         */
-+
+        disable_remote_commands = no;
-+
-+
+        /*
+         * flatten_links: this option will show all servers in /links appear
-<
+         * that they are linked to this current server
->
+         * that they are linked to this current server.
+         */
+        flatten_links = no;
+        /*
+         * hidden: hide this server from a /links output on servers that
-<
+         * support it.  This allows hub servers to be hidden etc.
->
+         * support it. This allows hub servers to be hidden etc.
+         */
+        hidden = no;
+        hide_servers = no;
+        /*
-+
+         * hide_services: define this if you want to hide the location of
-+
+         * services servers that are specified in the service{} block.
-+
+         */
-+
+        hide_services = no;
-+
-+
+        /*
+         * Use this as the servername users see if hide_servers = yes.
+         */
+        hidden_name = "*.hidden.com";
+        /* max_watch: maximum WATCH entries a client can have. */
+        max_watch = 60;
-<
+        /* gline_enable: enable glines, network wide temp klines */
->
+        /* gline_enable: enable glines, network wide temp klines. */
+        gline_enable = yes;
+        /*
+         * gline_duration: the amount of time a gline will remain on your
-<
+         * server before expiring
->
+         * server before expiring.
+         */
+        gline_duration = 1 day;
+        /*
-<
+         * gline_request_duration:  how long a pending G-line can be around.
-<
+         * 10 minutes should be plenty
->
+         * gline_request_duration: how long a pending G-line can be around.
->
+         * 10 minutes should be plenty.
+         */
+        gline_request_duration = 10 minutes;
+        /*
+         * gline_min_cidr: the minimum required length of a CIDR bitmask
-<
+         * for IPv4 based glines
->
+         * for IPv4 based glines.
+         */
+        gline_min_cidr = 16;
+        /*
+         * gline_min_cidr6: the minimum required length of a CIDR bitmask
-<
+         * for IPv6 based glines
->
+         * for IPv6 based glines.
+         */
+        gline_min_cidr6 = 48;
+        invisible_on_connect = yes;
+        /*
-<
+         * Max time from the nickname change that still causes KILL
-<
+         * automatically to switch for the current nick of that user.
->
+         * kill_chase_time_limit: maximum time from the nickname change that
->
+         * still causes KILL automatically to switch for the current nick of
->
+         * that user.
+         */
+        kill_chase_time_limit = 90 seconds;
+        /*
-<
+         * If hide_spoof_ips is disabled, opers will be allowed to see the real
->
+         * hide_spoof_ips: if disabled, opers will be allowed to see the real
+         * IP of spoofed users in /trace etc. If this is defined they will be
+         * shown a masked IP.
+         */
+        hide_spoof_ips = yes;
+        /*
-<
+         * Ignore bogus timestamps from other servers.  Yes, this will desync
-<
+         * the network, but it will allow chanops to resync with a valid non TS 0
->
+         * Ignore bogus timestamps from other servers. Yes, this will desync the
->
+         * network, but it will allow chanops to resync with a valid non TS 0
+         * This should be enabled network wide, or not at all.
+         */
+         */
+        disable_auth = no;
-–
+        /* disable_remote_commands: disable users doing commands on remote servers */
-–
+        disable_remote_commands = no;
-–
+        /*
+         * tkline_expire_notices: enables or disables temporary kline/xline
+         * expire notices.
+        /*
+         * default_floodcount: the default value of floodcount that is configurable
-<
+         * via /quote set floodcount.  This is the amount of lines a user
->
+         * via /quote set floodcount. This is the amount of lines a user
+         * may send to any other user/channel in one second.
+         */
+        default_floodcount = 10;
+        /*
+         * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
-<
+         * placed via the server.  klines hand placed are exempt from limits.
-<
+         * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
->
+         * placed via the server. K-lines hand placed are exempt from limits.
->
+         * Wildcard chars: '.', ':', '*', '?', '@', '!'
+         */
+        min_nonwildcard = 4;
+        /*
+         * min_nonwildcard_simple: the minimum non wildcard characters in
-<
+         * gecos bans.  wildcard chars: '*' '?' '#'
->
+         * gecos bans. Wildcard chars: '*', '?'
+         */
+        min_nonwildcard_simple = 3;
-<
+        /* max_accept: maximum allowed /accept's for +g usermode */
->
+        /* max_accept: maximum allowed /accept's for +g usermode. */
+        max_accept = 20;
-<
+        /* anti_nick_flood: enable the nickflood control code */
->
+        /* anti_nick_flood: enable the nickflood control code. */
+        anti_nick_flood = yes;
+        /* nick flood: the nick changes allowed in the specified period */
+        /*
+         * ts delta: the time delta allowed between server clocks before
-<
+         * a warning is given, or before the link is dropped.  all servers
->
+         * a warning is given, or before the link is dropped. All servers
+         * should run ntpdate/rdate to keep clocks in sync
+         */
+        ts_warn_delta = 30 seconds;
+        /*
+         * warn_no_nline: warn opers about servers that try to connect but
-<
+         * we don't have a connect {} block for.  Twits with misconfigured
->
+         * we don't have a connect {} block for. Twits with misconfigured
+         * servers can get really annoying with this enabled.
+         */
+        warn_no_nline = yes;
+        /*
+         * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
-<
+         * operators and administrators.  Doing so is a good idea in case
->
+         * operators and administrators. Doing so is a good idea in case
+         * there are any exempted (exempt{}) server IPs you don't want to
+         * see leaked.
+         */
+        stats_P_oper_only = yes;
+        /*
-<
+         * stats i oper only: make stats i (auth {}) oper only. set to:
-<
+         *     yes:    show users no auth blocks, made oper only.
-<
+         *     masked: show users first matching auth block
-<
+         *     no:     show users all auth blocks.
->
+         * stats i oper only: make stats i (auth {}) oper only. Set to:
->
+         *     yes    - show users no auth blocks, made oper only.
->
+         *     masked - show users first matching auth block
->
+         *     no     - show users all auth blocks.
+         */
+        stats_i_oper_only = yes;
+        /*
-<
+         * stats_k_oper_only: make stats k/K (klines) oper only.  set to:
-<
+         *     yes:    show users no auth blocks, made oper only
-<
+         *     masked: show users first matching auth block
-<
+         *     no:     show users all auth blocks.
->
+         * stats_k_oper_only: make stats k/K (klines) oper only. Set to:
->
+         *     yes    - show users no auth blocks, made oper only
->
+         *     masked - show users first matching auth block
->
+         *     no     - show users all auth blocks.
+         */
+        stats_k_oper_only = yes;
+        /*
+         * true_no_oper_flood: completely eliminate flood limits for opers
-<
+         * and for clients with can_flood = yes in their auth {} blocks
->
+         * and for clients with can_flood = yes in their auth {} blocks.
+         */
+        true_no_oper_flood = yes;
-<
+        /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
->
+        /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels. */
+        oper_pass_resv = yes;
+        /* REMOVE ME.  The following line checks you've been reading. */
+        /*
+         * max_targets: the maximum amount of targets in a single
-<
+         * PRIVMSG/NOTICE.  Set to 999 NOT 0 for unlimited.
->
+         * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
+         */
+        max_targets = 4;
+        /*
-–
+         * message_locale: the default message locale
-–
+         * Use "standard" for the compiled in defaults.
-–
+         * To install the translated messages, go into messages/ in the
-–
+         * source directory and run `make install'.
-–
+         */
-–
+        message_locale = "standard";
-–
-–
+        /*
+         * usermodes configurable: a list of usermodes for the options below
+         * +b - bots         - See bot and drone flooding notices
+         * +c - cconn        - Client connection/quit notices
-–
+         * +C - cconn_full   - Client connection/quit notices full
+         * +D - deaf         - Don't receive channel messages
+         * +d - debug        - See debugging notices
-+
+         * +e - external     - See remote server connection and split notices
-+
+         * +F - farconnect   - Remote client connection/quit notices
+         * +f - full         - See auth{} block full notices
+         * +G - softcallerid - Server Side Ignore for users not on your channels
+         * +g - callerid     - Server Side Ignore (for privmsgs etc)
+         * +k - skill        - See server generated KILL messages
+         * +l - locops       - See LOCOPS messages
+         * +n - nchange      - See client nick changes
-+
+         * +R - nononreg     - Only receive private messages from registered clients
+         * +s - servnotice   - See general server notices
+         * +u - unauth       - See unauthorized client notices
+         * +w - wallop       - See server generated WALLOPS
-–
+         * +x - external     - See remote server connection and split notices
+         * +y - spy          - See LINKS, STATS, TRACE notices etc.
+         * +z - operwall     - See oper generated WALLOPS
+         */
+        /* oper_only_umodes: usermodes only opers may set */
-<
+        oper_only_umodes = bots, cconn, cconn_full, debug, full, hidden, skill,
->
+        oper_only_umodes = bots, cconn, debug, full, hidden, skill,
+                           nchange, rej, spy, external, operwall,
-<
+                           locops, unauth;
->
+                           locops, unauth, farconnect;
+        /* oper_umodes: default usermodes opers get when they /oper */
+        oper_umodes = bots, locops, servnotice, operwall, wallop;
+        /*
+         * use_egd: if your system does not have *random devices yet you
-<
+         * want to use OpenSSL and encrypted links, enable this.  Beware -
-<
+         * EGD is *very* CPU intensive when gathering data for its pool
->
+         * want to use OpenSSL and encrypted links, enable this. Beware -
->
+         * EGD is *very* CPU intensive when gathering data for its pool.
+         */
+#       use_egd = yes;
+        /*
+         * throttle_time: the minimum amount of time between connections from
-<
+         * the same ip.  exempt {} blocks are excluded from this throttling.
-<
+         * Offers protection against flooders who reconnect quickly.
->
+         * the same ip. exempt {} blocks are excluded from this throttling.
->
+         * Offers protection against flooders who reconnect quickly.
+         * Set to 0 to disable.
+         */
+        throttle_time = 10;
+        path = "/usr/local/ircd/lib/ircd-hybrid/modules";
+        path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload";
-<
+        /* module: the name of a module to load on startup/rehash */
-<
+        #module = "some_module.la";
->
+        /* module: the name of a module to load on startup/rehash. */
->
+#       module = "some_module.la";
+};
+/*
+        file {
+                type = oper;
-<
+                name = "/home/ircd/var/log/oper.log";
->
+                name = "/usr/local/ircd/var/log/oper.log";
+                size = unlimited;
+        };
+        file {
+                type = user;
-<
+                name = "/home/ircd/var/log/user.log";
->
+                name = "/usr/local/ircd/var/log/user.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = kill;
-<
+                name = "/home/ircd/var/log/kill.log";
->
+                name = "/usr/local/ircd/var/log/kill.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = kline;
-<
+                name = "/home/ircd/var/log/kline.log";
->
+                name = "/usr/local/ircd/var/log/kline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = dline;
-<
+                name = "/home/ircd/var/log/dline.log";
->
+                name = "/usr/local/ircd/var/log/dline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = gline;
-<
+                name = "/home/ircd/var/log/gline.log";
->
+                name = "/usr/local/ircd/var/log/gline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = debug;
-<
+                name = "/home/ircd/var/log/debug.log";
->
+                name = "/usr/local/ircd/var/log/debug.log";
+                size = 50 megabytes;
-<
+        };
->
+        };
+};

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)

Comparing: ircd-hybrid/trunk/doc/example.conf (file contents), Revision 1783 by michael, Thu Jan 24 19:26:51 2013 UTC vs. ircd-hybrid/trunk/doc/reference.conf (file contents), Revision 2267 by michael, Mon Jun 17 23:30:36 2013 UTC

Diff Legend

Comparing:
ircd-hybrid/trunk/doc/example.conf (file contents), Revision 1783 by michael, Thu Jan 24 19:26:51 2013 UTC vs.
ircd-hybrid/trunk/doc/reference.conf (file contents), Revision 2267 by michael, Mon Jun 17 23:30:36 2013 UTC