[ViewVC] Diff of: svn/ircd-hybrid/branches/8.2.x/doc/reference.conf

Comparing ircd-hybrid/branches/8.2.x/doc/reference.conf (file contents):
Revision 3867 by michael, Thu Jun 5 22:11:02 2014 UTC vs.
Revision 5005 by michael, Tue Dec 9 14:19:40 2014 UTC

+ * ########################################################################
+ * IMPORTANT NOTE:
-<
+ * auth {} blocks MUST be specified in order of precedence.  The first one
-<
+ * that matches a user will be used.  So place spoofs first, then specials,
->
+ * auth {} blocks MUST be specified in order of precedence. The first one
->
+ * that matches a user will be used. So place spoofs first, then specials,
+ * then general access.
+ * ########################################################################
+         *      chown <ircd-user>.<ircd.group> rsa.key
+         *      chmod 0600 rsa.key
+         */
-<
+#       rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
->
+#       rsa_private_key_file = "etc/rsa.key";
+        /*
+         * ssl_certificate_file: the path to the file containing our
+         *      Common Name: irc.someirc.net
+         *      E-mail: you@domain.com
+         */
-<
+#       ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
->
+#       ssl_certificate_file = "etc/cert.pem";
+        /*
-<
+         * ssl_dh_param_file:
-<
+         *
-<
+         * Path to the PEM encoded Diffie-Hellman parameter file.
-<
+         * DH parameters are required when using ciphers with EDH
-<
+         * (ephemeral Diffie-Hellman) key exchange.
->
+         * ssl_dh_param_file: path to the PEM encoded Diffie-Hellman
->
+         * parameter file. DH parameters are required when using
->
+         * ciphers with EDH (ephemeral Diffie-Hellman) key exchange.
+         * A DH parameter file can be created by running:
+         * regarding specific OpenSSL dhparam command-line options
+         * can be found in the OpenSSL manual.
+         */
-<
+#       ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem";
->
+#       ssl_dh_param_file = "etc/dhparam.pem";
+        /*
-<
+         * ssl_cipher_list:
->
+         * ssl_dh_elliptic_curve: defines the curve to use for the
->
+         * Elliptic Curve Diffie-Hellman (ECDH) algorithm.
->
+         * Default is ANSI X9.62 prime256v1/secp256r1 if nothing else is specified.
->
+         *
->
+         * A list of supported curves by OpenSSL can be obtained by running:
-<
+         * List of ciphers to support on _this_ server. Can be used to
-<
+         * enforce specific ciphers for incoming SSL/TLS connections.
-<
+         * If a client (which also includes incoming server connections) is not
-<
+         * capable of using any of the ciphers listed here, the connection will
->
+         *      openssl ecparam -list_curves
->
+         */
->
+#       ssl_dh_elliptic_curve = "secp521r1";
->
->
+        /*
->
+         * ssl_cipher_list: list of ciphers to support on _this_ server.
->
+         * Can be used to enforce specific ciphers for incoming SSL/TLS
->
+         * connections. If a client (which also includes incoming server connections)
->
+         * is not capable of using any of the ciphers listed here, the connection will
+         * simply be rejected.
+         * A list of supported ciphers by OpenSSL can be obtained by running:
+#       ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
+        /*
-<
+         * ssl_server_method:
-<
+         * ssl_client_method:
->
+         * ssl_message_digest_algorithm: defines what cryptographic hash function
->
+         * to use for generating fingerprint hashes of X.509 certificates.
->
+         * Default is SHA-256 if nothing else is specified.
->
+         *
->
+         * A list of supported message digest algorithms by OpenSSL can be obtained by running:
-<
+         * SSL/TLS methods we provide for incoming (server method) and
-<
+         * outgoing (client method) SSL/TLS connections.
-<
+         * This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1.
->
+         *      openssl list-message-digest-algorithms
+         */
-<
+#       ssl_server_method = tlsv1, sslv3;
-<
+#       ssl_client_method = tlsv1;
->
+#       ssl_message_digest_algorithm = "sha256";
+};
+/*
-<
+ * admin {}:  contains admin information about the server
->
+ * admin {}:  contains administrative information about the server
+ */
+admin {
+        name = "Smurf target";
+        /*
+         * number_per_ip: how many local users are allowed to connect
-<
+         * from a single IP address  (optional)
->
+         * from a single IP address (optional)
+         */
+        number_per_ip = 2;
+        /*
+         * max_local: how many local users are allowed to connect
-<
+         * from a single ident@host  (optional)
->
+         * from a single ident@host (optional)
+         */
+        max_local = 2;
+        /*
-<
+         * max_global: network-wide limit of users per ident@host  (optional)
->
+         * max_global: network-wide limit of users per ident@host (optional)
+         */
+        max_global = 10;
+        max_number = 100;
+        /*
-<
+         * the following lines are optional and allow you to define
->
+         * The following lines are optional and allow you to define
+         * how many users can connect from one /NN subnet.
+         */
+        cidr_bitlen_ipv4 = 24;
+        /*
+         * recvq: the amount of data allowed in a client's receive queue before
-<
+         * they are dropped for flooding. Defaults to 2560 if the chosen
-<
+         * value isn't within the range of 512 to 8000.
->
+         * they are dropped for flooding. Defaults to 2560 if the chosen value
->
+         * isn't within the range of 512 to 8000.
+         */
+        recvq = 2560 bytes;
+};
+        sendq = 100 kbytes;
+        /*
-+
+         * max_channels: maximum number of channels users in this class can join.
-+
+         */
-+
+        max_channels = 60;
-+
-+
+        /*
+         * min_idle: minimum idle time that is shown in /whois.
+         */
+        min_idle = 3 hours;
+        /*
+         * file: path to the actual motd file.
+         */
-<
+        file = "/usr/local/ircd/etc/german.motd";
->
+        file = "etc/german.motd";
+};
+/*
+         * Ports are separated by commas; a range may be specified using ".."
+         */
-<
+        /* port: listen on all available IP addresses, ports 6665 to 6669 */
->
+        /* port: listen on all available IP addresses, ports 6665 to 6669. */
+        port = 6665 .. 6669;
+        /*
+auth {
+        /*
+         * user: the user@host allowed to connect. Multiple user
-<
+         * lines are permitted within each auth block.
->
+         * lines are permitted within each auth {} block.
+         */
+        user = "*@172.16.0.0/12";
+        user = "*test@123D:B567:*";
-<
+        /* password: an optional password that is required to use this block */
->
+        /* password: an optional password that is required to use this block. */
+        password = "letmein";
+        /*
+         */
+        spoof = "I.still.hate.packets";
-<
+        /* class: the class the user is placed in */
->
+        /* class: the class the user is placed in. */
+        class = "opers";
+        /*
-<
+         * need_password - don't allow users who haven't supplied the correct
-<
+         *                 password to connect using another auth{} block
-<
+         *                 ('&' prefix on /stats I if disabled)
-<
+         * need_ident    - require the user to have identd to connect ('+' prefix on /stats I)
->
+         * need_password - don't allow users who haven't supplied the correct  | ('&' prefix on /stats I if disabled)
->
+         *                 password to connect using another auth {} block
->
+         * need_ident    - require the user to have identd to connect          | ('+' prefix on /stats I)
+         * spoof_notice  - enable spoofing notification to admins
-<
+         * exceed_limit  - allow a user to exceed class limits ('>' prefix on /stats I)
-<
+         * kline_exempt  - exempt this user from k/glines ('^' prefix on /stats I)
-<
+         * gline_exempt  - exempt this user from glines ('_' prefix on /stats I)
-<
+         * resv_exempt   - exempt this user from resvs ('$' prefix on /stats I)
-<
+         * no_tilde      - remove ~ from a user with no ident ('-' prefix on /stats I)
-<
+         * can_flood     - allow this user to exceed flood limits ('|' prefix on /stats I)
-<
+         * webirc        - enables WEBIRC authentication for web-based clients such as Mibbit
-<
+         *                 ('<' prefix on /stats I)
->
+         * exceed_limit  - allow a user to exceed class limits                 | ('>' prefix on /stats I)
->
+         * kline_exempt  - exempt this user from k/glines                      | ('^' prefix on /stats I)
->
+         * gline_exempt  - exempt this user from glines                        | ('_' prefix on /stats I)
->
+         * resv_exempt   - exempt this user from resvs                         | ('$' prefix on /stats I)
->
+         * no_tilde      - remove ~ from a user with no ident                  | ('-' prefix on /stats I)
->
+         * can_flood     - allow this user to exceed flood limits              | ('|' prefix on /stats I)
->
+         * webirc        - enables WEBIRC authentication for web-based         | ('<' prefix on /stats I)
->
+         *                 clients such as Mibbit
+         */
+        flags = need_password, spoof_notice, exceed_limit, kline_exempt,
+                gline_exempt, resv_exempt, no_tilde, can_flood;
+auth {
+        /*
-<
+         * redirect: the server and port to redirect a user to. A user does not
-<
+         * have to obey the redirection; the ircd just suggests an alternative
-<
+         * server for them.
->
+         * redirserv, redirport: the server and port to redirect a user to.
->
+         * A user does not have to obey the redirection; the ircd just
->
+         * suggests an alternative server for them.
+         */
-<
+        redirserv = "this.is.not.a.real.server";
->
+        redirserv = "server.tld";
+        redirport = 6667;
-<
+        user = "*.server";
->
+        user = "*@*.tld";
-<
+        /* class: a class is required even though it is not used */
->
+        /* class: a class is required even though it is not used. */
+        class = "users";
+};
+ * operator {}:  defines ircd operators
+ */
+operator {
-<
+        /* name: the name of the oper */
->
+        /* name: the name of the operator */
+        name = "sheep";
+        /*
+         * user: the user@host required for this operator. Multiple user
-<
+         * lines are permitted within each operator block.
->
+         * lines are permitted within each operator {} block.
+         */
+        user = "*sheep@192.168.0.0/16";
+        user = "*@127.0.0.0/8";
+        /*
+         * encrypted: controls whether the oper password above has been
-<
+         * encrypted.
->
+         * encrypted. Default is 'yes' if nothing else is specified.
+         */
+        encrypted = yes;
+        /*
-<
+         * rsa_public_key_file: the public key for this oper when using Challenge.
->
+         * rsa_public_key_file: the public key for this oper when using /challenge.
+         * A password should not be defined when this is used; see
+         * doc/challenge.txt for more information.
+         */
-<
+#       rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
->
+#       rsa_public_key_file = "etc/oper.pub";
+        /*
+         * ssl_certificate_fingerprint: enhances security by additionally checking
+        /*
+         * ssl_connection_required: client must be connected over SSL/TLS
-<
+         * in order to be able to use this oper{} block.
->
+         * in order to be able to use this operator {} block.
+         * Default is 'no' if nothing else is specified.
+         */
+        ssl_connection_required = no;
-<
+        /* class: the class the oper joins when they successfully /oper */
->
+        /* class: the class the oper joins when they successfully /oper or /challenge. */
+        class = "opers";
+        /*
-<
+         * umodes: the default usermodes opers get when they /oper. If defined,
-<
+         * it will override oper_umodes settings in general {}.
->
+         * umodes: the default usermodes opers get when they /oper or /challenge.
->
+         * If defined, it will override oper_umodes settings in general {}.
+         * Available usermodes:
+         * +b - bots         - See bot and drone flooding notices
+         * +d - debug        - See debugging notices
+         * +e - external     - See remote server connection and split notices
+         * +F - farconnect   - Remote client connection/quit notices
-<
+         * +f - full         - See auth{} block full notices
->
+         * +f - full         - See auth {} block full notices
+         * +G - softcallerid - Server Side Ignore for users not on your channels
+         * +g - callerid     - Server Side Ignore (for privmsgs etc)
+         * +H - hidden       - Hides operator status to other users
+        /*
+         * privileges: controls the activities and commands an oper is
-<
+         * allowed to do on the server. All options default to no.
-<
+         * Available options:
->
+         * allowed to do on the server. All flags default to 'no'.
->
+         * Available flags:
-<
+         * module         - allows MODULE
->
+         * admin          - gives administrator privileges    | ('A' flag)
+         * connect        - allows local CONNECT              | ('P' flag)
+         * connect:remote - allows remote CONNECT             | ('Q' flag)
-<
+         * squit          - allows local SQUIT                | ('R' flag)
-<
+         * squit:remote   - allows remote SQUIT               | ('S' flag)
->
+         * die            - allows DIE                        | ('D' flag)
->
+         * dline          - allows DLINE                      |
->
+         * gline          - allows GLINE                      | ('G' flag)
->
+         * globops        - allows GLOBOPS                    |
+         * kill           - allows to KILL local clients      | ('N' flag)
+         * kill:remote    - allows remote users to be /KILL'd | ('O' flag)
-–
+         * remoteban      - allows remote KLINE/UNKLINE       | ('B' flag)
-–
+         * dline          - allows DLINE                      |
-–
+         * undline        - allows UNDLINE                    |
+         * kline          - allows KLINE                      | ('K' flag)
-–
+         * unkline        - allows UNKLINE                    | ('U' flag)
-–
+         * gline          - allows GLINE                      | ('G' flag)
-–
+         * xline          - allows XLINE                      | ('X' flag)
-–
+         * unxline        - allows UNXLINE                    |
+         * locops         - allows LOCOPS                     |
-<
+         * globops        - allows GLOBOPS                    |
-<
+         * wallops        - allows WALLOPS                    |
->
+         * module         - allows MODULE                     |
->
+         * opme           - allows OPME                       |
+         * rehash         - allows oper to REHASH config      | ('H' flag)
-<
+         * die            - allows DIE                        | ('D' flag)
->
+         * remoteban      - allows remote KLINE/UNKLINE       | ('B' flag)
+         * restart        - allows RESTART                    |
+         * set            - allows SET                        |
-<
+         * admin          - gives administrator privileges    | ('A' flag)
->
+         * squit          - allows local SQUIT                | ('R' flag)
->
+         * squit:remote   - allows remote SQUIT               | ('S' flag)
->
+         * undline        - allows UNDLINE                    |
->
+         * unkline        - allows UNKLINE                    | ('U' flag)
->
+         * unxline        - allows UNXLINE                    |
->
+         * wallops        - allows WALLOPS                    |
->
+         * xline          - allows XLINE                      | ('X' flag)
+         */
-<
+        flags = kill, kill:remote, connect, connect:remote, kline, unkline,
-<
+                xline, globops, restart, die, rehash, admin, module;
-<
+};
-<
-<
+/*
-<
+ * service {}: specifies a server which may act as a network service
-<
+ *
-<
+ * NOTE: it is very important that every server on the network
-<
+ *       has the same service{} block.
-<
+ */
-<
+service {
-<
+        name = "service.someserver";
-<
+        name = "stats.someserver";
->
+        flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
->
+                kline, module, rehash, restart, set, unkline, unxline, xline;
+};
+/*
+ * connect {}: define a server to connect to
+ */
+connect {
-<
+        /* name: the name of the server */
->
+        /* name: the name of the server. */
+        name = "irc.uplink.com";
+        /*
+        vhost = "192.168.0.2";
+        /*
-<
+         * passwords: the passwords to send (OLD C:) and accept (OLD N:).
->
+         * send_password, accept_password: the passwords to send and accept.
+         * The remote server will have these passwords swapped.
+         */
+        send_password = "password";
+         */
+        encrypted = no;
-<
+        /* port: the port to connect to this server on */
->
+        /* port: the port to connect to this server on. */
+        port = 6666;
+        /*
+         */
+#       leaf_mask = "*.uk";
-<
+        /* class: the class this server is in */
->
+        /* class: the class this server is in. */
+        class = "server";
+        /*
-<
+         * ssl_cipher_list:
-<
+         *
-<
+         * List of ciphers that the server we are connecting to must support.
-<
+         * If the server is not capable of using any of the ciphers listed below,
-<
+         * the connection will simply be rejected.
->
+         * ssl_cipher_list: list of ciphers that the server we are connecting to
->
+         * must support. If the server is not capable of using any of the ciphers
->
+         * listed below, the connection will simply be rejected.
+         * Can be used to enforce stronger ciphers, even though this option
+         * is not necessarily required to establish a SSL/TLS connection.
+         *       will not be propagated to clustered servers.
+         *       Remote servers are not necessarily required to accept
-<
+         *       clustered lines, they need a shared{} for *THIS* server
-<
+         *       in order to accept them.
->
+         *       clustered lines, they need a shared {} block for *THIS*
->
+         *       server in order to accept them.
+         */
+        name = "*.arpa";
+/*
+ * kill {}:  users that are not allowed to connect
-<
+ * Oper issued klines will be added to the specified kline config
->
+ * Oper issued klines will be added to the specified kline database
+ */
+kill {
+        user = "bad@*.hacked.edu";
+/*
+ * deny {}:  IP addresses that are not allowed to connect
+ * (before DNS/ident lookup)
-<
+ * Oper issued dlines will be added to the specified dline config
->
+ * Oper issued dlines will be added to the specified dline database
+ */
+deny {
+        ip = "10.0.1.0/24";
+};
+/*
-<
+ * gecos {}:  Used for banning users based on their "realname".
->
+ * gecos {}:  used for banning users based on their "realname".
+ */
+gecos {
+        name = "*sex*";
+};
+/*
-<
+ * channel {}:  The channel block contains options pertaining to channels
->
+ * service {}: specifies a server which may act as a network service
->
+ *
->
+ * NOTE: it is very important that every server on the network
->
+ *       has the same service {} block.
->
+ */
->
+service {
->
+        name = "service.someserver";
->
+        name = "stats.someserver";
->
+};
->
->
+/*
->
+ * pseudo {}: adds pseudo/custom commands also known as service aliases
->
+ */
->
+pseudo {
->
+        /* command: the actual command/alias */
->
+        command = "IDENTIFY";
->
->
+        /* prepend: optional text that can be prepended before the user's message */
->
+        prepend = "IDENTIFY ";
->
->
+        /* name: the service name, used for error messages */
->
+        name = "NickServ";
->
->
+        /* target: the actual target where this message should be sent to */
->
+        target = "NickServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "CHANSERV";
->
+        name = "ChanServ";
->
+        target = "ChanServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "CS";
->
+        name = "ChanServ";
->
+        target = "ChanServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "NICKSERV";
->
+        name = "NickServ";
->
+        target = "NickServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "NS";
->
+        name = "NickServ";
->
+        target = "NickServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "MEMOSERV";
->
+        name = "MemoServ";
->
+        target = "MemoServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "MS";
->
+        name = "MemoServ";
->
+        target = "MemoServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "OPERSERV";
->
+        name = "OperServ";
->
+        target = "OperServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "OS";
->
+        name = "OperServ";
->
+        target = "OperServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "HOSTSERV";
->
+        name = "HostServ";
->
+        target = "HostServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "HS";
->
+        name = "HostServ";
->
+        target = "HostServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "BOTSERV";
->
+        name = "BotServ";
->
+        target = "BotServ@service.someserver";
->
+};
->
->
+pseudo {
->
+        command = "BS";
->
+        name = "BotServ";
->
+        target = "BotServ@service.someserver";
->
+};
->
->
+/*
->
+ * channel {}:  the channel block contains options pertaining to channels
+ */
+channel {
+        /*
+        knock_client_time = 5 minutes;
+        /*
-<
+         * knock_delay_channel: How often a KNOCK to any specific channel
->
+         * knock_delay_channel: how often a KNOCK to any specific channel
+         * is permitted, regardless of the user sending the KNOCK.
+         */
+        knock_delay_channel = 1 minute;
+        /*
-<
+         * max_chans_per_user: The maximum number of channels a user can
-<
+         * join/be on.
->
+         * max_channels: the maximum number of channels a user can join/be on.
->
+         * This is a default value which can be overriden with class {} blocks.
+         */
-<
+        max_chans_per_user = 25;
-<
-<
+        /*
-<
+         * max_chans_per_oper: The maximum number of channels an oper can
-<
+         * join/be on.
-<
+         */
-<
+        max_chans_per_oper = 50;
->
+        max_channels = 25;
+        /* max_bans: maximum number of +b/e/I modes in a channel */
+        max_bans = 100;
+};
+/*
-<
+ * serverhide {}:  The serverhide block contains the options regarding
-<
+ * to server hiding
->
+ * serverhide {}:  the serverhide block contains the options regarding
->
+ * to server hiding. For more information regarding server hiding,
->
+ * please see doc/serverhide.txt
+ */
+serverhide {
+        /*
+        /*
+         * hide_services: define this if you want to hide the location of
-<
+         * services servers that are specified in the service{} block.
->
+         * services servers that are specified in the service {} block.
+         */
+        hide_services = no;
+        /*
-<
+         * Use this as the servername users see if hide_servers = yes.
->
+         * hidden_name: use this as the servername users see if hide_servers = yes.
+         */
+        hidden_name = "*.hidden.com";
+        /*
-<
+         * hide_server_ips: If this is disabled, opers will be unable to see
->
+         * hide_server_ips: if this is disabled, opers will be unable to see
+         * servers' IP addresses and will be shown a masked IP address; admins
+         * will be shown the real IP address.
+};
+/*
-<
+ * general {}:  The general block contains many of the options that were once
->
+ * general {}:  the general block contains many of the options that were once
+ * compiled in options in config.h
+ */
+general {
+         */
+        cycle_on_host_change = yes;
-–
+        /* services_name: servername of nick/channel services */
-–
+        services_name = "service.someserver";
-–
+        /* max_watch: maximum WATCH entries a client can have. */
-<
+        max_watch = 50;
->
+        max_watch = 30;
->
->
+        /* max_accept: maximum allowed /accept's for +g usermode. */
->
+        max_accept = 30;
+        /* gline_enable: enable glines (network-wide temporary klines). */
+        gline_enable = yes;
+        /*
-<
+         * gline_duration: the amount of time a gline will remain on your
->
+         * gline_duration: the amount of time a G-line will remain on your
+         * server before expiring.
+         */
+        gline_duration = 1 day;
+        /*
+         * gline_min_cidr: the minimum required length of a CIDR bitmask
-<
+         * for IPv4 based glines.
->
+         * for IPv4 based G-lines.
+         */
+        gline_min_cidr = 16;
+        /*
+         * gline_min_cidr6: the minimum required length of a CIDR bitmask
-<
+         * for IPv6 based glines.
->
+         * for IPv6 based G-lines.
+         */
+        gline_min_cidr6 = 48;
+        kill_chase_time_limit = 30 seconds;
+        /*
-<
+         * hide_spoof_ips: if disabled, opers will be allowed to see the real
-<
+         * IP address of spoofed users in /trace etc. If this is defined they
-<
+         * will be shown a masked IP.
-<
+         */
-<
+        hide_spoof_ips = yes;
-<
-<
+        /*
-<
+         * Ignore bogus timestamps from other servers. Yes, this will desync the
-<
+         * network, but it will allow chanops to resync with a valid non TS 0
->
+         * ignore_bogus_ts: ignore bogus timestamps from other servers.
->
+         * Yes, this will desync the network, but it will allow chanops
->
+         * to resync with a valid non TS 0.
+         * This should be enabled network wide, or not at all.
+         */
+        /*
+         * default_floodcount: the default value of floodcount that is configurable
-<
+         * via /quote set floodcount. This is the number of lines a user
-<
+         * may send to any other user/channel in one second.
->
+         * via /quote set floodcount. This is the number of lines a user may send
->
+         * to any other user/channel in one second.
+         */
+        default_floodcount = 10;
+         * min_nonwildcard: the minimum number of non-wildcard characters in
+         * k/d/g lines placed via the server. K-lines hand-placed are exempt from
+         * this limit.
-<
+         * Wildcard chars: '.', ':', '*', '?', '@', '!'
->
+         * Wildcard characters: '.', ':', '*', '?', '@', '!'
+         */
+        min_nonwildcard = 4;
+        /*
+         * min_nonwildcard_simple: the minimum number of non-wildcard characters
-<
+         * in gecos bans. Wildcard chars: '*', '?'
->
+         * in gecos bans. Wildcard characters: '*', '?'
+         */
+        min_nonwildcard_simple = 3;
-–
+        /* max_accept: maximum allowed /accept's for +g usermode. */
-–
+        max_accept = 50;
-–
+        /* anti_nick_flood: enable the nickflood control code. */
+        anti_nick_flood = yes;
-<
+        /* nick flood: the number of nick changes allowed in the specified period */
->
+        /* nick flood: the number of nick changes allowed in the specified period. */
+        max_nick_time = 20 seconds;
+        max_nick_changes = 5;
+        /*
-+
+         * away_count, away_time: how many AWAY command are permitted per
-+
+         * client per away_time.
-+
+         */
-+
+        away_count = 2;
-+
+        away_time = 10 seconds;
-+
-+
+        /*
+         * anti_spam_exit_message_time: the minimum time a user must be connected
+         * before custom quit messages are allowed.
+         */
+        anti_spam_exit_message_time = 5 minutes;
+        /*
-<
+         * ts delta: the time delta allowed between server clocks before
-<
+         * a warning is given, or before the link is dropped. All servers
-<
+         * should run ntpdate/rdate to keep clocks in sync
->
+         * ts_warn_delta, ts_max_delta: the time delta allowed between server
->
+         * clocks before a warning is given, or before the link is dropped.
->
+         * All servers should run ntpdate/rdate to keep clocks in sync.
+         */
-<
+        ts_warn_delta = 10 seconds;
-<
+        ts_max_delta = 2 minutes;
->
+        ts_warn_delta = 3 seconds;
->
+        ts_max_delta = 15 seconds;
+        /*
+         * warn_no_connect_block: warn opers about servers that try to connect
+        /*
+         * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
+         * operators and administrators. Doing so is a good idea in case
-<
+         * there are any exempted (exempt{}) server IPs you don't want to
->
+         * there are any exempted (exempt {}) server IPs you don't want to
+         * see leaked.
+         */
+        stats_e_disabled = no;
-<
+        /* stats_o_oper only: make stats o (opers) oper only */
->
+        /* stats_o_oper_only: make stats o (opers) oper only. */
+        stats_o_oper_only = yes;
-<
+        /* stats_P_oper_only: make stats P (ports) oper only */
->
+        /* stats_P_oper_only: make stats P (ports) oper only. */
+        stats_P_oper_only = yes;
-<
+        /* stats_u_oper_only: make stats u (uptime) oper only */
->
+        /* stats_u_oper_only: make stats u (uptime) oper only. */
+        stats_u_oper_only = no;
+        /*
+         * stats_i_oper_only: make stats i (auth {}) oper only. Set to:
-<
+         *     yes    - show users no auth blocks, made oper only.
-<
+         *     masked - show users the first matching auth block
-<
+         *     no     - show users all auth blocks.
->
+         *     yes    - show users no auth {} blocks, made oper only
->
+         *     masked - show users the first matching auth {} block
->
+         *     no     - show users all auth {} blocks
+         */
+        stats_i_oper_only = yes;
+        /*
+         * stats_k_oper_only: make stats k/K (klines) oper only. Set to:
-<
+         *     yes    - show users no auth blocks, made oper only
-<
+         *     masked - show users the first matching auth block
-<
+         *     no     - show users all auth blocks.
->
+         *     yes    - show users no auth {} blocks, made oper only
->
+         *     masked - show users the first matching auth {} block
->
+         *     no     - show users all auth {} blocks
+         */
+        stats_k_oper_only = yes;
+        /*
+         * opers_bypass_callerid: allows operators to bypass +g and message
-<
+         * anyone who has it set (useful if you use services).
->
+         * anyone who has it set.
+         */
+        opers_bypass_callerid = no;
+        /*
+         * pace_wait: minimum time required between use of more intensive commands
-<
+         * (AWAY, INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS)
->
+         * (INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS)
+         */
+        pace_wait = 10 seconds;
+        short_motd = no;
+        /*
-<
+         * ping_cookie: require clients to respond exactly to a ping command,
->
+         * ping_cookie: require clients to respond exactly to a PING command,
+         * can help block certain types of drones and FTP PASV mode spoofing.
+         */
+        ping_cookie = no;
+        /* no_oper_flood: increase flood limits for opers. */
+        no_oper_flood = yes;
-–
+        /*
-–
+         * true_no_oper_flood: completely eliminate flood limits for opers
-–
+         * and for clients with can_flood = yes in their auth {} blocks.
-–
+         */
-–
+        true_no_oper_flood = yes;
-–
+        /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels. */
+        oper_pass_resv = yes;
+         * +d - debug        - See debugging notices
+         * +e - external     - See remote server connection and split notices
+         * +F - farconnect   - Remote client connection/quit notices
-<
+         * +f - full         - See auth{} block full notices
->
+         * +f - full         - See auth {} block full notices
+         * +G - softcallerid - Server Side Ignore for users not on your channels
+         * +g - callerid     - Server Side Ignore (for privmsgs etc)
+         * +H - hidden       - Hides operator status to other users
+         * +y - spy          - See LINKS, STATS, TRACE notices etc.
+         */
-<
+        /* oper_only_umodes: usermodes only opers may set */
-<
+        oper_only_umodes = bots, cconn, debug, full, hidden, skill,
-<
+                        nchange, rej, spy, external,
-<
+                        locops, unauth, farconnect;
->
+        /* oper_only_umodes: usermodes only operators may set. */
->
+        oper_only_umodes = bots, cconn, debug, external, farconnect, full, hidden, locops,
->
+                        nchange, rej, skill, spy, unauth;
-<
+        /* oper_umodes: default usermodes opers get when they /oper */
->
+        /* oper_umodes: default usermodes operators get when they /oper or /challenge. */
+        oper_umodes = bots, locops, servnotice, wallop;
+        /*
-<
+         * use_egd: if your system does not have *random devices yet you
-<
+         * want to use OpenSSL and encrypted links, enable this. Beware -
-<
+         * EGD is *very* CPU intensive when gathering data for its pool.
-<
+         */
-<
+#       use_egd = yes;
-<
-<
+        /*
-<
+         * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
-<
+         * which automatically finds the path.
->
+         * throttle_count: the maximum number of connections from the same
->
+         * IP address allowed in throttle_time duration.
+         */
-<
+#       egdpool_path = "/var/run/egd-pool";
->
+        throttle_count = 1;
+        /*
+         * throttle_time: the minimum amount of time required between
-<
+         * connections from the same IP address. exempt {} blocks are excluded
-<
+         * from this throttling.
->
+         * connections from the same IP address. exempt {} blocks are
->
+         * excluded from this throttling.
+         * Offers protection against flooders who reconnect quickly.
+         * Set to 0 to disable.
+         */
-<
+        throttle_time = 10 seconds;
->
+        throttle_time = 2 seconds;
+};
+modules {
+         * path: other paths to search for modules specified below
+         * and in "/module load".
+         */
-<
+        path = "/usr/local/ircd/lib/ircd-hybrid/modules";
-<
+        path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload";
->
+        path = "lib/ircd-hybrid/modules";
->
+        path = "lib/ircd-hybrid/modules/autoload";
+        /* module: the name of a module to load on startup/rehash. */
+#       module = "some_module.la";
+        file {
+                type = oper;
-<
+                name = "/usr/local/ircd/var/log/oper.log";
->
+                name = "var/log/oper.log";
+                size = unlimited;
+        };
+        file {
+                type = user;
-<
+                name = "/usr/local/ircd/var/log/user.log";
->
+                name = "var/log/user.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = kill;
-<
+                name = "/usr/local/ircd/var/log/kill.log";
->
+                name = "var/log/kill.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = kline;
-<
+                name = "/usr/local/ircd/var/log/kline.log";
->
+                name = "var/log/kline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = dline;
-<
+                name = "/usr/local/ircd/var/log/dline.log";
->
+                name = "var/log/dline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = gline;
-<
+                name = "/usr/local/ircd/var/log/gline.log";
->
+                name = "var/log/gline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = xline;
-<
+                name = "/usr/local/ircd/var/log/xline.log";
->
+                name = "var/log/xline.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = resv;
-<
+                name = "/usr/local/ircd/var/log/resv.log";
->
+                name = "var/log/resv.log";
+                size = 50 megabytes;
+        };
+        file {
+                type = debug;
-<
+                name = "/usr/local/ircd/var/log/debug.log";
->
+                name = "var/log/debug.log";
+                size = 50 megabytes;
+        };
+};

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)

Comparing ircd-hybrid/branches/8.2.x/doc/reference.conf (file contents): Revision 3867 by michael, Thu Jun 5 22:11:02 2014 UTC vs. Revision 5005 by michael, Tue Dec 9 14:19:40 2014 UTC

Diff Legend

Comparing ircd-hybrid/branches/8.2.x/doc/reference.conf (file contents):
Revision 3867 by michael, Thu Jun 5 22:11:02 2014 UTC vs.
Revision 5005 by michael, Tue Dec 9 14:19:40 2014 UTC