| 1 |
/* |
| 2 |
* This is an example configuration file for ircd-hybrid |
| 3 |
* |
| 4 |
* Copyright (c) 2000-2014 ircd-hybrid development team |
| 5 |
* |
| 6 |
* $Id$ |
| 7 |
*/ |
| 8 |
|
| 9 |
/* |
| 10 |
* ######################################################################## |
| 11 |
* IMPORTANT NOTE: |
| 12 |
* |
| 13 |
* auth {} blocks MUST be specified in order of precedence. The first one |
| 14 |
* that matches a user will be used. So place spoofs first, then specials, |
| 15 |
* then general access. |
| 16 |
* ######################################################################## |
| 17 |
* |
| 18 |
* Shell style (#), C++ style (//) and C style comments are supported. |
| 19 |
* |
| 20 |
* Files may be included by either: |
| 21 |
* .include "filename" |
| 22 |
* .include <filename> |
| 23 |
* |
| 24 |
* Times/durations are written as: |
| 25 |
* 12 hours 30 minutes 1 second |
| 26 |
* |
| 27 |
* Valid units of time: |
| 28 |
* year, month, week, day, hour, minute, second |
| 29 |
* |
| 30 |
* Valid units of size: |
| 31 |
* megabyte/mbyte/mb, kilobyte/kbyte/kb, byte |
| 32 |
* |
| 33 |
* Sizes and times may be singular or plural. |
| 34 |
*/ |
| 35 |
|
| 36 |
|
| 37 |
/* |
| 38 |
* serverinfo {}: contains information about the server |
| 39 |
*/ |
| 40 |
serverinfo { |
| 41 |
/* |
| 42 |
* name: the name of this server. This cannot be changed at runtime. |
| 43 |
*/ |
| 44 |
name = "hades.arpa"; |
| 45 |
|
| 46 |
/* |
| 47 |
* sid: a server's unique ID. This is three characters long and must |
| 48 |
* be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be |
| 49 |
* a digit, followed by 2 alpha-numerical letters. |
| 50 |
* |
| 51 |
* NOTE: The letters must be capitalized. This cannot be changed at runtime. |
| 52 |
*/ |
| 53 |
sid = "0HY"; |
| 54 |
|
| 55 |
/* |
| 56 |
* description: the description of the server. |
| 57 |
*/ |
| 58 |
description = "ircd-hybrid test server"; |
| 59 |
|
| 60 |
/* |
| 61 |
* network info: the name and description of the network this server |
| 62 |
* is on. Shown in the 005 reply and used with serverhiding. |
| 63 |
*/ |
| 64 |
network_name = "MyNet"; |
| 65 |
network_desc = "This is My Network"; |
| 66 |
|
| 67 |
/* |
| 68 |
* hub: allow this server to act as a hub and have multiple servers |
| 69 |
* connected to it. |
| 70 |
*/ |
| 71 |
hub = no; |
| 72 |
|
| 73 |
/* |
| 74 |
* vhost: the IP to bind to when we connect outward to ipv4 servers. |
| 75 |
* This should be an ipv4 IP only, or "*" for INADDR_ANY. |
| 76 |
*/ |
| 77 |
# vhost = "192.169.0.1"; |
| 78 |
|
| 79 |
/* |
| 80 |
* vhost6: the address to bind to when we make outgoing connections |
| 81 |
* to IPv6 servers. This should be an IPv6 address, or "*" for INADDR_ANY. |
| 82 |
*/ |
| 83 |
# vhost6 = "3ffe:80e8:546::2"; |
| 84 |
|
| 85 |
/* max_clients: the maximum number of clients allowed to connect. */ |
| 86 |
max_clients = 512; |
| 87 |
|
| 88 |
/* |
| 89 |
* max_nick_length: only applies to local clients. Must be in the |
| 90 |
* range of 9 to 30. Default is 9 if nothing else is specified. |
| 91 |
*/ |
| 92 |
max_nick_length = 9; |
| 93 |
|
| 94 |
/* |
| 95 |
* max_topic_length: only applies to topics set by local clients. |
| 96 |
* Must be in the range of 80 to 300. Default is 80 if nothing |
| 97 |
* else is specified. |
| 98 |
*/ |
| 99 |
max_topic_length = 160; |
| 100 |
|
| 101 |
/* |
| 102 |
* rsa_private_key_file: the path to the file containing the |
| 103 |
* RSA key. |
| 104 |
* |
| 105 |
* Example commands to store a 2048 bit RSA key in rsa.key: |
| 106 |
* |
| 107 |
* openssl genrsa -out rsa.key 2048 |
| 108 |
* chown <ircd-user>.<ircd.group> rsa.key |
| 109 |
* chmod 0600 rsa.key |
| 110 |
*/ |
| 111 |
# rsa_private_key_file = "/usr/local/ircd/etc/rsa.key"; |
| 112 |
|
| 113 |
/* |
| 114 |
* ssl_certificate_file: the path to the file containing our |
| 115 |
* SSL certificate for encrypted client connection. |
| 116 |
* |
| 117 |
* This assumes your private RSA key is stored in rsa.key. You |
| 118 |
* MUST have an RSA key in order to generate the certificate. |
| 119 |
* |
| 120 |
* Example command: |
| 121 |
* |
| 122 |
* openssl req -new -days 365 -x509 -key rsa.key -out cert.pem |
| 123 |
* |
| 124 |
* See http://www.openssl.org/docs/HOWTO/certificates.txt |
| 125 |
* |
| 126 |
* Please use the following values when generating the cert |
| 127 |
* |
| 128 |
* Organization Name: Network Name |
| 129 |
* Organization Unit Name: changme.someirc.net |
| 130 |
* Common Name: irc.someirc.net |
| 131 |
* E-mail: you@domain.com |
| 132 |
*/ |
| 133 |
# ssl_certificate_file = "/usr/local/ircd/etc/cert.pem"; |
| 134 |
|
| 135 |
/* |
| 136 |
* ssl_dh_param_file: |
| 137 |
* |
| 138 |
* Path to the PEM encoded Diffie-Hellman parameter file. |
| 139 |
* DH parameters are required when using ciphers with EDH |
| 140 |
* (ephemeral Diffie-Hellman) key exchange. |
| 141 |
* |
| 142 |
* A DH parameter file can be created by running: |
| 143 |
* |
| 144 |
* openssl dhparam -out dhparam.pem 2048 |
| 145 |
* |
| 146 |
* Prime size must be at least 1024 bits. Further information |
| 147 |
* regarding specific OpenSSL dhparam command-line options |
| 148 |
* can be found in the OpenSSL manual. |
| 149 |
*/ |
| 150 |
# ssl_dh_param_file = "/usr/local/ircd/etc/dhparam.pem"; |
| 151 |
|
| 152 |
/* |
| 153 |
* ssl_cipher_list: |
| 154 |
* |
| 155 |
* List of ciphers to support on _this_ server. Can be used to |
| 156 |
* enforce specific ciphers for incoming SSL/TLS connections. |
| 157 |
* If a client (which also includes incoming server connections) is not |
| 158 |
* capable of using any of the ciphers listed here, the connection will |
| 159 |
* simply be rejected. |
| 160 |
* |
| 161 |
* A list of supported ciphers by OpenSSL can be obtained by running: |
| 162 |
* |
| 163 |
* openssl ciphers -ssl3 -tls1 -v |
| 164 |
* |
| 165 |
* Multiple ciphers are separated by colons. The order of preference is |
| 166 |
* from left to right. |
| 167 |
*/ |
| 168 |
# ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; |
| 169 |
|
| 170 |
/* |
| 171 |
* ssl_server_method: |
| 172 |
* ssl_client_method: |
| 173 |
* |
| 174 |
* SSL/TLS methods we provide for incoming (server method) and |
| 175 |
* outgoing (client method) SSL/TLS connections. |
| 176 |
* This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1. |
| 177 |
*/ |
| 178 |
# ssl_server_method = tlsv1, sslv3; |
| 179 |
# ssl_client_method = tlsv1; |
| 180 |
}; |
| 181 |
|
| 182 |
/* |
| 183 |
* admin {}: contains admin information about the server |
| 184 |
*/ |
| 185 |
admin { |
| 186 |
name = "Smurf target"; |
| 187 |
description = "Main Server Administrator"; |
| 188 |
email = "<syn@packets.r.us>"; |
| 189 |
}; |
| 190 |
|
| 191 |
/* |
| 192 |
* class {}: contains information about classes for users |
| 193 |
*/ |
| 194 |
class { |
| 195 |
/* name: the name of the class. */ |
| 196 |
name = "users"; |
| 197 |
|
| 198 |
/* |
| 199 |
* ping_time: how often a client must reply to a PING from the |
| 200 |
* server before they are dropped. |
| 201 |
*/ |
| 202 |
ping_time = 90 seconds; |
| 203 |
|
| 204 |
/* |
| 205 |
* number_per_ip: how many local users are allowed to connect |
| 206 |
* from a single IP address (optional) |
| 207 |
*/ |
| 208 |
number_per_ip = 2; |
| 209 |
|
| 210 |
/* |
| 211 |
* max_local: how many local users are allowed to connect |
| 212 |
* from a single ident@host (optional) |
| 213 |
*/ |
| 214 |
max_local = 2; |
| 215 |
|
| 216 |
/* |
| 217 |
* max_global: network-wide limit of users per ident@host (optional) |
| 218 |
*/ |
| 219 |
max_global = 10; |
| 220 |
|
| 221 |
/* |
| 222 |
* max_number: the maximum number of users allowed in this class (optional) |
| 223 |
*/ |
| 224 |
max_number = 100; |
| 225 |
|
| 226 |
/* |
| 227 |
* the following lines are optional and allow you to define |
| 228 |
* how many users can connect from one /NN subnet. |
| 229 |
*/ |
| 230 |
cidr_bitlen_ipv4 = 24; |
| 231 |
cidr_bitlen_ipv6 = 120; |
| 232 |
number_per_cidr = 16; |
| 233 |
|
| 234 |
/* |
| 235 |
* sendq: the amount of data allowed in a client's send queue before |
| 236 |
* they are dropped. |
| 237 |
*/ |
| 238 |
sendq = 100 kbytes; |
| 239 |
|
| 240 |
/* |
| 241 |
* recvq: the amount of data allowed in a client's receive queue before |
| 242 |
* they are dropped for flooding. Defaults to 2560 if the chosen |
| 243 |
* value isn't within the range of 512 to 8000. |
| 244 |
*/ |
| 245 |
recvq = 2560 bytes; |
| 246 |
}; |
| 247 |
|
| 248 |
class { |
| 249 |
name = "opers"; |
| 250 |
ping_time = 90 seconds; |
| 251 |
number_per_ip = 10; |
| 252 |
max_number = 100; |
| 253 |
sendq = 100 kbytes; |
| 254 |
|
| 255 |
/* |
| 256 |
* min_idle: minimum idle time that is shown in /whois. |
| 257 |
*/ |
| 258 |
min_idle = 3 hours; |
| 259 |
|
| 260 |
/* |
| 261 |
* max_idle: maximum idle time that is shown in /whois. |
| 262 |
*/ |
| 263 |
max_idle = 8 hours; |
| 264 |
|
| 265 |
/* |
| 266 |
* flags: |
| 267 |
* |
| 268 |
* random_idle - a fake idle time is set randomly between |
| 269 |
* min_idle and max_idle |
| 270 |
* hide_idle_from_opers - the fake idle time will also be shown to operators |
| 271 |
*/ |
| 272 |
flags = random_idle, hide_idle_from_opers; |
| 273 |
}; |
| 274 |
|
| 275 |
class { |
| 276 |
name = "server"; |
| 277 |
ping_time = 90 seconds; |
| 278 |
|
| 279 |
/* |
| 280 |
* connectfreq: only used in server classes. Specifies the delay |
| 281 |
* between autoconnecting to servers. |
| 282 |
*/ |
| 283 |
connectfreq = 5 minutes; |
| 284 |
|
| 285 |
/* max number: the number of servers to autoconnect to. */ |
| 286 |
max_number = 1; |
| 287 |
|
| 288 |
/* sendq: servers need a higher sendq as they send more data. */ |
| 289 |
sendq = 2 megabytes; |
| 290 |
}; |
| 291 |
|
| 292 |
/* |
| 293 |
* motd {}: Allows the display of a different MOTD to a client |
| 294 |
* depending on its origin. Applies to local users only. |
| 295 |
*/ |
| 296 |
motd { |
| 297 |
/* |
| 298 |
* mask: multiple mask entries are permitted. Mask can either be |
| 299 |
* a class name or a hostname. CIDR is supported. |
| 300 |
*/ |
| 301 |
mask = "*.at"; |
| 302 |
mask = "*.de"; |
| 303 |
mask = "*.ch"; |
| 304 |
|
| 305 |
/* |
| 306 |
* file: path to the actual motd file. |
| 307 |
*/ |
| 308 |
file = "/usr/local/ircd/etc/german.motd"; |
| 309 |
}; |
| 310 |
|
| 311 |
/* |
| 312 |
* listen {}: contains information about the ports ircd listens on |
| 313 |
*/ |
| 314 |
listen { |
| 315 |
/* |
| 316 |
* port: the port to listen on. If no host is specified earlier |
| 317 |
* in the listen {} block, it will listen on all available IPs. |
| 318 |
* |
| 319 |
* Ports are separated by commas; a range may be specified using ".." |
| 320 |
*/ |
| 321 |
|
| 322 |
/* port: listen on all available IP addresses, ports 6665 to 6669 */ |
| 323 |
port = 6665 .. 6669; |
| 324 |
|
| 325 |
/* |
| 326 |
* Listen on 192.168.0.1/6697 with SSL enabled and hidden from STATS P |
| 327 |
* unless you are an administrator. |
| 328 |
* |
| 329 |
* NOTE: The "flags" directive always has to come before "port". |
| 330 |
* |
| 331 |
* Currently available flags are: |
| 332 |
* |
| 333 |
* ssl - Port may only accept TLS/SSL connections |
| 334 |
* server - Only server connections are permitted |
| 335 |
* hidden - Port is hidden from /stats P, unless you're an admin |
| 336 |
*/ |
| 337 |
flags = hidden, ssl; |
| 338 |
host = "192.168.0.1"; |
| 339 |
port = 6697; |
| 340 |
|
| 341 |
/* |
| 342 |
* host: set a specific IP address/host to listen on using the |
| 343 |
* subsequent port definitions. This may be IPv4 or IPv6. |
| 344 |
*/ |
| 345 |
host = "1.2.3.4"; |
| 346 |
port = 7000, 7001; |
| 347 |
|
| 348 |
host = "3ffe:1234:a:b:c::d"; |
| 349 |
port = 7002; |
| 350 |
}; |
| 351 |
|
| 352 |
/* |
| 353 |
* auth {}: allow users to connect to the ircd |
| 354 |
*/ |
| 355 |
auth { |
| 356 |
/* |
| 357 |
* user: the user@host allowed to connect. Multiple user |
| 358 |
* lines are permitted within each auth block. |
| 359 |
*/ |
| 360 |
user = "*@172.16.0.0/12"; |
| 361 |
user = "*test@123D:B567:*"; |
| 362 |
|
| 363 |
/* password: an optional password that is required to use this block */ |
| 364 |
password = "letmein"; |
| 365 |
|
| 366 |
/* |
| 367 |
* encrypted: controls whether the auth password above has been |
| 368 |
* encrypted. |
| 369 |
*/ |
| 370 |
encrypted = yes; |
| 371 |
|
| 372 |
/* |
| 373 |
* spoof: fake the user's host to this. This is free-form, just do |
| 374 |
* everyone a favor and don't abuse it. ('=' prefix on /stats I) |
| 375 |
*/ |
| 376 |
spoof = "I.still.hate.packets"; |
| 377 |
|
| 378 |
/* class: the class the user is placed in */ |
| 379 |
class = "opers"; |
| 380 |
|
| 381 |
/* |
| 382 |
* need_password - don't allow users who haven't supplied the correct |
| 383 |
* password to connect using another auth{} block |
| 384 |
* ('&' prefix on /stats I if disabled) |
| 385 |
* need_ident - require the user to have identd to connect ('+' prefix on /stats I) |
| 386 |
* spoof_notice - enable spoofing notification to admins |
| 387 |
* exceed_limit - allow a user to exceed class limits ('>' prefix on /stats I) |
| 388 |
* kline_exempt - exempt this user from k/glines ('^' prefix on /stats I) |
| 389 |
* gline_exempt - exempt this user from glines ('_' prefix on /stats I) |
| 390 |
* resv_exempt - exempt this user from resvs ('$' prefix on /stats I) |
| 391 |
* no_tilde - remove ~ from a user with no ident ('-' prefix on /stats I) |
| 392 |
* can_flood - allow this user to exceed flood limits ('|' prefix on /stats I) |
| 393 |
* webirc - enables WEBIRC authentication for web-based clients such as Mibbit |
| 394 |
* ('<' prefix on /stats I) |
| 395 |
*/ |
| 396 |
flags = need_password, spoof_notice, exceed_limit, kline_exempt, |
| 397 |
gline_exempt, resv_exempt, no_tilde, can_flood; |
| 398 |
}; |
| 399 |
|
| 400 |
auth { |
| 401 |
/* |
| 402 |
* redirect: the server and port to redirect a user to. A user does not |
| 403 |
* have to obey the redirection; the ircd just suggests an alternative |
| 404 |
* server for them. |
| 405 |
*/ |
| 406 |
redirserv = "this.is.not.a.real.server"; |
| 407 |
redirport = 6667; |
| 408 |
|
| 409 |
user = "*.server"; |
| 410 |
|
| 411 |
/* class: a class is required even though it is not used */ |
| 412 |
class = "users"; |
| 413 |
}; |
| 414 |
|
| 415 |
auth { |
| 416 |
user = "*@*"; |
| 417 |
class = "users"; |
| 418 |
flags = need_ident; |
| 419 |
}; |
| 420 |
|
| 421 |
/* |
| 422 |
* operator {}: defines ircd operators |
| 423 |
*/ |
| 424 |
operator { |
| 425 |
/* name: the name of the oper */ |
| 426 |
name = "sheep"; |
| 427 |
|
| 428 |
/* |
| 429 |
* user: the user@host required for this operator. Multiple user |
| 430 |
* lines are permitted within each operator block. |
| 431 |
*/ |
| 432 |
user = "*sheep@192.168.0.0/16"; |
| 433 |
user = "*@127.0.0.0/8"; |
| 434 |
|
| 435 |
/* |
| 436 |
* password: the password required to oper. By default this will |
| 437 |
* need to be encrypted by using the provided mkpasswd tool. |
| 438 |
* Several password hash algorithms are available depending |
| 439 |
* on your system's crypt() implementation. For example, a modern |
| 440 |
* glibc already has support for the SHA-256/512 and MD5 encryption |
| 441 |
* algorithms. |
| 442 |
*/ |
| 443 |
password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4"; |
| 444 |
|
| 445 |
/* |
| 446 |
* encrypted: controls whether the oper password above has been |
| 447 |
* encrypted. |
| 448 |
*/ |
| 449 |
encrypted = yes; |
| 450 |
|
| 451 |
/* |
| 452 |
* rsa_public_key_file: the public key for this oper when using Challenge. |
| 453 |
* A password should not be defined when this is used; see |
| 454 |
* doc/challenge.txt for more information. |
| 455 |
*/ |
| 456 |
# rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; |
| 457 |
|
| 458 |
/* |
| 459 |
* ssl_certificate_fingerprint: enhances security by additionally checking |
| 460 |
* the oper's client certificate fingerprint against the specified |
| 461 |
* fingerprint below. |
| 462 |
* |
| 463 |
* Hint: your users can use the following command to obtain a SHA-256 hash |
| 464 |
* of their ssl certificate: |
| 465 |
* |
| 466 |
* openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g' |
| 467 |
*/ |
| 468 |
# ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; |
| 469 |
|
| 470 |
/* |
| 471 |
* ssl_connection_required: client must be connected over SSL/TLS |
| 472 |
* in order to be able to use this oper{} block. |
| 473 |
* Default is 'no' if nothing else is specified. |
| 474 |
*/ |
| 475 |
ssl_connection_required = no; |
| 476 |
|
| 477 |
/* class: the class the oper joins when they successfully /oper */ |
| 478 |
class = "opers"; |
| 479 |
|
| 480 |
/* |
| 481 |
* umodes: the default usermodes opers get when they /oper. If defined, |
| 482 |
* it will override oper_umodes settings in general {}. |
| 483 |
* Available usermodes: |
| 484 |
* |
| 485 |
* +b - bots - See bot and drone flooding notices |
| 486 |
* +c - cconn - Client connection/quit notices |
| 487 |
* +D - deaf - Don't receive channel messages |
| 488 |
* +d - debug - See debugging notices |
| 489 |
* +e - external - See remote server connection and split notices |
| 490 |
* +F - farconnect - Remote client connection/quit notices |
| 491 |
* +f - full - See auth{} block full notices |
| 492 |
* +G - softcallerid - Server Side Ignore for users not on your channels |
| 493 |
* +g - callerid - Server Side Ignore (for privmsgs etc) |
| 494 |
* +H - hidden - Hides operator status to other users |
| 495 |
* +i - invisible - Not shown in NAMES or WHO unless you share a channel |
| 496 |
* +j - rej - See rejected client notices |
| 497 |
* +k - skill - See server generated KILL messages |
| 498 |
* +l - locops - See LOCOPS messages |
| 499 |
* +n - nchange - See client nick changes |
| 500 |
* +p - hidechans - Hides channel list in WHOIS |
| 501 |
* +q - hideidle - Hides idle and signon time in WHOIS |
| 502 |
* +R - nononreg - Only receive private messages from registered clients |
| 503 |
* +s - servnotice - See general server notices |
| 504 |
* +u - unauth - See unauthorized client notices |
| 505 |
* +w - wallop - See server generated WALLOPS |
| 506 |
* +y - spy - See LINKS, STATS, TRACE notices etc. |
| 507 |
* +z - operwall - See oper generated WALLOPS |
| 508 |
*/ |
| 509 |
umodes = locops, servnotice, operwall, wallop; |
| 510 |
|
| 511 |
/* |
| 512 |
* privileges: controls the activities and commands an oper is |
| 513 |
* allowed to do on the server. All options default to no. |
| 514 |
* Available options: |
| 515 |
* |
| 516 |
* module - allows MODULE |
| 517 |
* connect - allows local CONNECT | ('P' flag) |
| 518 |
* connect:remote - allows remote CONNECT | ('Q' flag) |
| 519 |
* squit - allows local SQUIT | ('R' flag) |
| 520 |
* squit:remote - allows remote SQUIT | ('S' flag) |
| 521 |
* kill - allows to KILL local clients | ('N' flag) |
| 522 |
* kill:remote - allows remote users to be /KILL'd | ('O' flag) |
| 523 |
* remoteban - allows remote KLINE/UNKLINE | ('B' flag) |
| 524 |
* dline - allows DLINE | |
| 525 |
* undline - allows UNDLINE | |
| 526 |
* kline - allows KLINE | ('K' flag) |
| 527 |
* unkline - allows UNKLINE | ('U' flag) |
| 528 |
* gline - allows GLINE | ('G' flag) |
| 529 |
* xline - allows XLINE | ('X' flag) |
| 530 |
* unxline - allows UNXLINE | |
| 531 |
* locops - allows LOCOPS | |
| 532 |
* globops - allows GLOBOPS | |
| 533 |
* wallops - allows WALLOPS | |
| 534 |
* operwall - allows OPERWALL | ('L' flag) |
| 535 |
* rehash - allows oper to REHASH config | ('H' flag) |
| 536 |
* die - allows DIE | ('D' flag) |
| 537 |
* restart - allows RESTART | |
| 538 |
* set - allows SET | |
| 539 |
* admin - gives administrator privileges | ('A' flag) |
| 540 |
*/ |
| 541 |
flags = kill, kill:remote, connect, connect:remote, kline, unkline, |
| 542 |
xline, globops, restart, die, rehash, admin, operwall, module; |
| 543 |
}; |
| 544 |
|
| 545 |
/* |
| 546 |
* service {}: specifies a server which may act as a network service |
| 547 |
* |
| 548 |
* NOTE: it is very important that every server on the network |
| 549 |
* has the same service{} block. |
| 550 |
*/ |
| 551 |
service { |
| 552 |
name = "service.someserver"; |
| 553 |
name = "stats.someserver"; |
| 554 |
}; |
| 555 |
|
| 556 |
/* |
| 557 |
* connect {}: define a server to connect to |
| 558 |
*/ |
| 559 |
connect { |
| 560 |
/* name: the name of the server */ |
| 561 |
name = "irc.uplink.com"; |
| 562 |
|
| 563 |
/* |
| 564 |
* host: the host or IP address to connect to. If a hostname is used it |
| 565 |
* must match the reverse DNS of the server. |
| 566 |
*/ |
| 567 |
host = "192.168.0.1"; |
| 568 |
|
| 569 |
/* |
| 570 |
* vhost: the IP address to bind to when making outgoing connections to |
| 571 |
* servers. |
| 572 |
* serverinfo::vhost and serverinfo::vhost6 will be overridden |
| 573 |
* by this directive. |
| 574 |
*/ |
| 575 |
vhost = "192.168.0.2"; |
| 576 |
|
| 577 |
/* |
| 578 |
* passwords: the passwords to send (OLD C:) and accept (OLD N:). |
| 579 |
* The remote server will have these passwords swapped. |
| 580 |
*/ |
| 581 |
send_password = "password"; |
| 582 |
accept_password = "anotherpassword"; |
| 583 |
|
| 584 |
/* |
| 585 |
* encrypted: controls whether the accept_password above has been |
| 586 |
* encrypted. |
| 587 |
*/ |
| 588 |
encrypted = no; |
| 589 |
|
| 590 |
/* port: the port to connect to this server on */ |
| 591 |
port = 6666; |
| 592 |
|
| 593 |
/* |
| 594 |
* hub_mask: the mask of servers that this server may hub. Multiple |
| 595 |
* entries are permitted. |
| 596 |
*/ |
| 597 |
hub_mask = "*"; |
| 598 |
|
| 599 |
/* |
| 600 |
* leaf_mask: the mask of servers this server may not hub. Multiple |
| 601 |
* entries are permitted. Useful for forbidding EU -> US -> EU routes. |
| 602 |
*/ |
| 603 |
# leaf_mask = "*.uk"; |
| 604 |
|
| 605 |
/* class: the class this server is in */ |
| 606 |
class = "server"; |
| 607 |
|
| 608 |
/* |
| 609 |
* ssl_cipher_list: |
| 610 |
* |
| 611 |
* List of ciphers that the server we are connecting to must support. |
| 612 |
* If the server is not capable of using any of the ciphers listed below, |
| 613 |
* the connection will simply be rejected. |
| 614 |
* Can be used to enforce stronger ciphers, even though this option |
| 615 |
* is not necessarily required to establish a SSL/TLS connection. |
| 616 |
* |
| 617 |
* Multiple ciphers are separated by colons. The order of preference |
| 618 |
* is from left to right. |
| 619 |
*/ |
| 620 |
# ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; |
| 621 |
|
| 622 |
/* |
| 623 |
* ssl_certificate_fingerprint: enhances security by additionally checking |
| 624 |
* the server's client certificate fingerprint against the specified |
| 625 |
* fingerprint below. |
| 626 |
*/ |
| 627 |
# ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; |
| 628 |
|
| 629 |
/* |
| 630 |
* autoconn - controls whether we autoconnect to this server or not, |
| 631 |
* dependent on class limits. By default, this is disabled. |
| 632 |
* ssl - Initiates a TLS/SSL connection. |
| 633 |
*/ |
| 634 |
# flags = autoconn, ssl; |
| 635 |
}; |
| 636 |
|
| 637 |
connect { |
| 638 |
name = "ipv6.some.server"; |
| 639 |
host = "3ffd:dead:beef::1"; |
| 640 |
send_password = "password"; |
| 641 |
accept_password = "password"; |
| 642 |
port = 6666; |
| 643 |
|
| 644 |
/* |
| 645 |
* aftype: controls whether the connection uses "ipv4" or "ipv6". |
| 646 |
* Default is ipv4. |
| 647 |
*/ |
| 648 |
aftype = ipv6; |
| 649 |
class = "server"; |
| 650 |
}; |
| 651 |
|
| 652 |
/* |
| 653 |
* cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops |
| 654 |
* automatically |
| 655 |
*/ |
| 656 |
cluster { |
| 657 |
/* |
| 658 |
* name: the server to share with; this can take wildcards |
| 659 |
* |
| 660 |
* NOTE: only local actions will be clustered, meaning that if |
| 661 |
* the server receives a shared kline/unkline/etc, it |
| 662 |
* will not be propagated to clustered servers. |
| 663 |
* |
| 664 |
* Remote servers are not necessarily required to accept |
| 665 |
* clustered lines, they need a shared{} for *THIS* server |
| 666 |
* in order to accept them. |
| 667 |
*/ |
| 668 |
name = "*.arpa"; |
| 669 |
|
| 670 |
/* |
| 671 |
* type: list of what to share; options are as follows: |
| 672 |
* dline - share dlines |
| 673 |
* undline - share undlines |
| 674 |
* kline - share klines |
| 675 |
* unkline - share unklines |
| 676 |
* xline - share xlines |
| 677 |
* unxline - share unxlines |
| 678 |
* resv - share resvs |
| 679 |
* unresv - share unresvs |
| 680 |
* locops - share locops |
| 681 |
* all - share all of the above (default) |
| 682 |
*/ |
| 683 |
type = kline, unkline, locops, xline, resv; |
| 684 |
}; |
| 685 |
|
| 686 |
/* |
| 687 |
* shared {}: users that are allowed to remote kline |
| 688 |
* |
| 689 |
* NOTE: This can effectively be used for remote klines. |
| 690 |
* Please note that there is no password authentication |
| 691 |
* for users setting remote klines. You must also be |
| 692 |
* /oper'd in order to issue a remote kline. |
| 693 |
*/ |
| 694 |
shared { |
| 695 |
/* |
| 696 |
* name: the server the user must be connected to in order to set klines. |
| 697 |
* If this is not specified, the user will be allowed to kline from all |
| 698 |
* servers. |
| 699 |
*/ |
| 700 |
name = "irc2.some.server"; |
| 701 |
|
| 702 |
/* |
| 703 |
* user: the user@host mask that is allowed to set klines. If this is |
| 704 |
* not specified, all users on the server above will be allowed to set |
| 705 |
* a remote kline. |
| 706 |
*/ |
| 707 |
user = "oper@my.host.is.spoofed"; |
| 708 |
|
| 709 |
/* |
| 710 |
* type: list of what to share, options are as follows: |
| 711 |
* dline - allow oper/server to dline |
| 712 |
* undline - allow oper/server to undline |
| 713 |
* kline - allow oper/server to kline |
| 714 |
* unkline - allow oper/server to unkline |
| 715 |
* xline - allow oper/server to xline |
| 716 |
* unxline - allow oper/server to unxline |
| 717 |
* resv - allow oper/server to resv |
| 718 |
* unresv - allow oper/server to unresv |
| 719 |
* locops - allow oper/server to locops - only used for servers that cluster |
| 720 |
* all - allow oper/server to do all of the above (default) |
| 721 |
*/ |
| 722 |
type = kline, unkline, resv; |
| 723 |
}; |
| 724 |
|
| 725 |
/* |
| 726 |
* kill {}: users that are not allowed to connect |
| 727 |
* Oper issued klines will be added to the specified kline config |
| 728 |
*/ |
| 729 |
kill { |
| 730 |
user = "bad@*.hacked.edu"; |
| 731 |
reason = "Obviously hacked account"; |
| 732 |
}; |
| 733 |
|
| 734 |
/* |
| 735 |
* deny {}: IP addresses that are not allowed to connect |
| 736 |
* (before DNS/ident lookup) |
| 737 |
* Oper issued dlines will be added to the specified dline config |
| 738 |
*/ |
| 739 |
deny { |
| 740 |
ip = "10.0.1.0/24"; |
| 741 |
reason = "Reconnecting vhosted bots"; |
| 742 |
}; |
| 743 |
|
| 744 |
/* |
| 745 |
* exempt {}: IP addresses that are exempt from deny {} and Dlines |
| 746 |
*/ |
| 747 |
exempt { |
| 748 |
ip = "192.168.0.0/16"; |
| 749 |
}; |
| 750 |
|
| 751 |
/* |
| 752 |
* resv {}: nicks and channels users may not use/join |
| 753 |
*/ |
| 754 |
resv { mask = "clone*"; reason = "Clone bots"; }; |
| 755 |
resv { mask = "ChanServ"; reason = "Reserved for services"; }; |
| 756 |
resv { mask = "NickServ"; reason = "Reserved for services"; }; |
| 757 |
resv { mask = "OperServ"; reason = "Reserved for services"; }; |
| 758 |
resv { mask = "MemoServ"; reason = "Reserved for services"; }; |
| 759 |
resv { mask = "BotServ"; reason = "Reserved for services"; }; |
| 760 |
resv { mask = "HelpServ"; reason = "Reserved for services"; }; |
| 761 |
resv { mask = "HostServ"; reason = "Reserved for services"; }; |
| 762 |
resv { mask = "StatServ"; reason = "Reserved for services"; }; |
| 763 |
resv { mask = "#*services*"; reason = "Reserved for services"; }; |
| 764 |
|
| 765 |
resv { |
| 766 |
/* |
| 767 |
* mask: masks starting with a '#' are automatically considered |
| 768 |
* as channel name masks. |
| 769 |
*/ |
| 770 |
mask = "#helsinki"; |
| 771 |
reason = "Channel is reserved for finnish inhabitants"; |
| 772 |
|
| 773 |
/* |
| 774 |
* exempt: can be either a ISO 3166 alpha-2 two letter country |
| 775 |
* code, or a nick!user@host mask. CIDR is supported. Exempt |
| 776 |
* entries can be stacked. |
| 777 |
*/ |
| 778 |
exempt = "FI"; |
| 779 |
}; |
| 780 |
|
| 781 |
/* |
| 782 |
* gecos {}: Used for banning users based on their "realname". |
| 783 |
*/ |
| 784 |
gecos { |
| 785 |
name = "*sex*"; |
| 786 |
reason = "Possible spambot"; |
| 787 |
}; |
| 788 |
|
| 789 |
gecos { |
| 790 |
name = "sub7server"; |
| 791 |
reason = "Trojan drone"; |
| 792 |
}; |
| 793 |
|
| 794 |
/* |
| 795 |
* channel {}: The channel block contains options pertaining to channels |
| 796 |
*/ |
| 797 |
channel { |
| 798 |
/* |
| 799 |
* disable_fake_channels: this option, if set to 'yes', will |
| 800 |
* disallow clients from creating or joining channels that have one |
| 801 |
* of the following ASCII characters in their name: |
| 802 |
* |
| 803 |
* 2 | bold |
| 804 |
* 3 | mirc color |
| 805 |
* 15 | plain text |
| 806 |
* 22 | reverse |
| 807 |
* 29 | italic |
| 808 |
* 31 | underline |
| 809 |
* 160 | non-breaking space |
| 810 |
*/ |
| 811 |
disable_fake_channels = yes; |
| 812 |
|
| 813 |
/* |
| 814 |
* knock_delay: The amount of time a user must wait between issuing |
| 815 |
* the knock command. |
| 816 |
*/ |
| 817 |
knock_delay = 5 minutes; |
| 818 |
|
| 819 |
/* |
| 820 |
* knock_delay_channel: How often a knock to any specific channel |
| 821 |
* is permitted, regardless of the user sending the knock. |
| 822 |
*/ |
| 823 |
knock_delay_channel = 1 minute; |
| 824 |
|
| 825 |
/* |
| 826 |
* max_chans_per_user: The maximum number of channels a user can |
| 827 |
* join/be on. |
| 828 |
*/ |
| 829 |
max_chans_per_user = 25; |
| 830 |
|
| 831 |
/* |
| 832 |
* max_chans_per_oper: The maximum number of channels an oper can |
| 833 |
* join/be on. |
| 834 |
*/ |
| 835 |
max_chans_per_oper = 50; |
| 836 |
|
| 837 |
/* max_bans: maximum number of +b/e/I modes in a channel */ |
| 838 |
max_bans = 100; |
| 839 |
|
| 840 |
/* |
| 841 |
* how many joins in how many seconds constitute a flood. Use 0 to |
| 842 |
* disable. +b opers will be notified (changeable via /set) |
| 843 |
*/ |
| 844 |
join_flood_count = 16; |
| 845 |
join_flood_time = 8 seconds; |
| 846 |
|
| 847 |
/* |
| 848 |
* The ircd will now check splitmode (whether a server is split from |
| 849 |
* the network) every few seconds; this functionality is known as |
| 850 |
* splitcode and is influenced by the options below. |
| 851 |
* |
| 852 |
* Either split users or split servers can activate splitmode, but |
| 853 |
* both conditions must be met for the ircd to deactivate splitmode. |
| 854 |
* |
| 855 |
* You may force splitmode to be permanent by /quote set splitmode on |
| 856 |
*/ |
| 857 |
|
| 858 |
/* |
| 859 |
* default_split_user_count: when the usercount is lower than this level, |
| 860 |
* consider ourselves split. This must be set for automatic splitmode. |
| 861 |
*/ |
| 862 |
default_split_user_count = 0; |
| 863 |
|
| 864 |
/* |
| 865 |
* default_split_server_count: when the servercount is lower than this, |
| 866 |
* consider ourselves split. This must be set for automatic splitmode. |
| 867 |
*/ |
| 868 |
default_split_server_count = 0; |
| 869 |
|
| 870 |
/* no_create_on_split: do not allow users to create channels on split. */ |
| 871 |
no_create_on_split = yes; |
| 872 |
|
| 873 |
/* no_join_on_split: do not allow users to join channels on a split. */ |
| 874 |
no_join_on_split = no; |
| 875 |
}; |
| 876 |
|
| 877 |
/* |
| 878 |
* serverhide {}: The serverhide block contains the options regarding |
| 879 |
* to server hiding |
| 880 |
*/ |
| 881 |
serverhide { |
| 882 |
/* |
| 883 |
* disable_remote_commands: disable users issuing commands |
| 884 |
* on remote servers. |
| 885 |
*/ |
| 886 |
disable_remote_commands = no; |
| 887 |
|
| 888 |
/* |
| 889 |
* flatten_links: this option will show all servers in /links appear |
| 890 |
* as though they are linked to this current server. |
| 891 |
*/ |
| 892 |
flatten_links = no; |
| 893 |
|
| 894 |
/* |
| 895 |
* links_delay: how often to update the links file when it is |
| 896 |
* flattened. |
| 897 |
*/ |
| 898 |
links_delay = 5 minutes; |
| 899 |
|
| 900 |
/* |
| 901 |
* hidden: hide this server from a /links output on servers that |
| 902 |
* support it. This allows hub servers to be hidden etc. |
| 903 |
*/ |
| 904 |
hidden = no; |
| 905 |
|
| 906 |
/* |
| 907 |
* hide_servers: hide remote servernames everywhere and instead use |
| 908 |
* hidden_name and network_desc. |
| 909 |
*/ |
| 910 |
hide_servers = no; |
| 911 |
|
| 912 |
/* |
| 913 |
* hide_services: define this if you want to hide the location of |
| 914 |
* services servers that are specified in the service{} block. |
| 915 |
*/ |
| 916 |
hide_services = no; |
| 917 |
|
| 918 |
/* |
| 919 |
* Use this as the servername users see if hide_servers = yes. |
| 920 |
*/ |
| 921 |
hidden_name = "*.hidden.com"; |
| 922 |
|
| 923 |
/* |
| 924 |
* hide_server_ips: If this is disabled, opers will be unable to see |
| 925 |
* servers' IP addresses and will be shown a masked IP address; admins |
| 926 |
* will be shown the real IP address. |
| 927 |
* |
| 928 |
* If this is enabled, nobody can see a server's IP address. |
| 929 |
* *This is a kludge*: it has the side effect of hiding the IP addresses |
| 930 |
* everywhere, including logfiles. |
| 931 |
* |
| 932 |
* We recommend you leave this disabled, and just take care with who you |
| 933 |
* give administrator privileges to. |
| 934 |
*/ |
| 935 |
hide_server_ips = no; |
| 936 |
}; |
| 937 |
|
| 938 |
/* |
| 939 |
* general {}: The general block contains many of the options that were once |
| 940 |
* compiled in options in config.h |
| 941 |
*/ |
| 942 |
general { |
| 943 |
/* |
| 944 |
* cycle_on_host_change: sends a fake QUIT/JOIN combination |
| 945 |
* when services change the hostname of a specific client. |
| 946 |
*/ |
| 947 |
cycle_on_host_change = yes; |
| 948 |
|
| 949 |
/* services_name: servername of nick/channel services */ |
| 950 |
services_name = "service.someserver"; |
| 951 |
|
| 952 |
/* max_watch: maximum WATCH entries a client can have. */ |
| 953 |
max_watch = 50; |
| 954 |
|
| 955 |
/* gline_enable: enable glines (network-wide temporary klines). */ |
| 956 |
gline_enable = yes; |
| 957 |
|
| 958 |
/* |
| 959 |
* gline_duration: the amount of time a gline will remain on your |
| 960 |
* server before expiring. |
| 961 |
*/ |
| 962 |
gline_duration = 1 day; |
| 963 |
|
| 964 |
/* |
| 965 |
* gline_request_duration: how long a pending G-line can be around. |
| 966 |
* 10 minutes should be plenty. |
| 967 |
*/ |
| 968 |
gline_request_duration = 10 minutes; |
| 969 |
|
| 970 |
/* |
| 971 |
* gline_min_cidr: the minimum required length of a CIDR bitmask |
| 972 |
* for IPv4 based glines. |
| 973 |
*/ |
| 974 |
gline_min_cidr = 16; |
| 975 |
|
| 976 |
/* |
| 977 |
* gline_min_cidr6: the minimum required length of a CIDR bitmask |
| 978 |
* for IPv6 based glines. |
| 979 |
*/ |
| 980 |
gline_min_cidr6 = 48; |
| 981 |
|
| 982 |
/* |
| 983 |
* invisible_on_connect: whether to automatically set mode +i on |
| 984 |
* connecting users. |
| 985 |
*/ |
| 986 |
invisible_on_connect = yes; |
| 987 |
|
| 988 |
/* |
| 989 |
* kill_chase_time_limit: KILL chasing is a feature whereby a KILL |
| 990 |
* issued for a user who has recently changed nickname will be applied |
| 991 |
* automatically to the new nick. kill_chase_time_limit is the maximum |
| 992 |
* time following a nickname change that this chasing will apply. |
| 993 |
*/ |
| 994 |
kill_chase_time_limit = 30 seconds; |
| 995 |
|
| 996 |
/* |
| 997 |
* hide_spoof_ips: if disabled, opers will be allowed to see the real |
| 998 |
* IP address of spoofed users in /trace etc. If this is defined they |
| 999 |
* will be shown a masked IP. |
| 1000 |
*/ |
| 1001 |
hide_spoof_ips = yes; |
| 1002 |
|
| 1003 |
/* |
| 1004 |
* Ignore bogus timestamps from other servers. Yes, this will desync the |
| 1005 |
* network, but it will allow chanops to resync with a valid non TS 0 |
| 1006 |
* |
| 1007 |
* This should be enabled network wide, or not at all. |
| 1008 |
*/ |
| 1009 |
ignore_bogus_ts = no; |
| 1010 |
|
| 1011 |
/* |
| 1012 |
* disable_auth: completely disable ident lookups; if you enable this, |
| 1013 |
* be careful of what you set need_ident to in your auth {} blocks |
| 1014 |
*/ |
| 1015 |
disable_auth = no; |
| 1016 |
|
| 1017 |
/* |
| 1018 |
* tkline_expire_notices: enables or disables temporary kline/xline |
| 1019 |
* expire notices. |
| 1020 |
*/ |
| 1021 |
tkline_expire_notices = no; |
| 1022 |
|
| 1023 |
/* |
| 1024 |
* default_floodcount: the default value of floodcount that is configurable |
| 1025 |
* via /quote set floodcount. This is the number of lines a user |
| 1026 |
* may send to any other user/channel in one second. |
| 1027 |
*/ |
| 1028 |
default_floodcount = 10; |
| 1029 |
|
| 1030 |
/* |
| 1031 |
* failed_oper_notice: send a notice to all opers on the server when |
| 1032 |
* someone tries to OPER and uses the wrong password, host or ident. |
| 1033 |
*/ |
| 1034 |
failed_oper_notice = yes; |
| 1035 |
|
| 1036 |
/* |
| 1037 |
* dots_in_ident: the number of '.' characters permitted in an ident |
| 1038 |
* reply before the user is rejected. |
| 1039 |
*/ |
| 1040 |
dots_in_ident = 2; |
| 1041 |
|
| 1042 |
/* |
| 1043 |
* min_nonwildcard: the minimum number of non-wildcard characters in |
| 1044 |
* k/d/g lines placed via the server. K-lines hand-placed are exempt from |
| 1045 |
* this limit. |
| 1046 |
* Wildcard chars: '.', ':', '*', '?', '@', '!' |
| 1047 |
*/ |
| 1048 |
min_nonwildcard = 4; |
| 1049 |
|
| 1050 |
/* |
| 1051 |
* min_nonwildcard_simple: the minimum number of non-wildcard characters |
| 1052 |
* in gecos bans. Wildcard chars: '*', '?' |
| 1053 |
*/ |
| 1054 |
min_nonwildcard_simple = 3; |
| 1055 |
|
| 1056 |
/* max_accept: maximum allowed /accept's for +g usermode. */ |
| 1057 |
max_accept = 50; |
| 1058 |
|
| 1059 |
/* anti_nick_flood: enable the nickflood control code. */ |
| 1060 |
anti_nick_flood = yes; |
| 1061 |
|
| 1062 |
/* nick flood: the number of nick changes allowed in the specified period */ |
| 1063 |
max_nick_time = 20 seconds; |
| 1064 |
max_nick_changes = 5; |
| 1065 |
|
| 1066 |
/* |
| 1067 |
* anti_spam_exit_message_time: the minimum time a user must be connected |
| 1068 |
* before custom quit messages are allowed. |
| 1069 |
*/ |
| 1070 |
anti_spam_exit_message_time = 5 minutes; |
| 1071 |
|
| 1072 |
/* |
| 1073 |
* ts delta: the time delta allowed between server clocks before |
| 1074 |
* a warning is given, or before the link is dropped. All servers |
| 1075 |
* should run ntpdate/rdate to keep clocks in sync |
| 1076 |
*/ |
| 1077 |
ts_warn_delta = 10 seconds; |
| 1078 |
ts_max_delta = 2 minutes; |
| 1079 |
|
| 1080 |
/* |
| 1081 |
* warn_no_connect_block: warn opers about servers that try to connect |
| 1082 |
* but for which we don't have a connect {} block. Twits with |
| 1083 |
* misconfigured servers can become really annoying with this enabled. |
| 1084 |
*/ |
| 1085 |
warn_no_connect_block = yes; |
| 1086 |
|
| 1087 |
/* |
| 1088 |
* stats_e_disabled: set this to 'yes' to disable "STATS e" for both |
| 1089 |
* operators and administrators. Doing so is a good idea in case |
| 1090 |
* there are any exempted (exempt{}) server IPs you don't want to |
| 1091 |
* see leaked. |
| 1092 |
*/ |
| 1093 |
stats_e_disabled = no; |
| 1094 |
|
| 1095 |
/* stats_o_oper only: make stats o (opers) oper only */ |
| 1096 |
stats_o_oper_only = yes; |
| 1097 |
|
| 1098 |
/* stats_P_oper_only: make stats P (ports) oper only */ |
| 1099 |
stats_P_oper_only = yes; |
| 1100 |
|
| 1101 |
/* stats_u_oper_only: make stats u (uptime) oper only */ |
| 1102 |
stats_u_oper_only = no; |
| 1103 |
|
| 1104 |
/* |
| 1105 |
* stats_i_oper only: make stats i (auth {}) oper only. Set to: |
| 1106 |
* yes - show users no auth blocks, made oper only. |
| 1107 |
* masked - show users the first matching auth block |
| 1108 |
* no - show users all auth blocks. |
| 1109 |
*/ |
| 1110 |
stats_i_oper_only = yes; |
| 1111 |
|
| 1112 |
/* |
| 1113 |
* stats_k_oper_only: make stats k/K (klines) oper only. Set to: |
| 1114 |
* yes - show users no auth blocks, made oper only |
| 1115 |
* masked - show users the first matching auth block |
| 1116 |
* no - show users all auth blocks. |
| 1117 |
*/ |
| 1118 |
stats_k_oper_only = yes; |
| 1119 |
|
| 1120 |
/* |
| 1121 |
* caller_id_wait: time between notifying a +g user that somebody |
| 1122 |
* is messaging them. |
| 1123 |
*/ |
| 1124 |
caller_id_wait = 1 minute; |
| 1125 |
|
| 1126 |
/* |
| 1127 |
* opers_bypass_callerid: allows operators to bypass +g and message |
| 1128 |
* anyone who has it set (useful if you use services). |
| 1129 |
*/ |
| 1130 |
opers_bypass_callerid = no; |
| 1131 |
|
| 1132 |
/* |
| 1133 |
* pace_wait_simple: minimum time required between use of less |
| 1134 |
* intensive commands |
| 1135 |
* (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS) |
| 1136 |
*/ |
| 1137 |
pace_wait_simple = 1 second; |
| 1138 |
|
| 1139 |
/* |
| 1140 |
* pace_wait: minimum time required between use of more intensive commands |
| 1141 |
* (AWAY, INFO, LINKS, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS) |
| 1142 |
*/ |
| 1143 |
pace_wait = 10 seconds; |
| 1144 |
|
| 1145 |
/* |
| 1146 |
* short_motd: send clients a notice telling them to read the MOTD |
| 1147 |
* instead of forcing an MOTD to clients who may simply ignore it. |
| 1148 |
*/ |
| 1149 |
short_motd = no; |
| 1150 |
|
| 1151 |
/* |
| 1152 |
* ping_cookie: require clients to respond exactly to a ping command, |
| 1153 |
* can help block certain types of drones and FTP PASV mode spoofing. |
| 1154 |
*/ |
| 1155 |
ping_cookie = no; |
| 1156 |
|
| 1157 |
/* no_oper_flood: increase flood limits for opers. */ |
| 1158 |
no_oper_flood = yes; |
| 1159 |
|
| 1160 |
/* |
| 1161 |
* true_no_oper_flood: completely eliminate flood limits for opers |
| 1162 |
* and for clients with can_flood = yes in their auth {} blocks. |
| 1163 |
*/ |
| 1164 |
true_no_oper_flood = yes; |
| 1165 |
|
| 1166 |
/* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels. */ |
| 1167 |
oper_pass_resv = yes; |
| 1168 |
|
| 1169 |
/* REMOVE ME. The following line checks that you have been reading. */ |
| 1170 |
havent_read_conf = 1; |
| 1171 |
|
| 1172 |
/* |
| 1173 |
* max_targets: the maximum number of targets in a single |
| 1174 |
* PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited. |
| 1175 |
*/ |
| 1176 |
max_targets = 4; |
| 1177 |
|
| 1178 |
/* |
| 1179 |
* usermodes configurable: a list of usermodes for the options below |
| 1180 |
* |
| 1181 |
* +b - bots - See bot and drone flooding notices |
| 1182 |
* +c - cconn - Client connection/quit notices |
| 1183 |
* +D - deaf - Don't receive channel messages |
| 1184 |
* +d - debug - See debugging notices |
| 1185 |
* +e - external - See remote server connection and split notices |
| 1186 |
* +F - farconnect - Remote client connection/quit notices |
| 1187 |
* +f - full - See auth{} block full notices |
| 1188 |
* +G - softcallerid - Server Side Ignore for users not on your channels |
| 1189 |
* +g - callerid - Server Side Ignore (for privmsgs etc) |
| 1190 |
* +H - hidden - Hides operator status to other users |
| 1191 |
* +i - invisible - Not shown in NAMES or WHO unless you share a channel |
| 1192 |
* +j - rej - See rejected client notices |
| 1193 |
* +k - skill - See server generated KILL messages |
| 1194 |
* +l - locops - See LOCOPS messages |
| 1195 |
* +n - nchange - See client nick changes |
| 1196 |
* +p - hidechans - Hides channel list in WHOIS |
| 1197 |
* +q - hideidle - Hides idle and signon time in WHOIS |
| 1198 |
* +R - nononreg - Only receive private messages from registered clients |
| 1199 |
* +s - servnotice - See general server notices |
| 1200 |
* +u - unauth - See unauthorized client notices |
| 1201 |
* +w - wallop - See server generated WALLOPS |
| 1202 |
* +y - spy - See LINKS, STATS, TRACE notices etc. |
| 1203 |
* +z - operwall - See oper generated WALLOPS |
| 1204 |
*/ |
| 1205 |
|
| 1206 |
/* oper_only_umodes: usermodes only opers may set */ |
| 1207 |
oper_only_umodes = bots, cconn, debug, full, hidden, skill, |
| 1208 |
nchange, rej, spy, external, operwall, |
| 1209 |
locops, unauth, farconnect; |
| 1210 |
|
| 1211 |
/* oper_umodes: default usermodes opers get when they /oper */ |
| 1212 |
oper_umodes = bots, locops, servnotice, operwall, wallop; |
| 1213 |
|
| 1214 |
/* |
| 1215 |
* use_egd: if your system does not have *random devices yet you |
| 1216 |
* want to use OpenSSL and encrypted links, enable this. Beware - |
| 1217 |
* EGD is *very* CPU intensive when gathering data for its pool. |
| 1218 |
*/ |
| 1219 |
# use_egd = yes; |
| 1220 |
|
| 1221 |
/* |
| 1222 |
* egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7 |
| 1223 |
* which automatically finds the path. |
| 1224 |
*/ |
| 1225 |
# egdpool_path = "/var/run/egd-pool"; |
| 1226 |
|
| 1227 |
/* |
| 1228 |
* throttle_time: the minimum amount of time required between |
| 1229 |
* connections from the same IP address. exempt {} blocks are excluded |
| 1230 |
* from this throttling. |
| 1231 |
* Offers protection against flooders who reconnect quickly. |
| 1232 |
* Set to 0 to disable. |
| 1233 |
*/ |
| 1234 |
throttle_time = 10 seconds; |
| 1235 |
}; |
| 1236 |
|
| 1237 |
modules { |
| 1238 |
/* |
| 1239 |
* path: other paths to search for modules specified below |
| 1240 |
* and in "/module load". |
| 1241 |
*/ |
| 1242 |
path = "/usr/local/ircd/lib/ircd-hybrid/modules"; |
| 1243 |
path = "/usr/local/ircd/lib/ircd-hybrid/modules/autoload"; |
| 1244 |
|
| 1245 |
/* module: the name of a module to load on startup/rehash. */ |
| 1246 |
# module = "some_module.la"; |
| 1247 |
}; |
| 1248 |
|
| 1249 |
/* |
| 1250 |
* log {}: contains information about logfiles. |
| 1251 |
*/ |
| 1252 |
log { |
| 1253 |
/* Do you want to enable logging to ircd.log? */ |
| 1254 |
use_logging = yes; |
| 1255 |
|
| 1256 |
file { |
| 1257 |
type = oper; |
| 1258 |
name = "/usr/local/ircd/var/log/oper.log"; |
| 1259 |
size = unlimited; |
| 1260 |
}; |
| 1261 |
|
| 1262 |
file { |
| 1263 |
type = user; |
| 1264 |
name = "/usr/local/ircd/var/log/user.log"; |
| 1265 |
size = 50 megabytes; |
| 1266 |
}; |
| 1267 |
|
| 1268 |
file { |
| 1269 |
type = kill; |
| 1270 |
name = "/usr/local/ircd/var/log/kill.log"; |
| 1271 |
size = 50 megabytes; |
| 1272 |
}; |
| 1273 |
|
| 1274 |
file { |
| 1275 |
type = kline; |
| 1276 |
name = "/usr/local/ircd/var/log/kline.log"; |
| 1277 |
size = 50 megabytes; |
| 1278 |
}; |
| 1279 |
|
| 1280 |
file { |
| 1281 |
type = dline; |
| 1282 |
name = "/usr/local/ircd/var/log/dline.log"; |
| 1283 |
size = 50 megabytes; |
| 1284 |
}; |
| 1285 |
|
| 1286 |
file { |
| 1287 |
type = gline; |
| 1288 |
name = "/usr/local/ircd/var/log/gline.log"; |
| 1289 |
size = 50 megabytes; |
| 1290 |
}; |
| 1291 |
|
| 1292 |
file { |
| 1293 |
type = xline; |
| 1294 |
name = "/usr/local/ircd/var/log/xline.log"; |
| 1295 |
size = 50 megabytes; |
| 1296 |
}; |
| 1297 |
|
| 1298 |
file { |
| 1299 |
type = resv; |
| 1300 |
name = "/usr/local/ircd/var/log/resv.log"; |
| 1301 |
size = 50 megabytes; |
| 1302 |
}; |
| 1303 |
|
| 1304 |
file { |
| 1305 |
type = debug; |
| 1306 |
name = "/usr/local/ircd/var/log/debug.log"; |
| 1307 |
size = 50 megabytes; |
| 1308 |
}; |
| 1309 |
}; |