pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / ircd-hybrid / ircd.conf
at 17.09-beta 29 kB view raw
1/* doc/example.conf - ircd-hybrid-7 Example configuration file 2 * Copyright (C) 2000-2006 Hybrid Development Team 3 * 4 * Written by ejb, wcampbel, db, leeh and others 5 * Other example configurations can be found in the source dir under 6 * etc/. 7 * 8 * $Id: example.conf 639 2006-06-01 14:12:21Z michael $ 9 */ 10 11/* IMPORTANT NOTES: 12 * 13 * auth {} blocks MUST be specified in order of precedence. The first one 14 * that matches a user will be used. So place spoofs first, then specials, 15 * then general access. 16 * 17 * Shell style (#), C++ style (//) and C style comments are supported. 18 * 19 * Files may be included by either: 20 * .include "filename" 21 * .include <filename> 22 * 23 * Times/durations are written as: 24 * 12 hours 30 minutes 1 second 25 * 26 * Valid units of time: 27 * month, week, day, hour, minute, second 28 * 29 * Valid units of size: 30 * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte 31 * 32 * Sizes and times may be singular or plural. 33 */ 34 35/* EFNET NOTE: 36 * 37 * This config file is NOT suitable for EFNet. EFNet admins should use 38 * example.efnet.conf 39 */ 40 41/* 42 * serverinfo {}: contains information about the server. (OLD M:) 43 */ 44serverinfo { 45 /* 46 * name: the name of our server. This cannot be changed at runtime. 47 */ 48 name = "@serverName@"; 49 50 /* 51 * sid: a server's unique ID. This is three characters long and must 52 * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be 53 * a digit, followed by 2 alpha-numerical letters. 54 * NOTE: The letters must be capitalized. This cannot be changed at runtime. 55 */ 56 sid = "@sid@"; 57 58 /* 59 * description: the description of the server. '[' and ']' may not 60 * be used here for compatibility with older servers. 61 */ 62 description = "@description@"; 63 64 /* 65 * network info: the name and description of the network this server 66 * is on. Shown in the 005 reply and used with serverhiding. 67 */ 68 network_name = "JustIRCNetwork"; 69 network_desc = "This is My Network"; 70 71 /* 72 * hub: allow this server to act as a hub and have multiple servers 73 * connected to it. This may not be changed if there are active 74 * LazyLink servers. 75 */ 76 hub = no; 77 78 /* 79 * vhost: the IP to bind to when we connect outward to ipv4 servers. 80 * This should be an ipv4 IP only, or "* for INADDR_ANY. 81 */ 82 #vhost = "192.169.0.1"; 83 84 /* 85 * vhost6: the IP to bind to when we connect outward to ipv6 servers. 86 * This should be an ipv6 IP only, or "* for INADDR_ANY. 87 */ 88 #vhost6 = "3ffe:80e8:546::2"; 89 90 /* max_clients: the maximum number of clients allowed to connect */ 91 max_clients = 512; 92 93 /* 94 * rsa key: the path to the file containing our rsa key for cryptlink. 95 * 96 * Example command to store a 2048 bit RSA keypair in 97 * rsa.key, and the public key in rsa.pub: 98 * 99 * openssl genrsa -out rsa.key 2048 100 * openssl rsa -in rsa.key -pubout -out rsa.pub 101 * chown <ircd-user>.<ircd.group> rsa.key rsa.pub 102 * chmod 0600 rsa.key 103 * chmod 0644 rsa.pub 104 */ 105 #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key"; 106 107 /* 108 * ssl certificate: the path to the file containing our ssl certificate 109 * for encrypted client connection. 110 * 111 * This assumes your private RSA key is stored in rsa.key. You 112 * MUST have an RSA key in order to generate the certificate 113 * 114 * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem 115 * 116 * See http://www.openssl.org/docs/HOWTO/certificates.txt 117 * 118 * Please use the following values when generating the cert 119 * 120 * Organization Name: Network Name 121 * Organization Unit Name: changme.someirc.net 122 * Common Name: irc.someirc.net 123 * E-mail: you@domain.com 124 */ 125 #ssl_certificate_file = "/usr/local/ircd/etc/cert.pem"; 126 127 @cryptoSettings@ 128}; 129 130/* 131 * admin {}: contains admin information about the server. (OLD A:) 132 */ 133admin { 134 name = "Anonymous Hero"; 135 description = "Main Server Administrator"; 136 email = "@adminEmail@"; 137}; 138 139/* 140 * log {}: contains information about logfiles. 141 */ 142log { 143 /* Do you want to enable logging to ircd.log? */ 144 use_logging = yes; 145 146 /* 147 * logfiles: the logfiles to use for user connects, /oper uses, 148 * and failed /oper. These files must exist for logging to be used. 149 */ 150 fname_userlog = "/home/ircd/logs/userlog"; 151 fname_operlog = "/home/ircd/logs/operlog"; 152 fname_killlog = "/home/ircd/logs/kill"; 153 fname_klinelog = "/home/ircd/logs/kline"; 154 fname_glinelog = "/home/ircd/logs/gline"; 155 156 /* 157 * log_level: the amount of detail to log in ircd.log. The 158 * higher, the more information is logged. May be changed 159 * once the server is running via /quote SET LOG. Either: 160 * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG 161 */ 162 log_level = L_INFO; 163}; 164 165/* 166 * class {}: contains information about classes for users (OLD Y:) 167 */ 168class { 169 /* name: the name of the class. classes are text now */ 170 name = "users"; 171 172 /* 173 * ping_time: how often a client must reply to a PING from the 174 * server before they are dropped. 175 */ 176 ping_time = 90 seconds; 177 178 /* 179 * number_per_ip: how many local users are allowed to connect 180 * from one IP (optional) 181 */ 182 number_per_ip = 10; 183 184 /* 185 * max_local: how many local users are allowed to connect 186 * from one ident@host (optional) 187 */ 188 max_local = 50; 189 190 /* 191 * max_global: network-wide limit of users per ident@host (optional) 192 */ 193 max_global = 50; 194 195 /* 196 * max_number: the maximum number of users allowed in this class (optional) 197 */ 198 max_number = 10000; 199 200 /* 201 * the following lines are optional and allow you to define 202 * how many users can connect from one /NN subnet 203 */ 204 /*cidr_bitlen_ipv4 = 24; 205 *cidr_bitlen_ipv6 = 120; 206 *number_per_cidr = 16;*/ 207 208 /* 209 * sendq: the amount of data allowed in a clients queue before 210 * they are dropped. 211 */ 212 sendq = 100 kbytes; 213}; 214 215class { 216 name = "opers"; 217 ping_time = 90 seconds; 218 number_per_ip = 10; 219 max_number = 100; 220 sendq = 100kbytes; 221}; 222 223class { 224 name = "server"; 225 ping_time = 90 seconds; 226 227 /* 228 * ping_warning: how fast a server must reply to a PING before 229 * a warning to opers is generated. 230 */ 231 ping_warning = 15 seconds; 232 233 /* 234 * connectfreq: only used in server classes. Specifies the delay 235 * between autoconnecting to servers. 236 */ 237 connectfreq = 5 minutes; 238 239 /* max number: the amount of servers to autoconnect to */ 240 max_number = 1; 241 242 /* sendq: servers need a higher sendq as they send more data */ 243 sendq = 2 megabytes; 244}; 245 246/* 247 * listen {}: contains information about the ports ircd listens on (OLD P:) 248 */ 249listen { 250 /* 251 * port: the specific port to listen on. If no host is specified 252 * before, it will listen on all available IPs. 253 * 254 * Ports are separated via a comma, a range may be specified using ".." 255 */ 256 257 /* port: listen on all available IPs, ports 6665 to 6669 */ 258 port = 6665 .. 6669; 259 260 /* 261 * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P 262 * unless you are an administrator. 263 * 264 * NOTE: The "flags" directive has to come before "port". Always! 265 */ 266 #flags = hidden, ssl; 267 #host = "192.168.0.1"; 268 #port = 6697; 269 270 /* 271 * host: set a specific IP/host the ports after the line will listen 272 * on. This may be ipv4 or ipv6. 273 */ 274 #host = "1.2.3.4"; 275 #port = 7000, 7001; 276 277 #host = "3ffe:1234:a:b:c::d"; 278 #port = 7002; 279 280 @extraListen@ 281}; 282 283auth { 284 user = "*@*"; 285 class = "users"; 286 #flags = need_ident; 287}; 288 289/* 290 * operator {}: defines ircd operators. (OLD O:) 291 * 292 * ircd-hybrid no longer supports local operators, privileges are 293 * controlled via flags. 294 */ 295operator { 296 /* name: the name of the oper */ 297 /* NOTE: operator "opername"{} is also supported */ 298 name = "god"; 299 300 /* 301 * user: the user@host required for this operator. CIDR is not 302 * supported. Multiple user="" lines are supported. 303 */ 304 user = "*god@*"; 305 user = "*@127.0.0.1"; 306 307 /* 308 * password: the password required to oper. By default this will 309 * need to be encrypted using 'mkpasswd'. MD5 is supported. 310 */ 311 password = "iamoperator"; 312 313 /* 314 * encrypted: controls whether the oper password above has been 315 * encrypted. (OLD CRYPT_OPER_PASSWORD now optional per operator) 316 */ 317 encrypted = no; 318 319 /* 320 * rsa_public_key_file: the public key for this oper when using Challenge. 321 * A password should not be defined when this is used, see 322 * doc/challenge.txt for more information. 323 */ 324# rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; 325 326 /* class: the class the oper joins when they successfully /oper */ 327 class = "opers"; 328 329 /* 330 * umodes: default usermodes opers get when they /oper. If defined, 331 * it will override oper_umodes settings in general {}. 332 * Available usermodes: 333 * 334 * +b - bots - See bot and drone flooding notices 335 * +c - cconn - Client connection/quit notices 336 * +D - deaf - Don't receive channel messages 337 * +d - debug - See debugging notices 338 * +f - full - See I: line full notices 339 * +G - softcallerid - Server Side Ignore for users not on your channels 340 * +g - callerid - Server Side Ignore (for privmsgs etc) 341 * +i - invisible - Not shown in NAMES or WHO unless you share a 342 * a channel 343 * +k - skill - See server generated KILL messages 344 * +l - locops - See LOCOPS messages 345 * +n - nchange - See client nick changes 346 * +r - rej - See rejected client notices 347 * +s - servnotice - See general server notices 348 * +u - unauth - See unauthorized client notices 349 * +w - wallop - See server generated WALLOPS 350 * +x - external - See remote server connection and split notices 351 * +y - spy - See LINKS, STATS, TRACE notices etc. 352 * +z - operwall - See oper generated WALLOPS 353 */ 354# umodes = locops, servnotice, operwall, wallop; 355 356 /* 357 * privileges: controls the activities and commands an oper is 358 * allowed to do on the server. All options default to no. 359 * Available options: 360 * 361 * global_kill: allows remote users to be /KILL'd (OLD 'O' flag) 362 * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) 363 * remoteban: allows remote KLINE/UNKLINE 364 * kline: allows KILL, KLINE and DLINE (OLD 'K' flag) 365 * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) 366 * gline: allows GLINE (OLD 'G' flag) 367 * xline: allows XLINE (OLD 'X' flag) 368 * operwall: allows OPERWALL 369 * nick_changes: allows oper to see nickchanges (OLD 'N' flag) 370 * via usermode +n 371 * rehash: allows oper to REHASH config (OLD 'H' flag) 372 * die: allows DIE and RESTART (OLD 'D' flag) 373 * admin: gives admin privileges. admins 374 * may (un)load modules and see the 375 * real IPs of servers. 376 * hidden_admin: same as 'admin', but noone can recognize you as 377 * being an admin 378 * hidden_oper: not shown in /stats p (except for other operators) 379 */ 380 /* You can either use 381 * die = yes; 382 * rehash = yes; 383 * 384 * or in a flags statement i.e. 385 * flags = die, rehash; 386 * 387 * You can also negate a flag with ~ i.e. 388 * flags = ~remote; 389 * 390 */ 391 flags = global_kill, remote, kline, unkline, xline, 392 die, rehash, nick_changes, admin, operwall; 393}; 394 395/* 396 * shared {}: users that are allowed to remote kline (OLD U:) 397 * 398 * NOTE: This can be effectively used for remote klines. 399 * Please note that there is no password authentication 400 * for users setting remote klines. You must also be 401 * /oper'd in order to issue a remote kline. 402 */ 403shared { 404 /* 405 * name: the server the user must be on to set klines. If this is not 406 * specified, the user will be allowed to kline from all servers. 407 */ 408 name = "irc2.some.server"; 409 410 /* 411 * user: the user@host mask that is allowed to set klines. If this is 412 * not specified, all users on the server above will be allowed to set 413 * a remote kline. 414 */ 415 user = "oper@my.host.is.spoofed"; 416 417 /* 418 * type: list of what to share, options are as follows: 419 * kline - allow oper/server to kline 420 * tkline - allow temporary klines 421 * unkline - allow oper/server to unkline 422 * xline - allow oper/server to xline 423 * txline - allow temporary xlines 424 * unxline - allow oper/server to unxline 425 * resv - allow oper/server to resv 426 * tresv - allow temporary resvs 427 * unresv - allow oper/server to unresv 428 * locops - allow oper/server to locops - only used for servers that cluster 429 * all - allow oper/server to do all of the above (default) 430 */ 431 type = kline, unkline, resv; 432}; 433 434/* 435 * kill {}: users that are not allowed to connect (OLD K:) 436 * Oper issued klines will be added to the specified kline config 437 */ 438kill { 439 user = "bad@*.hacked.edu"; 440 reason = "Obviously hacked account"; 441}; 442 443kill { 444 user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$"; 445 type = regex; 446}; 447 448/* 449 * deny {}: IPs that are not allowed to connect (before DNS/ident lookup) 450 * Oper issued dlines will be added to the specified dline config 451 */ 452deny { 453 ip = "10.0.1.0/24"; 454 reason = "Reconnecting vhosted bots"; 455}; 456 457/* 458 * exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:) 459 */ 460exempt { 461 ip = "192.168.0.0/16"; 462}; 463 464/* 465 * resv {}: nicks and channels users may not use/join (OLD Q:) 466 */ 467resv { 468 /* reason: the reason for the proceeding resv's */ 469 reason = "There are no services on this network"; 470 471 /* resv: the nicks and channels users may not join/use */ 472 nick = "nickserv"; 473 nick = "chanserv"; 474 channel = "#services"; 475 476 /* resv: wildcard masks are also supported in nicks only */ 477 reason = "Clone bots"; 478 nick = "clone*"; 479}; 480 481/* 482 * gecos {}: The X: replacement, used for banning users based on 483 * their "realname". 484 */ 485gecos { 486 name = "*sex*"; 487 reason = "Possible spambot"; 488}; 489 490gecos { 491 name = "sub7server"; 492 reason = "Trojan drone"; 493}; 494 495gecos { 496 name = "*http*"; 497 reason = "Spambot"; 498}; 499 500gecos { 501 name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$"; 502 type = regex; 503}; 504 505/* 506 * channel {}: The channel block contains options pertaining to channels 507 */ 508channel { 509 /* 510 * disable_fake_channels: this option, if set to 'yes', will 511 * disallow clients to create or join channels that have one 512 * of the following ASCII characters in their name: 513 * 514 * 2 | bold 515 * 3 | mirc color 516 * 15 | plain text 517 * 22 | reverse 518 * 31 | underline 519 * 160 | non-breaking space 520 */ 521 disable_fake_channels = yes; 522 523 /* 524 * restrict_channels: reverse channel RESVs logic, only reserved 525 * channels are allowed 526 */ 527 restrict_channels = no; 528 529 /* 530 * disable_local_channels: prevent users from joining &channels. 531 */ 532 disable_local_channels = no; 533 534 /* 535 * use_invex: Enable/disable channel mode +I, a n!u@h list of masks 536 * that can join a +i channel without an invite. 537 */ 538 use_invex = yes; 539 540 /* 541 * use_except: Enable/disable channel mode +e, a n!u@h list of masks 542 * that can join a channel through a ban (+b). 543 */ 544 use_except = yes; 545 546 /* 547 * use_knock: Allows users to request an invite to a channel that 548 * is locked somehow (+ikl). If the channel is +p or you are banned 549 * the knock will not be sent. 550 */ 551 use_knock = yes; 552 553 /* 554 * knock_delay: The amount of time a user must wait between issuing 555 * the knock command. 556 */ 557 knock_delay = 1 minutes; 558 559 /* 560 * knock_delay_channel: How often a knock to any specific channel 561 * is permitted, regardless of the user sending the knock. 562 */ 563 knock_delay_channel = 1 minute; 564 565 /* 566 * burst_topicwho: enable sending of who set topic on topicburst 567 * default is yes 568 */ 569 burst_topicwho = yes; 570 571 /* 572 * max_chans_per_user: The maximum number of channels a user can 573 * join/be on. 574 */ 575 max_chans_per_user = 25; 576 577 /* quiet_on_ban: stop banned people talking in channels. */ 578 quiet_on_ban = yes; 579 580 /* max_bans: maximum number of +b/e/I modes in a channel */ 581 max_bans = 1000; 582 583 /* 584 * how many joins in how many seconds constitute a flood, use 0 to 585 * disable. +b opers will be notified (changeable via /set) 586 */ 587 join_flood_count = 100; 588 join_flood_time = 10 seconds; 589 590 /* 591 * splitcode: The ircd will now check splitmode every few seconds. 592 * 593 * Either split users or split servers can activate splitmode, but 594 * both conditions must be met for the ircd to deactivate splitmode. 595 * 596 * You may force splitmode to be permanent by /quote set splitmode on 597 */ 598 599 /* 600 * default_split_user_count: when the usercount is lower than this level, 601 * consider ourselves split. This must be set for automatic splitmode. 602 */ 603 default_split_user_count = 0; 604 605 /* 606 * default_split_server_count: when the servercount is lower than this, 607 * consider ourselves split. This must be set for automatic splitmode. 608 */ 609 default_split_server_count = 0; 610 611 /* split no create: disallow users creating channels on split. */ 612 no_create_on_split = yes; 613 614 /* split: no join: disallow users joining channels at all on a split */ 615 no_join_on_split = no; 616}; 617 618/* 619 * serverhide {}: The serverhide block contains the options regarding 620 * serverhiding 621 */ 622serverhide { 623 /* 624 * flatten_links: this option will show all servers in /links appear 625 * that they are linked to this current server 626 */ 627 flatten_links = no; 628 629 /* 630 * links_delay: how often to update the links file when it is 631 * flattened. 632 */ 633 links_delay = 5 minutes; 634 635 /* 636 * hidden: hide this server from a /links output on servers that 637 * support it. This allows hub servers to be hidden etc. 638 */ 639 hidden = no; 640 641 /* 642 * disable_hidden: prevent servers hiding themselves from a 643 * /links output. 644 */ 645 disable_hidden = no; 646 647 /* 648 * hide_servers: hide remote servernames everywhere and instead use 649 * hidden_name and network_desc. 650 */ 651 hide_servers = no; 652 653 /* 654 * Use this as the servername users see if hide_servers = yes. 655 */ 656 hidden_name = "*.hidden.com"; 657 658 /* 659 * hide_server_ips: If this is disabled, opers will be unable to see servers 660 * ips and will be shown a masked ip, admins will be shown the real ip. 661 * 662 * If this is enabled, nobody can see a servers ip. *This is a kludge*, it 663 * has the side effect of hiding the ips everywhere, including logfiles. 664 * 665 * We recommend you leave this disabled, and just take care with who you 666 * give admin=yes; to. 667 */ 668 hide_server_ips = no; 669}; 670 671/* 672 * general {}: The general block contains many of the options that were once 673 * compiled in options in config.h. The general block is read at start time. 674 */ 675general { 676 /* 677 * gline_min_cidr: the minimum required length of a CIDR bitmask 678 * for IPv4 based glines 679 */ 680 gline_min_cidr = 16; 681 682 /* 683 * gline_min_cidr6: the minimum required length of a CIDR bitmask 684 * for IPv6 based glines 685 */ 686 gline_min_cidr6 = 48; 687 688 /* 689 * Whether to automatically set mode +i on connecting users. 690 */ 691 invisible_on_connect = yes; 692 693 /* 694 * If you don't explicitly specify burst_away in your connect blocks, then 695 * they will default to the burst_away value below. 696 */ 697 burst_away = no; 698 699 /* 700 * Show "actually using host <ip>" on /whois when possible. 701 */ 702 use_whois_actually = yes; 703 704 /* 705 * Max time from the nickname change that still causes KILL 706 * automatically to switch for the current nick of that user. (seconds) 707 */ 708 kill_chase_time_limit = 90; 709 710 /* 711 * If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed 712 * users in /trace etc. If this is defined they will be shown a masked IP. 713 */ 714 hide_spoof_ips = yes; 715 716 /* 717 * Ignore bogus timestamps from other servers. Yes, this will desync 718 * the network, but it will allow chanops to resync with a valid non TS 0 719 * 720 * This should be enabled network wide, or not at all. 721 */ 722 ignore_bogus_ts = no; 723 724 /* 725 * disable_auth: completely disable ident lookups; if you enable this, 726 * be careful of what you set need_ident to in your auth {} blocks 727 */ 728 disable_auth = no; 729 730 /* disable_remote_commands: disable users doing commands on remote servers */ 731 disable_remote_commands = no; 732 733 /* 734 * tkline_expire_notices: enables or disables temporary kline/xline 735 * expire notices. 736 */ 737 tkline_expire_notices = no; 738 739 /* 740 * default_floodcount: the default value of floodcount that is configurable 741 * via /quote set floodcount. This is the amount of lines a user 742 * may send to any other user/channel in one second. 743 */ 744 default_floodcount = 10; 745 746 /* 747 * failed_oper_notice: send a notice to all opers on the server when 748 * someone tries to OPER and uses the wrong password, host or ident. 749 */ 750 failed_oper_notice = yes; 751 752 /* 753 * dots_in_ident: the amount of '.' characters permitted in an ident 754 * reply before the user is rejected. 755 */ 756 dots_in_ident = 2; 757 758 /* 759 * dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts 760 * without a '.' in them. This will add one to the end. Only needed 761 * for older servers. 762 */ 763 dot_in_ip6_addr = no; 764 765 /* 766 * min_nonwildcard: the minimum non wildcard characters in k/d/g lines 767 * placed via the server. klines hand placed are exempt from limits. 768 * wildcard chars: '.' ':' '*' '?' '@' '!' '#' 769 */ 770 min_nonwildcard = 4; 771 772 /* 773 * min_nonwildcard_simple: the minimum non wildcard characters in 774 * gecos bans. wildcard chars: '*' '?' '#' 775 */ 776 min_nonwildcard_simple = 3; 777 778 /* max_accept: maximum allowed /accept's for +g usermode */ 779 max_accept = 20; 780 781 /* anti_nick_flood: enable the nickflood control code */ 782 anti_nick_flood = yes; 783 784 /* nick flood: the nick changes allowed in the specified period */ 785 max_nick_time = 20 seconds; 786 max_nick_changes = 5; 787 788 /* 789 * anti_spam_exit_message_time: the minimum time a user must be connected 790 * before custom quit messages are allowed. 791 */ 792 anti_spam_exit_message_time = 5 minutes; 793 794 /* 795 * ts delta: the time delta allowed between server clocks before 796 * a warning is given, or before the link is dropped. all servers 797 * should run ntpdate/rdate to keep clocks in sync 798 */ 799 ts_warn_delta = 30 seconds; 800 ts_max_delta = 5 minutes; 801 802 /* 803 * kline_with_reason: show the user the reason why they are k/d/glined 804 * on exit. May give away who set k/dline when set via tcm. 805 */ 806 kline_with_reason = yes; 807 808 /* 809 * kline_reason: show this message to users on channel 810 * instead of the oper reason. 811 */ 812 kline_reason = "Connection closed"; 813 814 /* 815 * reject_hold_time: wait this amount of time before disconnecting 816 * a rejected client. Use 0 to disable. 817 */ 818 reject_hold_time = 0; 819 820 /* 821 * warn_no_nline: warn opers about servers that try to connect but 822 * we don't have a connect {} block for. Twits with misconfigured 823 * servers can get really annoying with this enabled. 824 */ 825 warn_no_nline = yes; 826 827 /* 828 * stats_e_disabled: set this to 'yes' to disable "STATS e" for both 829 * operators and administrators. Doing so is a good idea in case 830 * there are any exempted (exempt{}) server IPs you don't want to 831 * see leaked. 832 */ 833 stats_e_disabled = no; 834 835 /* stats_o_oper only: make stats o (opers) oper only */ 836 stats_o_oper_only = yes; 837 838 /* stats_P_oper_only: make stats P (ports) oper only */ 839 stats_P_oper_only = yes; 840 841 /* 842 * stats i oper only: make stats i (auth {}) oper only. set to: 843 * yes: show users no auth blocks, made oper only. 844 * masked: show users first matching auth block 845 * no: show users all auth blocks. 846 */ 847 stats_i_oper_only = yes; 848 849 /* 850 * stats_k_oper_only: make stats k/K (klines) oper only. set to: 851 * yes: show users no auth blocks, made oper only 852 * masked: show users first matching auth block 853 * no: show users all auth blocks. 854 */ 855 stats_k_oper_only = yes; 856 857 /* 858 * caller_id_wait: time between notifying a +g user that somebody 859 * is messaging them. 860 */ 861 caller_id_wait = 1 minute; 862 863 /* 864 * opers_bypass_callerid: allows operators to bypass +g and message 865 * anyone who has it set (useful if you use services). 866 */ 867 opers_bypass_callerid = no; 868 869 /* 870 * pace_wait_simple: time between use of less intensive commands 871 * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS) 872 */ 873 pace_wait_simple = 1 second; 874 875 /* 876 * pace_wait: time between more intensive commands 877 * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS) 878 */ 879 pace_wait = 10 seconds; 880 881 /* 882 * short_motd: send clients a notice telling them to read the motd 883 * instead of forcing a motd to clients who may simply ignore it. 884 */ 885 short_motd = no; 886 887 /* 888 * ping_cookie: require clients to respond exactly to a ping command, 889 * can help block certain types of drones and FTP PASV mode spoofing. 890 */ 891 ping_cookie = no; 892 893 /* no_oper_flood: increase flood limits for opers. */ 894 no_oper_flood = yes; 895 896 /* 897 * true_no_oper_flood: completely eliminate flood limits for opers 898 * and for clients with can_flood = yes in their auth {} blocks 899 */ 900 true_no_oper_flood = yes; 901 902 /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */ 903 oper_pass_resv = yes; 904 905 /* 906 * idletime: the maximum amount of time a user may idle before 907 * they are disconnected 908 */ 909 idletime = 0; 910 911 /* REMOVE ME. The following line checks you've been reading. */ 912 #havent_read_conf = 1; 913 914 /* 915 * max_targets: the maximum amount of targets in a single 916 * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited. 917 */ 918 max_targets = 4; 919 920 /* 921 * client_flood: maximum amount of data in a clients queue before 922 * they are dropped for flooding. 923 */ 924 client_flood = 2560 bytes; 925 926 /* 927 * message_locale: the default message locale 928 * Use "standard" for the compiled in defaults. 929 * To install the translated messages, go into messages/ in the 930 * source directory and run `make install'. 931 */ 932 message_locale = "standard"; 933 934 /* 935 * usermodes configurable: a list of usermodes for the options below 936 * 937 * +b - bots - See bot and drone flooding notices 938 * +c - cconn - Client connection/quit notices 939 * +D - deaf - Don't receive channel messages 940 * +d - debug - See debugging notices 941 * +f - full - See I: line full notices 942 * +G - softcallerid - Server Side Ignore for users not on your channels 943 * +g - callerid - Server Side Ignore (for privmsgs etc) 944 * +i - invisible - Not shown in NAMES or WHO unless you share a 945 * a channel 946 * +k - skill - See server generated KILL messages 947 * +l - locops - See LOCOPS messages 948 * +n - nchange - See client nick changes 949 * +r - rej - See rejected client notices 950 * +s - servnotice - See general server notices 951 * +u - unauth - See unauthorized client notices 952 * +w - wallop - See server generated WALLOPS 953 * +x - external - See remote server connection and split notices 954 * +y - spy - See LINKS, STATS, TRACE notices etc. 955 * +z - operwall - See oper generated WALLOPS 956 */ 957 958 /* oper_only_umodes: usermodes only opers may set */ 959 oper_only_umodes = bots, cconn, debug, full, skill, nchange, 960 rej, spy, external, operwall, locops, unauth; 961 962 /* oper_umodes: default usermodes opers get when they /oper */ 963 oper_umodes = bots, locops, servnotice, operwall, wallop; 964 965 /* 966 * servlink_path: path to 'servlink' program used by ircd to handle 967 * encrypted/compressed server <-> server links. 968 * 969 * only define if servlink is not in same directory as ircd itself. 970 */ 971 #servlink_path = "/usr/local/ircd/bin/servlink"; 972 973 /* 974 * default_cipher_preference: default cipher to use for cryptlink when none is 975 * specified in connect block. 976 */ 977 #default_cipher_preference = "BF/168"; 978 979 /* 980 * use_egd: if your system does not have *random devices yet you 981 * want to use OpenSSL and encrypted links, enable this. Beware - 982 * EGD is *very* CPU intensive when gathering data for its pool 983 */ 984# use_egd = yes; 985 986 /* 987 * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7 988 * which automatically finds the path. 989 */ 990# egdpool_path = "/var/run/egd-pool"; 991 992 993 /* 994 * compression_level: level of compression for compressed links between 995 * servers. 996 * 997 * values are between: 1 (least compression, fastest) 998 * and: 9 (most compression, slowest). 999 */ 1000# compression_level = 6; 1001 1002 /* 1003 * throttle_time: the minimum amount of time between connections from 1004 * the same ip. exempt {} blocks are excluded from this throttling. 1005 * Offers protection against flooders who reconnect quickly. 1006 * Set to 0 to disable. 1007 */ 1008 throttle_time = 10; 1009}; 1010 1011glines { 1012 /* enable: enable glines, network wide temp klines */ 1013 enable = yes; 1014 1015 /* 1016 * duration: the amount of time a gline will remain on your 1017 * server before expiring 1018 */ 1019 duration = 1 day; 1020 1021 /* 1022 * logging: which types of rules you want to log when triggered 1023 * (choose reject or block) 1024 */ 1025 logging = reject, block; 1026 1027 /* 1028 * NOTE: gline ACLs can cause a desync of glines throughout the 1029 * network, meaning some servers may have a gline triggered, and 1030 * others may not. Also, you only need insert rules for glines 1031 * that you want to block and/or reject. If you want to accept and 1032 * propagate the gline, do NOT put a rule for it. 1033 */ 1034 1035 /* user@host for rule to apply to */ 1036 user = "god@I.still.hate.packets"; 1037 /* server for rule to apply to */ 1038 name = "hades.arpa"; 1039 1040 /* 1041 * action: action to take when a matching gline is found. options are: 1042 * reject - do not apply the gline locally 1043 * block - do not propagate the gline 1044 */ 1045 action = reject, block; 1046 1047 user = "god@*"; 1048 name = "*"; 1049 action = block; 1050}; 1051