1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
|
/* doc/example.conf - ircd-hybrid-7 Example configuration file
* Copyright (C) 2000-2006 Hybrid Development Team
*
* Written by ejb, wcampbel, db, leeh and others
* Other example configurations can be found in the source dir under
* etc/.
*
* $Id: example.conf 639 2006-06-01 14:12:21Z michael $
*/
/* IMPORTANT NOTES:
*
* auth {} blocks MUST be specified in order of precedence. The first one
* that matches a user will be used. So place spoofs first, then specials,
* then general access.
*
* Shell style (#), C++ style (//) and C style comments are supported.
*
* Files may be included by either:
* .include "filename"
* .include <filename>
*
* Times/durations are written as:
* 12 hours 30 minutes 1 second
*
* Valid units of time:
* month, week, day, hour, minute, second
*
* Valid units of size:
* megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
*
* Sizes and times may be singular or plural.
*/
/* EFNET NOTE:
*
* This config file is NOT suitable for EFNet. EFNet admins should use
* example.efnet.conf
*/
/*
* serverinfo {}: contains information about the server. (OLD M:)
*/
serverinfo {
/*
* name: the name of our server. This cannot be changed at runtime.
*/
name = "@serverName@";
/*
* sid: a server's unique ID. This is three characters long and must
* be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
* a digit, followed by 2 alpha-numerical letters.
* NOTE: The letters must be capitalized. This cannot be changed at runtime.
*/
sid = "@sid@";
/*
* description: the description of the server. '[' and ']' may not
* be used here for compatibility with older servers.
*/
description = "@description@";
/*
* network info: the name and description of the network this server
* is on. Shown in the 005 reply and used with serverhiding.
*/
network_name = "JustIRCNetwork";
network_desc = "This is My Network";
/*
* hub: allow this server to act as a hub and have multiple servers
* connected to it. This may not be changed if there are active
* LazyLink servers.
*/
hub = no;
/*
* vhost: the IP to bind to when we connect outward to ipv4 servers.
* This should be an ipv4 IP only, or "* for INADDR_ANY.
*/
#vhost = "192.169.0.1";
/*
* vhost6: the IP to bind to when we connect outward to ipv6 servers.
* This should be an ipv6 IP only, or "* for INADDR_ANY.
*/
#vhost6 = "3ffe:80e8:546::2";
/* max_clients: the maximum number of clients allowed to connect */
max_clients = 512;
/*
* rsa key: the path to the file containing our rsa key for cryptlink.
*
* Example command to store a 2048 bit RSA keypair in
* rsa.key, and the public key in rsa.pub:
*
* openssl genrsa -out rsa.key 2048
* openssl rsa -in rsa.key -pubout -out rsa.pub
* chown <ircd-user>.<ircd.group> rsa.key rsa.pub
* chmod 0600 rsa.key
* chmod 0644 rsa.pub
*/
#rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
/*
* ssl certificate: the path to the file containing our ssl certificate
* for encrypted client connection.
*
* This assumes your private RSA key is stored in rsa.key. You
* MUST have an RSA key in order to generate the certificate
*
* openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
*
* See http://www.openssl.org/docs/HOWTO/certificates.txt
*
* Please use the following values when generating the cert
*
* Organization Name: Network Name
* Organization Unit Name: changme.someirc.net
* Common Name: irc.someirc.net
* E-mail: you@domain.com
*/
#ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
@cryptoSettings@
};
/*
* admin {}: contains admin information about the server. (OLD A:)
*/
admin {
name = "Anonymous Hero";
description = "Main Server Administrator";
email = "@adminEmail@";
};
/*
* log {}: contains information about logfiles.
*/
log {
/* Do you want to enable logging to ircd.log? */
use_logging = yes;
/*
* logfiles: the logfiles to use for user connects, /oper uses,
* and failed /oper. These files must exist for logging to be used.
*/
fname_userlog = "/home/ircd/logs/userlog";
fname_operlog = "/home/ircd/logs/operlog";
fname_killlog = "/home/ircd/logs/kill";
fname_klinelog = "/home/ircd/logs/kline";
fname_glinelog = "/home/ircd/logs/gline";
/*
* log_level: the amount of detail to log in ircd.log. The
* higher, the more information is logged. May be changed
* once the server is running via /quote SET LOG. Either:
* L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
*/
log_level = L_INFO;
};
/*
* class {}: contains information about classes for users (OLD Y:)
*/
class {
/* name: the name of the class. classes are text now */
name = "users";
/*
* ping_time: how often a client must reply to a PING from the
* server before they are dropped.
*/
ping_time = 90 seconds;
/*
* number_per_ip: how many local users are allowed to connect
* from one IP (optional)
*/
number_per_ip = 10;
/*
* max_local: how many local users are allowed to connect
* from one ident@host (optional)
*/
max_local = 50;
/*
* max_global: network-wide limit of users per ident@host (optional)
*/
max_global = 50;
/*
* max_number: the maximum number of users allowed in this class (optional)
*/
max_number = 10000;
/*
* the following lines are optional and allow you to define
* how many users can connect from one /NN subnet
*/
/*cidr_bitlen_ipv4 = 24;
*cidr_bitlen_ipv6 = 120;
*number_per_cidr = 16;*/
/*
* sendq: the amount of data allowed in a clients queue before
* they are dropped.
*/
sendq = 100 kbytes;
};
class {
name = "opers";
ping_time = 90 seconds;
number_per_ip = 10;
max_number = 100;
sendq = 100kbytes;
};
class {
name = "server";
ping_time = 90 seconds;
/*
* ping_warning: how fast a server must reply to a PING before
* a warning to opers is generated.
*/
ping_warning = 15 seconds;
/*
* connectfreq: only used in server classes. Specifies the delay
* between autoconnecting to servers.
*/
connectfreq = 5 minutes;
/* max number: the amount of servers to autoconnect to */
max_number = 1;
/* sendq: servers need a higher sendq as they send more data */
sendq = 2 megabytes;
};
/*
* listen {}: contains information about the ports ircd listens on (OLD P:)
*/
listen {
/*
* port: the specific port to listen on. If no host is specified
* before, it will listen on all available IPs.
*
* Ports are separated via a comma, a range may be specified using ".."
*/
/* port: listen on all available IPs, ports 6665 to 6669 */
port = 6665 .. 6669;
/*
* Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
* unless you are an administrator.
*
* NOTE: The "flags" directive has to come before "port". Always!
*/
#flags = hidden, ssl;
#host = "192.168.0.1";
#port = 6697;
/*
* host: set a specific IP/host the ports after the line will listen
* on. This may be ipv4 or ipv6.
*/
#host = "1.2.3.4";
#port = 7000, 7001;
#host = "3ffe:1234:a:b:c::d";
#port = 7002;
@extraListen@
};
auth {
user = "*@*";
class = "users";
#flags = need_ident;
};
/*
* operator {}: defines ircd operators. (OLD O:)
*
* ircd-hybrid no longer supports local operators, privileges are
* controlled via flags.
*/
operator {
/* name: the name of the oper */
/* NOTE: operator "opername"{} is also supported */
name = "god";
/*
* user: the user@host required for this operator. CIDR is not
* supported. Multiple user="" lines are supported.
*/
user = "*god@*";
user = "*@127.0.0.1";
/*
* password: the password required to oper. By default this will
* need to be encrypted using 'mkpasswd'. MD5 is supported.
*/
password = "iamoperator";
/*
* encrypted: controls whether the oper password above has been
* encrypted. (OLD CRYPT_OPER_PASSWORD now optional per operator)
*/
encrypted = no;
/*
* rsa_public_key_file: the public key for this oper when using Challenge.
* A password should not be defined when this is used, see
* doc/challenge.txt for more information.
*/
# rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
/* class: the class the oper joins when they successfully /oper */
class = "opers";
/*
* umodes: default usermodes opers get when they /oper. If defined,
* it will override oper_umodes settings in general {}.
* Available usermodes:
*
* +b - bots - See bot and drone flooding notices
* +c - cconn - Client connection/quit notices
* +D - deaf - Don't receive channel messages
* +d - debug - See debugging notices
* +f - full - See I: line full notices
* +G - softcallerid - Server Side Ignore for users not on your channels
* +g - callerid - Server Side Ignore (for privmsgs etc)
* +i - invisible - Not shown in NAMES or WHO unless you share a
* a channel
* +k - skill - See server generated KILL messages
* +l - locops - See LOCOPS messages
* +n - nchange - See client nick changes
* +r - rej - See rejected client notices
* +s - servnotice - See general server notices
* +u - unauth - See unauthorized client notices
* +w - wallop - See server generated WALLOPS
* +x - external - See remote server connection and split notices
* +y - spy - See LINKS, STATS, TRACE notices etc.
* +z - operwall - See oper generated WALLOPS
*/
# umodes = locops, servnotice, operwall, wallop;
/*
* privileges: controls the activities and commands an oper is
* allowed to do on the server. All options default to no.
* Available options:
*
* global_kill: allows remote users to be /KILL'd (OLD 'O' flag)
* remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
* remoteban: allows remote KLINE/UNKLINE
* kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
* unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
* gline: allows GLINE (OLD 'G' flag)
* xline: allows XLINE (OLD 'X' flag)
* operwall: allows OPERWALL
* nick_changes: allows oper to see nickchanges (OLD 'N' flag)
* via usermode +n
* rehash: allows oper to REHASH config (OLD 'H' flag)
* die: allows DIE and RESTART (OLD 'D' flag)
* admin: gives admin privileges. admins
* may (un)load modules and see the
* real IPs of servers.
* hidden_admin: same as 'admin', but noone can recognize you as
* being an admin
* hidden_oper: not shown in /stats p (except for other operators)
*/
/* You can either use
* die = yes;
* rehash = yes;
*
* or in a flags statement i.e.
* flags = die, rehash;
*
* You can also negate a flag with ~ i.e.
* flags = ~remote;
*
*/
flags = global_kill, remote, kline, unkline, xline,
die, rehash, nick_changes, admin, operwall;
};
/*
* shared {}: users that are allowed to remote kline (OLD U:)
*
* NOTE: This can be effectively used for remote klines.
* Please note that there is no password authentication
* for users setting remote klines. You must also be
* /oper'd in order to issue a remote kline.
*/
shared {
/*
* name: the server the user must be on to set klines. If this is not
* specified, the user will be allowed to kline from all servers.
*/
name = "irc2.some.server";
/*
* user: the user@host mask that is allowed to set klines. If this is
* not specified, all users on the server above will be allowed to set
* a remote kline.
*/
user = "oper@my.host.is.spoofed";
/*
* type: list of what to share, options are as follows:
* kline - allow oper/server to kline
* tkline - allow temporary klines
* unkline - allow oper/server to unkline
* xline - allow oper/server to xline
* txline - allow temporary xlines
* unxline - allow oper/server to unxline
* resv - allow oper/server to resv
* tresv - allow temporary resvs
* unresv - allow oper/server to unresv
* locops - allow oper/server to locops - only used for servers that cluster
* all - allow oper/server to do all of the above (default)
*/
type = kline, unkline, resv;
};
/*
* kill {}: users that are not allowed to connect (OLD K:)
* Oper issued klines will be added to the specified kline config
*/
kill {
user = "bad@*.hacked.edu";
reason = "Obviously hacked account";
};
kill {
user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$";
type = regex;
};
/*
* deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
* Oper issued dlines will be added to the specified dline config
*/
deny {
ip = "10.0.1.0/24";
reason = "Reconnecting vhosted bots";
};
/*
* exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:)
*/
exempt {
ip = "192.168.0.0/16";
};
/*
* resv {}: nicks and channels users may not use/join (OLD Q:)
*/
resv {
/* reason: the reason for the proceeding resv's */
reason = "There are no services on this network";
/* resv: the nicks and channels users may not join/use */
nick = "nickserv";
nick = "chanserv";
channel = "#services";
/* resv: wildcard masks are also supported in nicks only */
reason = "Clone bots";
nick = "clone*";
};
/*
* gecos {}: The X: replacement, used for banning users based on
* their "realname".
*/
gecos {
name = "*sex*";
reason = "Possible spambot";
};
gecos {
name = "sub7server";
reason = "Trojan drone";
};
gecos {
name = "*http*";
reason = "Spambot";
};
gecos {
name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
type = regex;
};
/*
* channel {}: The channel block contains options pertaining to channels
*/
channel {
/*
* disable_fake_channels: this option, if set to 'yes', will
* disallow clients to create or join channels that have one
* of the following ASCII characters in their name:
*
* 2 | bold
* 3 | mirc color
* 15 | plain text
* 22 | reverse
* 31 | underline
* 160 | non-breaking space
*/
disable_fake_channels = yes;
/*
* restrict_channels: reverse channel RESVs logic, only reserved
* channels are allowed
*/
restrict_channels = no;
/*
* disable_local_channels: prevent users from joining &channels.
*/
disable_local_channels = no;
/*
* use_invex: Enable/disable channel mode +I, a n!u@h list of masks
* that can join a +i channel without an invite.
*/
use_invex = yes;
/*
* use_except: Enable/disable channel mode +e, a n!u@h list of masks
* that can join a channel through a ban (+b).
*/
use_except = yes;
/*
* use_knock: Allows users to request an invite to a channel that
* is locked somehow (+ikl). If the channel is +p or you are banned
* the knock will not be sent.
*/
use_knock = yes;
/*
* knock_delay: The amount of time a user must wait between issuing
* the knock command.
*/
knock_delay = 1 minutes;
/*
* knock_delay_channel: How often a knock to any specific channel
* is permitted, regardless of the user sending the knock.
*/
knock_delay_channel = 1 minute;
/*
* burst_topicwho: enable sending of who set topic on topicburst
* default is yes
*/
burst_topicwho = yes;
/*
* max_chans_per_user: The maximum number of channels a user can
* join/be on.
*/
max_chans_per_user = 25;
/* quiet_on_ban: stop banned people talking in channels. */
quiet_on_ban = yes;
/* max_bans: maximum number of +b/e/I modes in a channel */
max_bans = 1000;
/*
* how many joins in how many seconds constitute a flood, use 0 to
* disable. +b opers will be notified (changeable via /set)
*/
join_flood_count = 100;
join_flood_time = 10 seconds;
/*
* splitcode: The ircd will now check splitmode every few seconds.
*
* Either split users or split servers can activate splitmode, but
* both conditions must be met for the ircd to deactivate splitmode.
*
* You may force splitmode to be permanent by /quote set splitmode on
*/
/*
* default_split_user_count: when the usercount is lower than this level,
* consider ourselves split. This must be set for automatic splitmode.
*/
default_split_user_count = 0;
/*
* default_split_server_count: when the servercount is lower than this,
* consider ourselves split. This must be set for automatic splitmode.
*/
default_split_server_count = 0;
/* split no create: disallow users creating channels on split. */
no_create_on_split = yes;
/* split: no join: disallow users joining channels at all on a split */
no_join_on_split = no;
};
/*
* serverhide {}: The serverhide block contains the options regarding
* serverhiding
*/
serverhide {
/*
* flatten_links: this option will show all servers in /links appear
* that they are linked to this current server
*/
flatten_links = no;
/*
* links_delay: how often to update the links file when it is
* flattened.
*/
links_delay = 5 minutes;
/*
* hidden: hide this server from a /links output on servers that
* support it. This allows hub servers to be hidden etc.
*/
hidden = no;
/*
* disable_hidden: prevent servers hiding themselves from a
* /links output.
*/
disable_hidden = no;
/*
* hide_servers: hide remote servernames everywhere and instead use
* hidden_name and network_desc.
*/
hide_servers = no;
/*
* Use this as the servername users see if hide_servers = yes.
*/
hidden_name = "*.hidden.com";
/*
* hide_server_ips: If this is disabled, opers will be unable to see servers
* ips and will be shown a masked ip, admins will be shown the real ip.
*
* If this is enabled, nobody can see a servers ip. *This is a kludge*, it
* has the side effect of hiding the ips everywhere, including logfiles.
*
* We recommend you leave this disabled, and just take care with who you
* give admin=yes; to.
*/
hide_server_ips = no;
};
/*
* general {}: The general block contains many of the options that were once
* compiled in options in config.h. The general block is read at start time.
*/
general {
/*
* gline_min_cidr: the minimum required length of a CIDR bitmask
* for IPv4 based glines
*/
gline_min_cidr = 16;
/*
* gline_min_cidr6: the minimum required length of a CIDR bitmask
* for IPv6 based glines
*/
gline_min_cidr6 = 48;
/*
* Whether to automatically set mode +i on connecting users.
*/
invisible_on_connect = yes;
/*
* If you don't explicitly specify burst_away in your connect blocks, then
* they will default to the burst_away value below.
*/
burst_away = no;
/*
* Show "actually using host <ip>" on /whois when possible.
*/
use_whois_actually = yes;
/*
* Max time from the nickname change that still causes KILL
* automatically to switch for the current nick of that user. (seconds)
*/
kill_chase_time_limit = 90;
/*
* If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed
* users in /trace etc. If this is defined they will be shown a masked IP.
*/
hide_spoof_ips = yes;
/*
* Ignore bogus timestamps from other servers. Yes, this will desync
* the network, but it will allow chanops to resync with a valid non TS 0
*
* This should be enabled network wide, or not at all.
*/
ignore_bogus_ts = no;
/*
* disable_auth: completely disable ident lookups; if you enable this,
* be careful of what you set need_ident to in your auth {} blocks
*/
disable_auth = no;
/* disable_remote_commands: disable users doing commands on remote servers */
disable_remote_commands = no;
/*
* tkline_expire_notices: enables or disables temporary kline/xline
* expire notices.
*/
tkline_expire_notices = no;
/*
* default_floodcount: the default value of floodcount that is configurable
* via /quote set floodcount. This is the amount of lines a user
* may send to any other user/channel in one second.
*/
default_floodcount = 10;
/*
* failed_oper_notice: send a notice to all opers on the server when
* someone tries to OPER and uses the wrong password, host or ident.
*/
failed_oper_notice = yes;
/*
* dots_in_ident: the amount of '.' characters permitted in an ident
* reply before the user is rejected.
*/
dots_in_ident = 2;
/*
* dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts
* without a '.' in them. This will add one to the end. Only needed
* for older servers.
*/
dot_in_ip6_addr = no;
/*
* min_nonwildcard: the minimum non wildcard characters in k/d/g lines
* placed via the server. klines hand placed are exempt from limits.
* wildcard chars: '.' ':' '*' '?' '@' '!' '#'
*/
min_nonwildcard = 4;
/*
* min_nonwildcard_simple: the minimum non wildcard characters in
* gecos bans. wildcard chars: '*' '?' '#'
*/
min_nonwildcard_simple = 3;
/* max_accept: maximum allowed /accept's for +g usermode */
max_accept = 20;
/* anti_nick_flood: enable the nickflood control code */
anti_nick_flood = yes;
/* nick flood: the nick changes allowed in the specified period */
max_nick_time = 20 seconds;
max_nick_changes = 5;
/*
* anti_spam_exit_message_time: the minimum time a user must be connected
* before custom quit messages are allowed.
*/
anti_spam_exit_message_time = 5 minutes;
/*
* ts delta: the time delta allowed between server clocks before
* a warning is given, or before the link is dropped. all servers
* should run ntpdate/rdate to keep clocks in sync
*/
ts_warn_delta = 30 seconds;
ts_max_delta = 5 minutes;
/*
* kline_with_reason: show the user the reason why they are k/d/glined
* on exit. May give away who set k/dline when set via tcm.
*/
kline_with_reason = yes;
/*
* kline_reason: show this message to users on channel
* instead of the oper reason.
*/
kline_reason = "Connection closed";
/*
* reject_hold_time: wait this amount of time before disconnecting
* a rejected client. Use 0 to disable.
*/
reject_hold_time = 0;
/*
* warn_no_nline: warn opers about servers that try to connect but
* we don't have a connect {} block for. Twits with misconfigured
* servers can get really annoying with this enabled.
*/
warn_no_nline = yes;
/*
* stats_e_disabled: set this to 'yes' to disable "STATS e" for both
* operators and administrators. Doing so is a good idea in case
* there are any exempted (exempt{}) server IPs you don't want to
* see leaked.
*/
stats_e_disabled = no;
/* stats_o_oper only: make stats o (opers) oper only */
stats_o_oper_only = yes;
/* stats_P_oper_only: make stats P (ports) oper only */
stats_P_oper_only = yes;
/*
* stats i oper only: make stats i (auth {}) oper only. set to:
* yes: show users no auth blocks, made oper only.
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_i_oper_only = yes;
/*
* stats_k_oper_only: make stats k/K (klines) oper only. set to:
* yes: show users no auth blocks, made oper only
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_k_oper_only = yes;
/*
* caller_id_wait: time between notifying a +g user that somebody
* is messaging them.
*/
caller_id_wait = 1 minute;
/*
* opers_bypass_callerid: allows operators to bypass +g and message
* anyone who has it set (useful if you use services).
*/
opers_bypass_callerid = no;
/*
* pace_wait_simple: time between use of less intensive commands
* (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
*/
pace_wait_simple = 1 second;
/*
* pace_wait: time between more intensive commands
* (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
*/
pace_wait = 10 seconds;
/*
* short_motd: send clients a notice telling them to read the motd
* instead of forcing a motd to clients who may simply ignore it.
*/
short_motd = no;
/*
* ping_cookie: require clients to respond exactly to a ping command,
* can help block certain types of drones and FTP PASV mode spoofing.
*/
ping_cookie = no;
/* no_oper_flood: increase flood limits for opers. */
no_oper_flood = yes;
/*
* true_no_oper_flood: completely eliminate flood limits for opers
* and for clients with can_flood = yes in their auth {} blocks
*/
true_no_oper_flood = yes;
/* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
oper_pass_resv = yes;
/*
* idletime: the maximum amount of time a user may idle before
* they are disconnected
*/
idletime = 0;
/* REMOVE ME. The following line checks you've been reading. */
#havent_read_conf = 1;
/*
* max_targets: the maximum amount of targets in a single
* PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
*/
max_targets = 4;
/*
* client_flood: maximum amount of data in a clients queue before
* they are dropped for flooding.
*/
client_flood = 2560 bytes;
/*
* message_locale: the default message locale
* Use "standard" for the compiled in defaults.
* To install the translated messages, go into messages/ in the
* source directory and run `make install'.
*/
message_locale = "standard";
/*
* usermodes configurable: a list of usermodes for the options below
*
* +b - bots - See bot and drone flooding notices
* +c - cconn - Client connection/quit notices
* +D - deaf - Don't receive channel messages
* +d - debug - See debugging notices
* +f - full - See I: line full notices
* +G - softcallerid - Server Side Ignore for users not on your channels
* +g - callerid - Server Side Ignore (for privmsgs etc)
* +i - invisible - Not shown in NAMES or WHO unless you share a
* a channel
* +k - skill - See server generated KILL messages
* +l - locops - See LOCOPS messages
* +n - nchange - See client nick changes
* +r - rej - See rejected client notices
* +s - servnotice - See general server notices
* +u - unauth - See unauthorized client notices
* +w - wallop - See server generated WALLOPS
* +x - external - See remote server connection and split notices
* +y - spy - See LINKS, STATS, TRACE notices etc.
* +z - operwall - See oper generated WALLOPS
*/
/* oper_only_umodes: usermodes only opers may set */
oper_only_umodes = bots, cconn, debug, full, skill, nchange,
rej, spy, external, operwall, locops, unauth;
/* oper_umodes: default usermodes opers get when they /oper */
oper_umodes = bots, locops, servnotice, operwall, wallop;
/*
* servlink_path: path to 'servlink' program used by ircd to handle
* encrypted/compressed server <-> server links.
*
* only define if servlink is not in same directory as ircd itself.
*/
#servlink_path = "/usr/local/ircd/bin/servlink";
/*
* default_cipher_preference: default cipher to use for cryptlink when none is
* specified in connect block.
*/
#default_cipher_preference = "BF/168";
/*
* use_egd: if your system does not have *random devices yet you
* want to use OpenSSL and encrypted links, enable this. Beware -
* EGD is *very* CPU intensive when gathering data for its pool
*/
# use_egd = yes;
/*
* egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
* which automatically finds the path.
*/
# egdpool_path = "/run/egd-pool";
/*
* compression_level: level of compression for compressed links between
* servers.
*
* values are between: 1 (least compression, fastest)
* and: 9 (most compression, slowest).
*/
# compression_level = 6;
/*
* throttle_time: the minimum amount of time between connections from
* the same ip. exempt {} blocks are excluded from this throttling.
* Offers protection against flooders who reconnect quickly.
* Set to 0 to disable.
*/
throttle_time = 10;
};
glines {
/* enable: enable glines, network wide temp klines */
enable = yes;
/*
* duration: the amount of time a gline will remain on your
* server before expiring
*/
duration = 1 day;
/*
* logging: which types of rules you want to log when triggered
* (choose reject or block)
*/
logging = reject, block;
/*
* NOTE: gline ACLs can cause a desync of glines throughout the
* network, meaning some servers may have a gline triggered, and
* others may not. Also, you only need insert rules for glines
* that you want to block and/or reject. If you want to accept and
* propagate the gline, do NOT put a rule for it.
*/
/* user@host for rule to apply to */
user = "god@I.still.hate.packets";
/* server for rule to apply to */
name = "hades.arpa";
/*
* action: action to take when a matching gline is found. options are:
* reject - do not apply the gline locally
* block - do not propagate the gline
*/
action = reject, block;
user = "god@*";
name = "*";
action = block;
};
|