SHARE
TWEET

Untitled

a guest May 28th, 2012 76 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /* doc/example.conf - ircd-hybrid-7 Example configuration file
  2.  * Copyright (C) 2000-2006 Hybrid Development Team
  3.  *
  4.  * Written by ejb, wcampbel, db, leeh and others
  5.  * Other example configurations can be found in the source dir under
  6.  * etc/.
  7.  *
  8.  * $Id: example.conf 853 2007-02-22 06:01:30Z db $
  9.  */
  10.  
  11. /* IMPORTANT NOTES:
  12.  *
  13.  * auth {} blocks MUST be specified in order of precedence.  The first one
  14.  * that matches a user will be used.  So place spoofs first, then specials,
  15.  * then general access.
  16.  *
  17.  * Shell style (#), C++ style (//) and C style comments are supported.
  18.  *
  19.  * Files may be included by either:
  20.  *        .include "filename"
  21.  *        .include <filename>
  22.  *
  23.  * Times/durations are written as:
  24.  *        12 hours 30 minutes 1 second
  25.  *        
  26.  * Valid units of time:
  27.  *        month, week, day, hour, minute, second
  28.  *
  29.  * Valid units of size:
  30.  *        megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
  31.  *
  32.  * Sizes and times may be singular or plural.  
  33.  */
  34.  
  35. /* EFNET NOTE:
  36.  *
  37.  * This config file is NOT suitable for EFNet.  EFNet admins should use
  38.  * example.efnet.conf
  39.  */
  40.  
  41. /*
  42.  * serverinfo {}:  contains information about the server. (OLD M:)
  43.  */
  44. serverinfo {
  45.         /*
  46.          * name: the name of our server.  This cannot be changed at runtime.
  47.          */
  48.        
  49.         name = "dctalk.no-ip.info";
  50.         /*
  51.          * sid: a server's unique ID.  This is three characters long and must
  52.          * be in the form [0-9][A-Z0-9][A-Z0-9].  The first character must be
  53.          * a digit, followed by 2 alpha-numerical letters.
  54.          * NOTE: The letters must be capitalized.  This cannot be changed at runtime.
  55.          */
  56.         sid = "6DA";
  57.  
  58.         /*
  59.          * description: the description of the server.  '[' and ']' may not
  60.          * be used here for compatibility with older servers.
  61.          */
  62.         description = "Dreamcast 4x4 Evo server";
  63.  
  64.         /*
  65.          * network info: the name and description of the network this server
  66.          * is on.  Shown in the 005 reply and used with serverhiding.
  67.          */
  68.         network_name = "Revo";
  69.         network_desc = "Dreamcast 4x4 Revolution";
  70.  
  71.         /*
  72.          * hub: allow this server to act as a hub and have multiple servers
  73.          * connected to it.  This may not be changed if there are active
  74.          * LazyLink servers.
  75.          */
  76.         hub = yes;
  77.  
  78.         /*
  79.          * vhost: the IP to bind to when we connect outward to ipv4 servers.
  80.          * This should be an ipv4 IP only, or "* for INADDR_ANY.
  81.          */
  82.         #vhost = "192.169.0.1";
  83.  
  84.         /*
  85.          * vhost6: the IP to bind to when we connect outward to ipv6 servers.
  86.          * This should be an ipv6 IP only, or "* for INADDR_ANY.
  87.          */
  88.         #vhost6 = "3ffe:80e8:546::2";
  89.  
  90.         /* max_clients: the maximum number of clients allowed to connect */
  91.         max_clients = 512;
  92.  
  93.         /*
  94.          * rsa key: the path to the file containing our rsa key for cryptlink.
  95.          *
  96.          * Example command to store a 2048 bit RSA keypair in
  97.          * rsa.key, and the public key in rsa.pub:
  98.          *
  99.          *      openssl genrsa -out rsa.key 2048
  100.          *      openssl rsa -in rsa.key -pubout -out rsa.pub
  101.          *      chown <ircd-user>.<ircd.group> rsa.key rsa.pub
  102.          *      chmod 0600 rsa.key
  103.          *      chmod 0644 rsa.pub
  104.          */
  105.         rsa_private_key_file = "/home/cyfi/evoircd/etc/rsa.key";
  106.  
  107.         /*
  108.          * ssl certificate: the path to the file containing our ssl certificate
  109.          * for encrypted client connection.
  110.          *
  111.          * This assumes your private RSA key is stored in rsa.key. You
  112.          * MUST have an RSA key in order to generate the certificate
  113.          *
  114.          *      openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
  115.          *
  116.          * See http://www.openssl.org/docs/HOWTO/certificates.txt
  117.          *
  118.          * Please use the following values when generating the cert
  119.          *
  120.          *      Organization Name: Network Name
  121.          *      Organization Unit Name: changme.someirc.net
  122.          *      Common Name: irc.someirc.net
  123.          *      E-mail: you@domain.com
  124.          */
  125.         ssl_certificate_file = "/home/cyfi/evoircd/ssl/cert.pem";
  126. };
  127.  
  128. /*
  129.  * admin {}:  contains admin information about the server. (OLD A:)
  130.  */
  131. admin {
  132.         name = "someone";
  133.         description = "Main Server Administrator";
  134.         email = "<someone@hostname.com>";
  135. };
  136.  
  137. /*
  138.  * log {}:  contains information about logfiles.
  139.  */
  140. log {
  141.         /* Do you want to enable logging to ircd.log? */
  142.         use_logging = yes;
  143.  
  144.         /*
  145.          * logfiles: the logfiles to use for user connects, /oper uses,
  146.          * and failed /oper.  These files must exist for logging to be used.
  147.          */
  148.         fname_userlog = "logs/userlog";
  149.         fname_operlog = "logs/operlog";
  150.         fname_killlog = "logs/kill";
  151.         fname_klinelog = "logs/kline";
  152.         fname_glinelog = "logs/gline";
  153.  
  154.         /*
  155.          * log_level: the amount of detail to log in ircd.log.  The
  156.          * higher, the more information is logged.  May be changed
  157.          * once the server is running via /quote SET LOG.  Either:
  158.          * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
  159.          */
  160.         log_level = L_INFO;
  161. };
  162.  
  163. /*
  164.  * class {}:  contains information about classes for users (OLD Y:)
  165.  */
  166. class {
  167.         /* name: the name of the class.  classes are text now */
  168.         name = "users";
  169.  
  170.         /*
  171.          * ping_time: how often a client must reply to a PING from the
  172.          * server before they are dropped.
  173.          */
  174.         ping_time = 290 seconds;
  175.  
  176.         /*
  177.          * number_per_ip: how many local users are allowed to connect
  178.          * from one IP  (optional)
  179.          */
  180.         number_per_ip = 560;
  181.  
  182.         /*
  183.          * max_local: how many local users are allowed to connect
  184.          * from one ident@host  (optional)
  185.          */
  186.         max_local = 560;
  187.  
  188.         /*
  189.          * max_global: network-wide limit of users per ident@host  (optional)
  190.          */
  191.         max_global = 5110;
  192.  
  193.         /*
  194.          * max_number: the maximum number of users allowed in this class (optional)
  195.          */
  196.         max_number = 5200;
  197.  
  198.         /*
  199.          * the following lines are optional and allow you to define
  200.          * how many users can connect from one /NN subnet
  201.          */
  202.         //cidr_bitlen_ipv4 = 24;
  203.         //cidr_bitlen_ipv6 = 120;
  204.         //number_per_cidr = 16;
  205.  
  206.         /*
  207.          * sendq: the amount of data allowed in a clients queue before
  208.          * they are dropped.
  209.          */
  210.         sendq = 1 megabytes;
  211. };
  212.  
  213. class {
  214.         name = "opers";
  215.         ping_time = 490 seconds;
  216.         number_per_ip = 30;
  217.         max_number = 6000;
  218.         sendq =  2 megabytes;
  219. };
  220.  
  221. class {
  222.         name = "server";
  223.         ping_time = 190 seconds;
  224.  
  225.         /*
  226.          * ping_warning: how fast a server must reply to a PING before
  227.          * a warning to opers is generated.
  228.          */
  229.         ping_warning = 45 seconds;
  230.  
  231.         /*
  232.          * connectfreq: only used in server classes.  Specifies the delay
  233.          * between autoconnecting to servers.
  234.          */
  235.         connectfreq = 15 minutes;
  236.  
  237.         /* max number: the amount of servers to autoconnect to */
  238.         max_number = 1;
  239.  
  240.         /* sendq: servers need a higher sendq as they send more data */
  241.         sendq = 5 megabytes;
  242. };
  243.  
  244. /*
  245.  * listen {}:  contains information about the ports ircd listens on (OLD P:)
  246.  */
  247. listen {
  248.  
  249.         port = 6667;
  250. };
  251.  
  252. /*
  253.  * auth {}:  allow users to connect to the ircd (OLD I:)
  254.  */
  255.      
  256. auth {
  257.         /*
  258.          * user: the user@host allowed to connect.  Multiple IPv4/IPv6 user
  259.          * lines are permitted per auth block.
  260.          */
  261.         user = "*@127.0.0.1";
  262.        
  263.  
  264.         /* password: an optional password that is required to use this block */
  265.        
  266.  
  267.         /*
  268.          * encrypted: controls whether the auth password above has been
  269.          * encrypted.
  270.          */
  271.         //encrypted = no;
  272.  
  273.         /*
  274.          * spoof: fake the users host to this.  This is free-form,
  275.          * just do everyone a favor and don't abuse it. ('=' prefix on /stats I)
  276.          */
  277.         spoof = "local.host";
  278.  
  279.         /* class: the class the user is placed in */
  280.         class = "users";
  281.  
  282.         /*
  283.          * need_password: don't allow users who haven't supplied the correct
  284.          *                password to connect using another auth{} block
  285.          *                ('&' prefix on /stats I if disabled)
  286.          * need_ident:    require the user to have identd to connect ('+' prefix on /stats I)
  287.          * spoof_notice:  enable spoofing notification to admins
  288.          * exceed_limit:  allow a user to exceed class limits ('>' prefix on /stats I)
  289.          * kline_exempt:  exempt this user from k/glines ('^' prefix on /stats I)
  290.          * gline_exempt:  exempt this user from glines ('_' prefix on /stats I)
  291.          * resv_exempt:   exempt this user from resvs ('$' prefix on /stats I)
  292.          * no_tilde:      remove ~ from a user with no ident ('-' prefix on /stats I)
  293.          * can_flood:     allow this user to exceed flood limits ('|' prefix on /stats I)
  294.          * can_idle:      exempt this user from idle restrictions ('<' prefix on /stats I)
  295.          */
  296.          can_flood = yes;
  297.          flags = no_tilde, can_idle;   
  298.     //flags = need_password, spoof_notice, exceed_limit, kline_exempt,
  299.    //           gline_exempt, resv_exempt, no_tilde, can_flood, can_idle;
  300. };
  301.  
  302.  
  303. auth {
  304.      user = "*@*";
  305.      class = "users";
  306.      flags = can_idle, no_tilde, can_flood;
  307. };
  308.  
  309.  
  310. /*
  311.  * operator {}:  defines ircd operators. (OLD O:)
  312.  *
  313.  * ircd-hybrid no longer supports local operators, privileges are
  314.  * controlled via flags.
  315.  */
  316.  
  317.  
  318.  
  319. operator {
  320.         /* name: the name of the oper */
  321.         /* NOTE: operator "opername"{} is also supported */
  322.         name = "god";
  323.  
  324.         /*
  325.          * user: the user@host required for this operator.  CIDR is not
  326.          * supported.  Multiple user="" lines are supported.
  327.          */
  328.         user = "*@*";
  329.         user = "*@127.0.0.1";
  330.  
  331.         /*
  332.          * password: the password required to oper.  By default this will
  333.          * need to be encrypted using 'mkpasswd'.  MD5 is supported.
  334.          */
  335.         password = "c55Ext.bPlQ8g";
  336.  
  337.         /*
  338.          * encrypted: controls whether the oper password above has been
  339.          * encrypted.  (OLD CRYPT_OPER_PASSWORD now optional per operator)
  340.          */
  341.         encrypted = yes;
  342.  
  343.         /*
  344.          * rsa_public_key_file: the public key for this oper when using Challenge.
  345.          * A password should not be defined when this is used, see
  346.          * doc/challenge.txt for more information.
  347.          */
  348. #       rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
  349.  
  350.         /* class: the class the oper joins when they successfully /oper */
  351.         class = "opers";
  352.  
  353.         /*
  354.          * umodes: default usermodes opers get when they /oper.  If defined,
  355.          * it will override oper_umodes settings in general {}.
  356.          * Available usermodes:
  357.          *
  358.          * +b - bots         - See bot and drone flooding notices
  359.          * +c - cconn        - Client connection/quit notices
  360.          * +D - deaf         - Don't receive channel messages
  361.          * +d - debug        - See debugging notices
  362.          * +f - full         - See I: line full notices
  363.          * +G - softcallerid - Server Side Ignore for users not on your channels
  364.          * +g - callerid     - Server Side Ignore (for privmsgs etc)
  365.          * +i - invisible    - Not shown in NAMES or WHO unless you share a
  366.          *                     a channel
  367.          * +k - skill        - See server generated KILL messages
  368.          * +l - locops       - See LOCOPS messages
  369.          * +n - nchange      - See client nick changes
  370.          * +r - rej          - See rejected client notices
  371.          * +s - servnotice   - See general server notices
  372.          * +u - unauth       - See unauthorized client notices
  373.          * +w - wallop       - See server generated WALLOPS
  374.          * +x - external     - See remote server connection and split notices
  375.          * +y - spy          - See LINKS, STATS, TRACE notices etc.
  376.          * +z - operwall     - See oper generated WALLOPS
  377.          */
  378.         umodes = locops, servnotice, operwall, wallop, cconn, debug, full, invisible, skill, nchange, rej, unauth, external, spy, callerid, softcallerid, bots;
  379.  
  380.         /*
  381.          * privileges: controls the activities and commands an oper is
  382.          * allowed to do on the server.  All options default to no.
  383.          * Available options:
  384.          *
  385.          * global_kill:  allows remote users to be /KILL'd (OLD 'O' flag)
  386.          * remote:       allows remote SQUIT and CONNECT   (OLD 'R' flag)
  387.          * remoteban:    allows remote KLINE/UNKLINE
  388.          * kline:        allows KILL, KLINE and DLINE      (OLD 'K' flag)
  389.          * unkline:      allows UNKLINE and UNDLINE        (OLD 'U' flag)
  390.          * gline:        allows GLINE                      (OLD 'G' flag)
  391.          * xline:         allows XLINE                     (OLD 'X' flag)
  392.          * operwall:     allows OPERWALL
  393.          * nick_changes: allows oper to see nickchanges    (OLD 'N' flag)
  394.          *               via usermode +n
  395.          * rehash:       allows oper to REHASH config      (OLD 'H' flag)
  396.          * die:          allows DIE and RESTART            (OLD 'D' flag)
  397.          * admin:        gives admin privileges.  admins
  398.          *               may (un)load modules and see the
  399.          *               real IPs of servers.
  400.          * hidden_admin: same as 'admin', but noone can recognize you as
  401.          *               being an admin
  402.          * hidden_oper:  not shown in /stats p (except for other operators)
  403.          */
  404.         /* You can either use
  405.          *die = yes;
  406.          * rehash = yes;
  407.          *
  408.          * or in a flags statement i.e.
  409.          * flags = die, rehash;
  410.          *
  411.          * You can also negate a flag with ~ i.e.
  412.          * flags = ~remote;
  413.          *
  414.          */
  415.         flags = global_kill, remote, kline, unkline, xline, gline,
  416.                 die, rehash, nick_changes, admin, operwall, remoteban;
  417. };
  418.  
  419. /*
  420.  * connect {}:  controls servers we connect to (OLD C:, N:, H:, L:)
  421.  */
  422. connect {
  423.         /* name: the name of the server */
  424.         name = "mindboggle.us";
  425.  
  426.         /*
  427.          * host: the host or IP to connect to.  If a hostname is used it
  428.          * must match the reverse dns of the server.
  429.          */
  430.         host = "173.168.112.63";
  431.  
  432.         /*
  433.          * vhost: the IP to bind to when we connect outward to servers.
  434.          * serverinfo::vhost and serverinfo::vhost6 will be overridden
  435.          * by this directive.
  436.          */
  437.        //       vhost = "192.168.0.2";
  438.  
  439.         /*
  440.          * passwords: the passwords we send (OLD C:) and accept (OLD N:).
  441.          * The remote server will have these passwords reversed.
  442.          */
  443.         send_password = "password123";
  444.         accept_password = "password123";
  445.  
  446.         /*
  447.          * encrypted: controls whether the accept_password above has been
  448.          * encrypted.  (OLD CRYPT_LINK_PASSWORD now optional per connect)
  449.          */
  450.         encrypted = no;
  451.  
  452.         /* port: the port to connect to this server on */
  453.         port = 6666;
  454.  
  455.         /*
  456.          * hub_mask: the mask of servers that this server may hub.  Multiple
  457.          * entries are permitted
  458.          */
  459.         hub_mask = "*";
  460.  
  461.         /*
  462.          * leaf_mask: the mask of servers this server may not hub.  Multiple
  463.          * entries are permitted.  Useful for forbidding EU -> US -> EU routes.
  464.          */
  465. #       leaf_mask = "*.uk";
  466.  
  467.         /* fakename: the servername we pretend to be when we connect */
  468. #       fakename = "*.arpa";
  469.  
  470.         /* class: the class this server is in */
  471.         class = "server";
  472.  
  473.         /*
  474.          * autoconn:    controls whether we autoconnect to this server or not,
  475.          *              dependent on class limits.  By default, this is disabled.
  476.          * compressed:  controls whether traffic is compressed via ziplinks.
  477.          *              By default, this is disabled
  478.          * lazylink:    controls whether this server is a LazyLink.  LazyLink
  479.          *              servers may NOT hub.  See doc/LazyLinks.txt
  480.          * cryptlink:   enable full encryption for all data passing between our
  481.          *              server and this link and rsa authentication.
  482.          * burst_away:  This will send the /away string that users have set
  483.          *              on the server burst.  Note this can be a lot of data
  484.          *              and slow down your server burst.
  485.          * topicburst:  Send topics to this server during channel burst.  Works
  486.          *              only if the server we are connecting to is capable
  487.          *              of TBURST/TB.
  488.          */
  489.         flags = autoconn, burst_away, topicburst;    
  490.  //     flags = autoconn, lazylink, compressed, cryptlink, burst_away, topicburst;
  491. };
  492.  
  493. connect {
  494.         name = "irc.steppin.org";
  495.         host = "75.106.237.80";
  496.         port = 6667;
  497.         send_password = "password123";
  498.         accept_password = "password123";
  499.         class = "server";
  500.         flags = burst_away, topicburst;
  501. };
  502.  
  503.  
  504.  
  505.  
  506. connect {
  507.         name = "encrypted.auth.example";
  508.         host = "some.host.somewhere";
  509.         port = 6667;
  510.  
  511.         flags = cryptlink;
  512.  
  513.         /*
  514.          * rsa_public_key_file: the path to the public keyfile of the server.
  515.          * Used instead of passwords.
  516.          */
  517.         rsa_public_key_file = "etc/remote.server.keyfile";
  518.  
  519.         /*
  520.          * cipher preference: set the preferred cipher for this link
  521.          *
  522.          * Available ciphers are:
  523.          *      BF/168 BF/128 CAST/128 IDEA/128 RC5.16/128
  524.          *      RC5.12/128 RC5.8/128 3DES/168 DES/56
  525.          *
  526.          * NOTE:  Some ciphers may not be supported by your OpenSSL.
  527.          *        Check the output from 'configure' for available ciphers.
  528.          *
  529.          * NOTE2: To help you decide what cipher to use, tools/encspeed
  530.          *        will show you approximately how fast each cipher is.
  531.          *        However, blowfish is fast and secure, and is probably
  532.          *        a good default for most situations.
  533.          *
  534.          * NOTE3: Default if none is set is BF/128
  535.          *
  536.          * The cipher *MUST* be the same in both directions.  If you
  537.          * set a cipher preference, your uplink must set the same cipher,
  538.          * else it will not link.
  539.          */
  540. #       cipher_preference = "BF/168";
  541. };
  542.  
  543. /*
  544.  * NOTE: Don't add an extra 'name=' entry if you use
  545.  * the connect "name"{} feature
  546.  */
  547. connect "ipv6.some.server" {
  548.         host = "3ffd:dead:beef::1";
  549.         send_password = "password";
  550.         accept_password = "password";
  551.         port = 6666;
  552.  
  553.         /*
  554.          * aftype: controls whether the connection uses "ipv4" or "ipv6".
  555.          * Default is ipv4.
  556.          */
  557.         aftype = ipv6;
  558.         class = "server";
  559. };
  560.  
  561. /*
  562.  * cluster {}:  servers that share klines/unkline/xline/unxline/resv/unresv/locops
  563.  * automatically (OLD hyb6 SLAVE_SERVERS)
  564.  */
  565. cluster {
  566.         /*
  567.          * name: the server to share with, this can take wildcards
  568.          *
  569.          * NOTE: only local actions will be clustered, meaning if
  570.          *       the server receives a shared kline/unkline/etc, it
  571.          *       will not be propagated to clustered servers.
  572.          *
  573.          *       Remote servers are not necessarily required to accept
  574.          *       clustered lines, they need a shared{} for *THIS* server
  575.          *       in order to accept them.
  576.          */
  577.         name = "*.arpa";
  578.  
  579.         /*
  580.          * type: list of what to share, options are as follows:
  581.          *      kline   - share klines
  582.          *      tkline  - share temporary klines
  583.          *      unkline - share unklines
  584.          *      xline   - share xlines
  585.          *      txline  - share temporary xlines
  586.          *      unxline - share unxlines
  587.          *      resv    - share resvs
  588.          *      tresv   - share temporary resvs
  589.          *      unresv  - share unresvs
  590.          *      locops  - share locops
  591.          *      all     - share all of the above (default)
  592.          */
  593.         type = kline, unkline, locops, xline, resv;
  594. };
  595.  
  596. /*
  597.  * shared {}: users that are allowed to remote kline (OLD U:)
  598.  *
  599.  * NOTE: This can be effectively used for remote klines.
  600.  *       Please note that there is no password authentication
  601.  *       for users setting remote klines.  You must also be
  602.  *       /oper'd in order to issue a remote kline.
  603.  */
  604. shared {
  605.         /*
  606.          * name: the server the user must be on to set klines.  If this is not
  607.          * specified, the user will be allowed to kline from all servers.
  608.          */
  609.         name = "irc2.some.server";
  610.  
  611.         /*
  612.          * user: the user@host mask that is allowed to set klines.  If this is
  613.          * not specified, all users on the server above will be allowed to set
  614.          * a remote kline.
  615.          */
  616.         user = "oper@my.host.is.spoofed";
  617.  
  618.         /*
  619.          * type: list of what to share, options are as follows:
  620.          *      kline   - allow oper/server to kline
  621.          *      tkline  - allow temporary klines
  622.          *      unkline - allow oper/server to unkline
  623.          *      xline   - allow oper/server to xline
  624.          *      txline  - allow temporary xlines
  625.          *      unxline - allow oper/server to unxline
  626.          *      resv    - allow oper/server to resv
  627.          *      tresv   - allow temporary resvs
  628.          *      unresv  - allow oper/server to unresv
  629.          *      locops  - allow oper/server to locops - only used for servers that cluster
  630.          *      all     - allow oper/server to do all of the above (default)
  631.          */
  632.         type = kline, unkline, resv;
  633. };
  634.  
  635. /*
  636.  * kill {}:  users that are not allowed to connect (OLD K:)
  637.  * Oper issued klines will be added to the specified kline config
  638.  */
  639. kill {
  640.         user = "bad@*.hacked.edu";
  641.         reason = "Obviously hacked account";
  642. };
  643.  
  644. kill {
  645.     user = "*@*.ch";
  646.     reason = "China can GTFO!";
  647.    };
  648. kill {
  649.    user = "*@*.tw";
  650.    reason = "Tiawan can GTFO!";
  651. };
  652. kill {
  653.         user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$";
  654.         type = regex;
  655. };
  656.  
  657. /*
  658.  * deny {}:  IPs that are not allowed to connect (before DNS/ident lookup)
  659.  * Oper issued dlines will be added to the specified dline config
  660.  */
  661. deny {
  662.         ip = "172.0.1.0/24";
  663.         reason = "Reconnecting vhosted bots";
  664. };
  665.  
  666. /*
  667.  * exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:)
  668.  */
  669. exempt {
  670.         ip = "10.1.0.0/16";
  671. };
  672.  
  673. /*
  674.  * resv {}:  nicks and channels users may not use/join (OLD Q:)
  675.  */
  676. resv {
  677.         /* reason: the reason for the proceeding resv's */
  678.         reason = "There are no services on this network";
  679.  
  680.         /* resv: the nicks and channels users may not join/use */
  681.         nick = "nickserv";
  682.         nick = "chanserv";
  683.         channel = "#services";
  684.  
  685.         /* resv: wildcard masks are also supported in nicks only */
  686.         reason = "Clone bots";
  687.         nick = "clone*";
  688. };
  689.  
  690. /*
  691.  * gecos {}:  The X: replacement, used for banning users based on
  692.  * their "realname".
  693.  */
  694. gecos {
  695.         name = "*sex*";
  696.         reason = "Possible spambot";
  697. };
  698.  
  699. gecos {
  700.         name = "Admin";
  701.         reason = "You're not the admin, GTFO!";
  702. };
  703.  
  704. gecos {
  705.         name = "*.com";
  706.         reason = "Spam your mom, and GTFO!";
  707. };
  708.  
  709. gecos {
  710.         name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
  711.         type = regex;
  712. };
  713.  
  714. /*
  715.  * channel {}:  The channel block contains options pertaining to channels
  716.  */
  717. channel {
  718.         /*
  719.          * disable_fake_channels: this option, if set to 'yes', will
  720.          * disallow clients to create or join channels that have one
  721.          * of the following ASCII characters in their name:
  722.          *
  723.          *   2 | bold
  724.          *   3 | mirc color
  725.          *  15 | plain text
  726.          *  22 | reverse
  727.          *  31 | underline
  728.          * 160 | non-breaking space
  729.          */
  730.         disable_fake_channels = no;
  731.  
  732.         /*
  733.          * restrict_channels: reverse channel RESVs logic, only reserved
  734.          * channels are allowed
  735.          */
  736.         restrict_channels = no;
  737.  
  738.         /*
  739.          * disable_local_channels: prevent users from joining &channels.
  740.          */
  741.         disable_local_channels = no;
  742.  
  743.         /*
  744.          * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
  745.          * that can join a +i channel without an invite.
  746.          */
  747.         use_invex = yes;
  748.  
  749.         /*
  750.          * use_except: Enable/disable channel mode +e, a n!u@h list of masks
  751.          * that can join a channel through a ban (+b).
  752.          */
  753.         use_except = yes;
  754.  
  755.         /*
  756.          * use_knock: Allows users to request an invite to a channel that
  757.          * is locked somehow (+ikl).  If the channel is +p or you are banned
  758.          * the knock will not be sent.
  759.          */
  760.         use_knock = yes;
  761.  
  762.         /*
  763.          * knock_delay: The amount of time a user must wait between issuing
  764.          * the knock command.
  765.          */
  766.         knock_delay = 1 minutes;
  767.  
  768.         /*
  769.          * knock_delay_channel: How often a knock to any specific channel
  770.          * is permitted, regardless of the user sending the knock.
  771.          */
  772.         knock_delay_channel = 1 minute;
  773.  
  774.         /*
  775.          * burst_topicwho: enable sending of who set topic on topicburst
  776.          * default is yes
  777.          */
  778.         burst_topicwho = yes;
  779.  
  780.         /*
  781.          * max_chans_per_user: The maximum number of channels a user can
  782.          * join/be on.
  783.          */
  784.         max_chans_per_user = 25;
  785.  
  786.         /* quiet_on_ban: stop banned people talking in channels. */
  787.         quiet_on_ban = yes;
  788.  
  789.         /* max_bans: maximum number of +b/e/I modes in a channel */
  790.         max_bans = 150;
  791.  
  792.         /*
  793.          * how many joins in how many seconds constitute a flood, use 0 to
  794.          * disable. +b opers will be notified (changeable via /set)
  795.          */
  796.         join_flood_count = 4;
  797.         join_flood_time = 8 seconds;
  798.  
  799.         /*
  800.          * splitcode: The ircd will now check splitmode every few seconds.
  801.          *
  802.          * Either split users or split servers can activate splitmode, but
  803.          * both conditions must be met for the ircd to deactivate splitmode.
  804.          *
  805.          * You may force splitmode to be permanent by /quote set splitmode on
  806.          */
  807.  
  808.         /*
  809.          * default_split_user_count: when the usercount is lower than this level,
  810.          * consider ourselves split.  This must be set for automatic splitmode.
  811.          */
  812.         default_split_user_count = 0;
  813.  
  814.         /*
  815.          * default_split_server_count: when the servercount is lower than this,
  816.          * consider ourselves split.  This must be set for automatic splitmode.
  817.          */
  818.         default_split_server_count = 0;
  819.  
  820.         /* split no create: disallow users creating channels on split. */
  821.         no_create_on_split = no;
  822.  
  823.         /* split: no join: disallow users joining channels at all on a split */
  824.         no_join_on_split = no;
  825. };
  826.  
  827. /*
  828.  * serverhide {}:  The serverhide block contains the options regarding
  829.  * serverhiding
  830.  */
  831. serverhide {
  832.         /*
  833.          * flatten_links: this option will show all servers in /links appear
  834.          * that they are linked to this current server
  835.          */
  836.         flatten_links = no;
  837.  
  838.         /*
  839.          * links_delay: how often to update the links file when it is
  840.          * flattened.
  841.          */
  842.         links_delay = 5 minutes;
  843.  
  844.         /*
  845.          * hidden: hide this server from a /links output on servers that
  846.          * support it.  This allows hub servers to be hidden etc.
  847.          */
  848.         hidden = no;
  849.  
  850.         /*
  851.          * disable_hidden: prevent servers hiding themselves from a
  852.          * /links output.
  853.          */
  854.         disable_hidden = yes;
  855.  
  856.         /*
  857.          * hide_servers: hide remote servernames everywhere and instead use
  858.          * hidden_name and network_desc.
  859.          */
  860.         hide_servers = no;
  861.  
  862.         /*
  863.          * Use this as the servername users see if hide_servers = yes.
  864.          */
  865.         hidden_name = "*.hidden.ircd";
  866.  
  867.         /*
  868.          * hide_server_ips: If this is disabled, opers will be unable to see servers
  869.          * ips and will be shown a masked ip, admins will be shown the real ip.
  870.          *
  871.          * If this is enabled, nobody can see a servers ip.  *This is a kludge*, it
  872.          * has the side effect of hiding the ips everywhere, including logfiles.
  873.          *
  874.          * We recommend you leave this disabled, and just take care with who you
  875.          * give admin=yes; to.
  876.          */
  877.         hide_server_ips = no;
  878. };
  879.  
  880. /*
  881.  * general {}:  The general block contains many of the options that were once
  882.  * compiled in options in config.h.  The general block is read at start time.
  883.  */
  884. general {
  885.         /*
  886.          * gline_min_cidr: the minimum required length of a CIDR bitmask
  887.          * for IPv4 based glines
  888.          */
  889.         gline_min_cidr = 16;
  890.  
  891.         /*
  892.          * gline_min_cidr6: the minimum required length of a CIDR bitmask
  893.          * for IPv6 based glines
  894.          */
  895.         gline_min_cidr6 = 48;
  896.  
  897.         /*
  898.          * Whether to automatically set mode +i on connecting users.
  899.          */
  900.         invisible_on_connect = yes;
  901.  
  902.         /*
  903.          * If you don't explicitly specify burst_away in your connect blocks, then
  904.          * they will default to the burst_away value below.
  905.          */
  906.         burst_away = yes;
  907.  
  908.         /*
  909.          * Show "actually using host <ip>" on /whois when possible.
  910.          */
  911.         use_whois_actually = yes;
  912.  
  913.         /*
  914.          * Max time from the nickname change that still causes KILL
  915.          * automatically to switch for the current nick of that user. (seconds)
  916.          */
  917.         kill_chase_time_limit = 90;
  918.  
  919.         /*
  920.          * If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed
  921.          * users in /trace etc.  If this is defined they will be shown a masked IP.
  922.          */
  923.         hide_spoof_ips = no;
  924.  
  925.         /*
  926.          * Ignore bogus timestamps from other servers.  Yes, this will desync
  927.          * the network, but it will allow chanops to resync with a valid non TS 0
  928.          *
  929.          * This should be enabled network wide, or not at all.
  930.          */
  931.         ignore_bogus_ts = yes;
  932.  
  933.         /*
  934.          * disable_auth: completely disable ident lookups; if you enable this,
  935.          * be careful of what you set need_ident to in your auth {} blocks
  936.          */
  937.         disable_auth = yes;
  938.  
  939.         /* disable_remote_commands: disable users doing commands on remote servers */
  940.         disable_remote_commands = no;
  941.  
  942.         /*
  943.          * tkline_expire_notices: enables or disables temporary kline/xline
  944.          * expire notices.
  945.          */
  946.         tkline_expire_notices = yes;
  947.  
  948.         /*
  949.          * default_floodcount: the default value of floodcount that is configurable
  950.          * via /quote set floodcount.  This is the amount of lines a user
  951.          * may send to any other user/channel in one second.
  952.          */
  953.         default_floodcount = 5000;
  954.  
  955.         /*
  956.          * failed_oper_notice: send a notice to all opers on the server when
  957.          * someone tries to OPER and uses the wrong password, host or ident.
  958.          */
  959.         failed_oper_notice = yes;
  960.  
  961.         /*
  962.          * dots_in_ident: the amount of '.' characters permitted in an ident
  963.          * reply before the user is rejected.
  964.          */
  965.         dots_in_ident = 2;
  966.  
  967.         /*
  968.          * dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts
  969.          * without a '.' in them.  This will add one to the end.  Only needed
  970.          * for older servers.
  971.          */
  972.         dot_in_ip6_addr = no;
  973.  
  974.         /*
  975.          * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
  976.          * placed via the server.  klines hand placed are exempt from limits.
  977.          * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
  978.          */
  979.         min_nonwildcard = 4;
  980.  
  981.         /*
  982.          * min_nonwildcard_simple: the minimum non wildcard characters in
  983.          * gecos bans.  wildcard chars: '*' '?' '#'
  984.          */
  985.         min_nonwildcard_simple = 3;
  986.  
  987.         /* max_accept: maximum allowed /accept's for +g usermode */
  988.         max_accept = 20;
  989.  
  990.         /* anti_nick_flood: enable the nickflood control code */
  991.         anti_nick_flood = yes;
  992.  
  993.         /* nick flood: the nick changes allowed in the specified period */
  994.         max_nick_time = 220 seconds;
  995.         max_nick_changes = 1;
  996.  
  997.         /*
  998.          * anti_spam_exit_message_time: the minimum time a user must be connected
  999.          * before custom quit messages are allowed.
  1000.          */
  1001.         anti_spam_exit_message_time = 5 minutes;
  1002.  
  1003.         /*
  1004.          * ts delta: the time delta allowed between server clocks before
  1005.          * a warning is given, or before the link is dropped.  all servers
  1006.          * should run ntpdate/rdate to keep clocks in sync
  1007.          */
  1008.         ts_warn_delta = 30 seconds;
  1009.         ts_max_delta = 5 minutes;
  1010.  
  1011.         /*
  1012.          * kline_with_reason: show the user the reason why they are k/d/glined
  1013.          * on exit.  May give away who set k/dline when set via tcm.
  1014.          */
  1015.         kline_with_reason = yes;
  1016.  
  1017.         /*
  1018.          * kline_reason: show this message to users on channel
  1019.          * instead of the oper reason.
  1020.          */
  1021.         kline_reason = "Connection closed, GTFO!";
  1022.  
  1023.         /*
  1024.          * reject_hold_time: wait this amount of time before disconnecting
  1025.          * a rejected client. Use 0 to disable.
  1026.          */
  1027.         reject_hold_time = 0;
  1028.  
  1029.         /*
  1030.          * warn_no_nline: warn opers about servers that try to connect but
  1031.          * we don't have a connect {} block for.  Twits with misconfigured
  1032.          * servers can get really annoying with this enabled.
  1033.          */
  1034.         warn_no_nline = yes;
  1035.  
  1036.         /*
  1037.          * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
  1038.          * operators and administrators.  Doing so is a good idea in case
  1039.          * there are any exempted (exempt{}) server IPs you don't want to
  1040.          * see leaked.
  1041.          */
  1042.         stats_e_disabled = no;
  1043.  
  1044.         /* stats_o_oper only: make stats o (opers) oper only */
  1045.         stats_o_oper_only = yes;
  1046.  
  1047.         /* stats_P_oper_only: make stats P (ports) oper only */
  1048.         stats_P_oper_only = yes;
  1049.  
  1050.         /*
  1051.          * stats i oper only: make stats i (auth {}) oper only. set to:
  1052.          *     yes:    show users no auth blocks, made oper only.
  1053.          *     masked: show users first matching auth block
  1054.          *     no:     show users all auth blocks.
  1055.          */
  1056.         stats_i_oper_only = yes;
  1057.  
  1058.         /*
  1059.          * stats_k_oper_only: make stats k/K (klines) oper only.  set to:
  1060.          *     yes:    show users no auth blocks, made oper only
  1061.          *     masked: show users first matching auth block
  1062.          *     no:     show users all auth blocks.
  1063.          */
  1064.         stats_k_oper_only = yes;
  1065.  
  1066.         /*
  1067.          * caller_id_wait: time between notifying a +g user that somebody
  1068.          * is messaging them.
  1069.          */
  1070.         caller_id_wait = 1 minute;
  1071.  
  1072.         /*
  1073.          * opers_bypass_callerid: allows operators to bypass +g and message
  1074.          * anyone who has it set (useful if you use services).
  1075.          */
  1076.         opers_bypass_callerid = yes;
  1077.  
  1078.         /*
  1079.          * pace_wait_simple: time between use of less intensive commands
  1080.          * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
  1081.          */
  1082.         pace_wait_simple = 1 second;
  1083.  
  1084.         /*
  1085.          * pace_wait: time between more intensive commands
  1086.          * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
  1087.          */
  1088.         pace_wait = 0 seconds;
  1089.  
  1090.         /*
  1091.          * short_motd: send clients a notice telling them to read the motd
  1092.          * instead of forcing a motd to clients who may simply ignore it.
  1093.          */
  1094.         short_motd = yes;
  1095.  
  1096.         /*
  1097.          * ping_cookie: require clients to respond exactly to a ping command,
  1098.          * can help block certain types of drones and FTP PASV mode spoofing.
  1099.          */
  1100.         ping_cookie = no;
  1101.  
  1102.         /* no_oper_flood: increase flood limits for opers. */
  1103.         no_oper_flood = yes;
  1104.  
  1105.         /*
  1106.          * true_no_oper_flood: completely eliminate flood limits for opers
  1107.          * and for clients with can_flood = yes in their auth {} blocks
  1108.          */
  1109.         true_no_oper_flood = yes;
  1110.  
  1111.         /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
  1112.         oper_pass_resv = yes;
  1113.  
  1114.         /*
  1115.          * idletime: the maximum amount of time a user may idle before
  1116.          * they are disconnected
  1117.          */
  1118.         idletime = 0;
  1119.  
  1120.         /* REMOVE ME.  The following line checks you've been reading. */
  1121.        
  1122.  
  1123.         /*
  1124.          * max_targets: the maximum amount of targets in a single
  1125.          * PRIVMSG/NOTICE.  Set to 999 NOT 0 for unlimited.
  1126.          */
  1127.         max_targets = 999;
  1128.  
  1129.         /*
  1130.          * client_flood: maximum amount of data in a clients queue before
  1131.          * they are dropped for flooding.
  1132.          */
  1133.         client_flood =  5 megabytes;
  1134.  
  1135.         /*
  1136.          * message_locale: the default message locale
  1137.          * Use "standard" for the compiled in defaults.
  1138.          * To install the translated messages, go into messages/ in the
  1139.          * source directory and run `make install'.
  1140.          */
  1141.         message_locale = "standard";
  1142.  
  1143.         /*
  1144.          * usermodes configurable: a list of usermodes for the options below
  1145.          *
  1146.          * +b - bots         - See bot and drone flooding notices
  1147.          * +c - cconn        - Client connection/quit notices
  1148.          * +D - deaf         - Don't receive channel messages
  1149.          * +d - debug        - See debugging notices
  1150.          * +f - full         - See I: line full notices
  1151.          * +G - softcallerid - Server Side Ignore for users not on your channels
  1152.          * +g - callerid     - Server Side Ignore (for privmsgs etc)
  1153.          * +i - invisible    - Not shown in NAMES or WHO unless you share a
  1154.          *                     a channel
  1155.          * +k - skill        - See server generated KILL messages
  1156.          * +l - locops       - See LOCOPS messages
  1157.          * +n - nchange      - See client nick changes
  1158.          * +r - rej          - See rejected client notices
  1159.          * +s - servnotice   - See general server notices
  1160.          * +u - unauth       - See unauthorized client notices
  1161.          * +w - wallop       - See server generated WALLOPS
  1162.          * +x - external     - See remote server connection and split notices
  1163.          * +y - spy          - See LINKS, STATS, TRACE notices etc.
  1164.          * +z - operwall     - See oper generated WALLOPS
  1165.          */
  1166.  
  1167.         /* oper_only_umodes: usermodes only opers may set */
  1168.         oper_only_umodes = bots, cconn, cconn_full, debug, full, skill,
  1169.                            nchange, rej, spy, external, operwall,
  1170.                            locops, unauth;
  1171.  
  1172.         /* oper_umodes: default usermodes opers get when they /oper */
  1173.         oper_umodes = bots, locops, servnotice, operwall, wallop, deaf, callerid, invisible, external, softcallerid, cconn, cconn_full, debug, full, skill, nchange, rej, spy, external, unauth;
  1174.  
  1175.         /*
  1176.          * servlink_path: path to 'servlink' program used by ircd to handle
  1177.          * encrypted/compressed server <-> server links.
  1178.          *
  1179.          * only define if servlink is not in same directory as ircd itself.
  1180.          */
  1181.         #servlink_path = "/usr/local/ircd/bin/servlink";
  1182.  
  1183.         /*
  1184.          * default_cipher_preference: default cipher to use for cryptlink when none is
  1185.          * specified in connect block.
  1186.          */
  1187.         #default_cipher_preference = "BF/168";
  1188.  
  1189.         /*
  1190.          * use_egd: if your system does not have *random devices yet you
  1191.          * want to use OpenSSL and encrypted links, enable this.  Beware -
  1192.          * EGD is *very* CPU intensive when gathering data for its pool
  1193.          */
  1194. #       use_egd = yes;
  1195.  
  1196.         /*
  1197.          * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
  1198.          * which automatically finds the path.
  1199.          */
  1200. #       egdpool_path = "/var/run/egd-pool";
  1201.  
  1202.  
  1203.         /*
  1204.          * compression_level: level of compression for compressed links between
  1205.          * servers.  
  1206.          *
  1207.          * values are between: 1 (least compression, fastest)
  1208.          *                and: 9 (most compression, slowest).
  1209.          */
  1210. #       compression_level = 6;
  1211.  
  1212.         /*
  1213.          * throttle_time: the minimum amount of time between connections from
  1214.          * the same ip.  exempt {} blocks are excluded from this throttling.
  1215.          * Offers protection against flooders who reconnect quickly.  
  1216.          * Set to 0 to disable.
  1217.          */
  1218.         throttle_time = 0;
  1219. };
  1220.  
  1221. glines {
  1222.         /* enable: enable glines, network wide temp klines */
  1223.         enable = yes;
  1224.  
  1225.         /*
  1226.          * duration: the amount of time a gline will remain on your
  1227.          * server before expiring
  1228.          */
  1229.         duration = 1 day;
  1230.  
  1231.         /*
  1232.          * logging: which types of rules you want to log when triggered
  1233.          * (choose reject or block)
  1234.          */
  1235.         logging = reject, block;
  1236.  
  1237.         /*
  1238.          * NOTE: gline ACLs can cause a desync of glines throughout the
  1239.          * network, meaning some servers may have a gline triggered, and
  1240.          * others may not. Also, you only need insert rules for glines
  1241.          * that you want to block and/or reject. If you want to accept and
  1242.          * propagate the gline, do NOT put a rule for it.
  1243.          */
  1244.  
  1245.         /* user@host for rule to apply to */
  1246.         user = "god@I.still.hate.packets";
  1247.         /* server for rule to apply to */
  1248.         name = "dns.marble.net";
  1249.  
  1250.         /*
  1251.          * action: action to take when a matching gline is found. options are:
  1252.          *  reject      - do not apply the gline locally
  1253.          *  block       - do not propagate the gline
  1254.          */
  1255.         action = reject, block;
  1256.  
  1257.         user = "*@*";
  1258.         name = "*god*";
  1259.         action = block;
  1260. };
  1261.  
  1262. modules {
  1263.         /*
  1264.          * module path: other paths to search for modules specified below
  1265.          * and in /modload.
  1266.          */
  1267.         path = "/home/cyfi/eircd/modules";
  1268.         path = "/home/cyfi/eircd/modules/autoload";
  1269.  
  1270.         /* module: the name of a module to load on startup/rehash */
  1271.         #module = "some_module.so";
  1272.         #module = "mod_chanfix.so";
  1273. };
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top