ircd-hybrid.conf

1. #-------------------------------------------------------------------------
2. # Configuracao em portugues
3. #
4. # @FILESOURCE ircd.conf
5. # @AUTHOR BLX32
6. # @DATE Seg 27 Out, 21:41 - 2015
7. # @VERSION 1.0.0 for irc-hybrid
8. # Copyright (c) 2000-2015 ircd-hybrid development team
9. # reference.conf 6524 2015-09-09 16:35:53Z
10. #
11. ########################################################################
12. # IMPORTANT NOTE:
13. #
14. # auth {} blocks MUST be specified in order of precedence. The first one
15. # that matches a user will be used. So place spoofs first, then specials,
16. # then general access.
17. #
18. # Para melhor configurar edite as linhas.
19. # LINHAS, 48, 66, 72, 73, 85, 202, 442, 449, 455, 578, 592, 593.
20. ########################################################################
21. #
22. # Shell style (#), C++ style (//) and C style comments are supported.
23. #
24. # Files may be included by either:
25. # .include "filename"
26. # .include <filename>
27. #
28. # Times/durations are written as:
29. # 12 hours 30 minutes 1 second
30. #
31. # Valid units of time:
32. # year, month, week, day, hour, minute, second
33. #
34. # Valid units of size:
35. # megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
36. #
37. # Sizes and times may be singular or plural.
38. #
39. #-------------------------------------------------------------------------
40.  
41.  
42.  
43. /*
44. * serverinfo {}: contains information about the server
45. */
46. serverinfo {
47. /*
48. * name: the name of this server. This cannot be changed at runtime.
49. */
50. name = "{SEUDOMINIO}";
51.  
52. /*
53. * sid: a server's unique ID. This is three characters long and must
54. * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be
55. * a digit, followed by 2 alpha-numerical letters.
56. *
57. * NOTE: The letters must be capitalized. This cannot be changed at runtime.
58. *
59. * A sid is automatically generated at runtime, if you want to configure
60. * a specific sid, uncomment the following line.
61. */
62. # sid = "0HY";
63.  
64. /*
65. * description: the description of the server.
66. */
67. description = "{SEUDESCRICAO}";
68.  
69. /*
70. * network_name, network_desc: the name and description of the network this
71. * server is on. Shown in the 005 reply and used with serverhiding.
72. */
73. network_name = "{SEU NOME DA REDE}";
74. network_desc = "{SEU DESCRICAO DA REDE}";
75.  
76. /*
77. * hub: allow this server to act as a hub and have multiple servers
78. * connected to it.
79. */
80. hub = no;
81.  
82. /*
83. * vhost: the IP address to bind to when we connect outward to IPv4 servers.
84. * This should be an IPv4 address, or "*" for INADDR_ANY.
85. */
86. vhost = "{SEU IP}";
87.  
88. /*
89. * vhost6: the IP address to bind to when we connect outward to IPv6 servers.
90. * This should be an IPv6 address, or "*" for in6addr_any.
91. */
92. #vhost6 = "2001:DB8::1";
93.  
94. /*
95. * default_max_clients: the default maximum number of clients allowed
96. * to connect. This can be changed from within IRC via /QUOTE SET MAX.
97. */
98. default_max_clients = 512; #Maximo de clientes permitidos
99.  
100. /*
101. * max_nick_length: only applies to local clients. Must be in the
102. * range of 9 to 30. Default is 9 if nothing else is specified.
103. */
104. max_nick_length = 9;
105.  
106. /*
107. * max_topic_length: only applies to topics set by local clients.
108. * Must be in the range of 80 to 300. Default is 80 if nothing
109. * else is specified.
110. */
111. max_topic_length = 160;
112.  
113. /*
114. * rsa_private_key_file: the path to the file containing the
115. * RSA key.
116. *
117. * Example commands to store a 2048 bit RSA key in rsa.key:
118. *
119. * openssl genrsa -out rsa.key 2048
120. * chown <ircd-user>.<ircd.group> rsa.key
121. * chmod 0600 rsa.key
122. */
123. #rsa_private_key_file = "etc/rsa.key";
124.  
125. /*
126. * ssl_certificate_file: the path to the file containing our
127. * SSL certificate for encrypted client connection.
128. *
129. * This assumes your private RSA key is stored in rsa.key. You
130. * MUST have an RSA key in order to generate the certificate.
131. *
132. * Example command:
133. *
134. * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
135. *
136. * Please use the following values when generating the cert
137. *
138. * Organization Name: Network Name
139. * Organization Unit Name: unit.example.net
140. * Common Name: irc.example.net
141. * E-mail: email@example.net
142. */
143. #ssl_certificate_file = "etc/cert.pem";
144.  
145. /*
146. * ssl_dh_param_file: path to the PEM encoded Diffie-Hellman
147. * parameter file. DH parameters are required when using
148. * ciphers with EDH (ephemeral Diffie-Hellman) key exchange.
149. *
150. * A DH parameter file can be created by running:
151. *
152. * openssl dhparam -out dhparam.pem 2048
153. *
154. * Prime size must be at least 1024 bits. Further information
155. * regarding specific OpenSSL dhparam command-line options
156. * can be found in the OpenSSL manual.
157. */
158. #ssl_dh_param_file = "etc/dhparam.pem";
159.  
160. /*
161. * ssl_dh_elliptic_curve: defines the curve to use for the
162. * Elliptic Curve Diffie-Hellman (ECDH) algorithm.
163. * Default is ANSI X9.62 prime256v1/secp256r1 if nothing else is specified.
164. *
165. * A list of supported curves by OpenSSL can be obtained by running:
166. *
167. * openssl ecparam -list_curves
168. */
169. # ssl_dh_elliptic_curve = "secp521r1";
170.  
171. /*
172. * ssl_cipher_list: list of ciphers to support on _this_ server.
173. * Can be used to enforce specific ciphers for incoming SSL/TLS
174. * connections. If a client (which also includes incoming server connections)
175. * is not capable of using any of the ciphers listed here, the connection will
176. * simply be rejected.
177. *
178. * A list of supported ciphers by OpenSSL can be obtained by running:
179. *
180. * openssl ciphers -tls1 -v
181. *
182. * Multiple ciphers are separated by colons. The order of preference is
183. * from left to right.
184. */
185. # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
186.  
187. /*
188. * ssl_message_digest_algorithm: defines what cryptographic hash function
189. * to use for generating fingerprint hashes of X.509 certificates.
190. * Default is SHA-256 if nothing else is specified.
191. *
192. * A list of supported message digest algorithms by OpenSSL can be obtained by running:
193. *
194. * openssl list-message-digest-algorithms
195. */
196. # ssl_message_digest_algorithm = "sha256";
197. };
198.  
199. /*
200. * admin {}: contains administrative information about the server
201. */
202. admin {
203. name = "{SEU NOME DE ADMIN}";
204. description = "Main Server Administrator";
205. email = "<admin@SEUDOMINIO.COM>";
206. };
207.  
208. /*
209. * class {}: contains information about classes for users
210. */
211. class {
212. /* name: the name of the class. */
213. name = "users";
214.  
215. /*
216. * ping_time: how often a client must reply to a PING from the
217. * server before they are dropped.
218. */
219. ping_time = 90 seconds;
220.  
221. /*
222. * number_per_ip: how many local users are allowed to connect
223. * from a single IP address (optional)
224. */
225. number_per_ip = 2;
226.  
227. /*
228. * max_local: how many local users are allowed to connect
229. * from a single ident@host (optional)
230. */
231. max_local = 2;
232.  
233. /*
234. * max_global: network-wide limit of users per ident@host (optional)
235. */
236. max_global = 10;
237.  
238. /*
239. * max_number: the maximum number of users allowed in this class (optional)
240. */
241. max_number = 100;
242.  
243. /*
244. * The following lines are optional and allow you to define
245. * how many users can connect from one /NN subnet.
246. */
247. cidr_bitlen_ipv4 = 24;
248. cidr_bitlen_ipv6 = 120;
249. number_per_cidr = 16;
250.  
251. /*
252. * sendq: the amount of data allowed in a client's send queue before
253. * they are dropped.
254. */
255. sendq = 100 kbytes;
256.  
257. /*
258. * recvq: the amount of data allowed in a client's receive queue before
259. * they are dropped for flooding. Defaults to 2560 if the chosen value
260. * isn't within the range of 512 to 8000.
261. */
262. recvq = 2560 bytes;
263. };
264.  
265. class {
266. name = "opers";
267. ping_time = 90 seconds;
268. number_per_ip = 10;
269. max_number = 100;
270. sendq = 100 kbytes;
271.  
272. /*
273. * max_channels: maximum number of channels users in this class can join.
274. */
275. max_channels = 60;
276.  
277. /*
278. * min_idle: minimum idle time that is shown in /whois.
279. */
280. min_idle = 3 hours;
281.  
282. /*
283. * max_idle: maximum idle time that is shown in /whois.
284. */
285. max_idle = 8 hours;
286.  
287. /*
288. * flags:
289. *
290. * random_idle - a fake idle time is set randomly between
291. * min_idle and max_idle
292. * hide_idle_from_opers - the fake idle time will also be shown to operators
293. */
294. flags = random_idle, hide_idle_from_opers;
295. };
296.  
297. class {
298. name = "server";
299. ping_time = 90 seconds;
300.  
301. /*
302. * connectfreq: only used in server classes. Specifies the delay
303. * between autoconnecting to servers.
304. */
305. connectfreq = 5 minutes;
306.  
307. /* max number: the number of servers to autoconnect to. */
308. max_number = 1;
309.  
310. /* sendq: servers need a higher sendq as they send more data. */
311. sendq = 2 megabytes;
312. };
313.  
314. /*
315. * motd {}: Allows the display of a different MOTD to a client
316. * depending on its origin. Applies to local users only.
317. */
318. motd {
319. /*
320. * mask: multiple mask entries are permitted. Mask can either be
321. * a class name or a hostname. CIDR is supported.
322. */
323. mask = "*.at";
324. mask = "*.de";
325. mask = "*.ch";
326.  
327. /*
328. * file: path to the actual motd file.
329. */
330. file = "etc/german.motd";
331. };
332.  
333. /*
334. * listen {}: contains information about the ports ircd listens on
335. */
336. listen {
337. /*
338. * port: the port to listen on. If no host is specified earlier in the
339. * listen {} block, it will listen on all available IP addresses.
340. *
341. * Ports are separated by commas; a range may be specified using ".."
342. */
343.  
344. /* port: listen on all available IP addresses, ports 6665 to 6669. */
345. port = 6665 .. 6669;
346.  
347. /*
348. * Listen on 192.0.2.1/6697 with SSL enabled and hidden from STATS P
349. * unless you are an administrator.
350. *
351. * NOTE: The "flags" directive always has to come before "port".
352. *
353. * Currently available flags are:
354. *
355. * ssl - Port may only accept TLS/SSL connections
356. * server - Only server connections are permitted
357. * hidden - Port is hidden from /stats P, unless you're an admin
358. */
359. flags = hidden, ssl;
360. host = "127.0.0.1";
361. port = 6667;
362.  
363. /*
364. * host: set a specific IP address to listen on using the
365. * subsequent port definitions. This may be IPv4 or IPv6.
366. */
367. host = "45.58.42.103";
368. port = 6667;
369. };
370.  
371. /*
372. * auth {}: allow users to connect to the ircd
373. */
374. auth {
375. /*
376. * user: the user@host allowed to connect. Multiple user
377. * lines are permitted within each auth {} block.
378. */
379. #user = "*@*.*.*.*";
380.  
381. /* password: an optional password that is required to use this block. */
382. password = "letmein";
383.  
384. /*
385. * encrypted: controls whether the auth password above has been
386. * encrypted. Default is 'no' if nothing else is specified.
387. */
388. encrypted = yes;
389.  
390. /*
391. * spoof: fake the user's host to this. This is free-form, just do
392. * everyone a favor and don't abuse it. ('=' prefix on /stats I)
393. */
394. spoof = "I.still.hate.packets";
395.  
396. /* class: the class the user is placed in. */
397. class = "opers";
398.  
399. /*
400. * need_password - don't allow users who haven't supplied the correct | ('&' prefix on /stats I if disabled)
401. * password to connect using another auth {} block
402. * need_ident - require the user to have identd to connect | ('+' prefix on /stats I)
403. * spoof_notice - enable spoofing notification to admins
404. * exceed_limit - allow a user to exceed class limits | ('>' prefix on /stats I)
405. * kline_exempt - exempt this user from k-lines | ('^' prefix on /stats I)
406. * xline_exempt - exempt this user from x-lines | ('!' prefix on /stats I)
407. * resv_exempt - exempt this user from resvs | ('$' prefix on /stats I)
408. * no_tilde - remove ~ from a user with no ident | ('-' prefix on /stats I)
409. * can_flood - allow this user to exceed flood limits | ('|' prefix on /stats I)
410. * webirc - enables WEBIRC authentication for web-based | ('<' prefix on /stats I)
411. * clients such as Mibbit
412. */
413. flags = need_password, spoof_notice, exceed_limit, kline_exempt,
414. xline_exempt, resv_exempt, no_tilde, can_flood;
415. };
416.  
417. auth {
418. /*
419. * redirserv, redirport: the server and port to redirect a user to.
420. * A user does not have to obey the redirection; the ircd just
421. * suggests an alternative server for them.
422. */
423. redirserv = "server2.example.net";
424. redirport = 6667;
425.  
426. user = "*@*.ch";
427.  
428. /* class: a class is required even though it is not used. */
429. class = "users";
430. };
431.  
432. auth {
433. user = "*@*";
434. class = "users";
435. #flags = need_ident;
436. };
437.  
438. /*
439. * operator {}: defines ircd operators
440. */
441. operator {
442. /* name: the name of the operator */
443. name = "{SEU USUARIO OPER}";
444.  
445. /*
446. * user: the user@host required for this operator. Multiple user
447. * lines are permitted within each operator {} block.
448. */
449.  
450. user = "*@10.10.10.10"; # Aqui é o ip do servidor
451. user = "*@*.*.*.*";
452.  
453. /*
454. * password: É necessario utiliazar o password no programa para cifrar sua senha.
455. */
456. password = "{SEU PASS}";
457.  
458. /*
459. * encrypted: controls whether the oper password above has been
460. * encrypted. Default is 'yes' if nothing else is specified.
461. */
462. encrypted = yes;
463.  
464. /*
465. * whois: allows to override the default RPL_WHOISOPERATOR numeric
466. * string shown in /whois.
467. * This string is propagated to all servers on the network.
468. */
469. # whois = "is a Smurf Target (IRC Operator)";
470.  
471. /*
472. * rsa_public_key_file: the public key for this oper when using /challenge.
473. * A password should not be defined when this is used; see
474. * doc/challenge.txt for more information.
475. */
476. # rsa_public_key_file = "etc/oper.pub";
477.  
478. /*
479. * ssl_certificate_fingerprint: enhances security by additionally checking
480. * the oper's client certificate fingerprint against the specified
481. * fingerprint below.
482. *
483. * Hint: your users can use the following command to obtain a SHA-256 hash
484. * of their ssl certificate:
485. *
486. * openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g'
487. */
488. # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
489.  
490. /*
491. * ssl_connection_required: client must be connected over SSL/TLS
492. * in order to be able to use this operator {} block.
493. * Default is 'no' if nothing else is specified.
494. */
495. ssl_connection_required = no;
496.  
497. /* class: the class the oper joins when they successfully /oper or /challenge. */
498. class = "opers";
499.  
500. /*
501. * umodes: the default user modes opers get when they /oper or /challenge.
502. * If defined, it will override oper_umodes settings in general {}.
503. * Available user modes:
504. *
505. * +b - bots - See bot and drone flooding notices
506. * +c - cconn - Client connection/quit notices
507. * +D - deaf - Don't receive channel messages
508. * +d - debug - See debugging notices
509. * +e - external - See remote server connection and split notices
510. * +F - farconnect - Remote client connection/quit notices
511. * +f - full - See auth {} block full notices
512. * +G - softcallerid - Server Side Ignore for users not on your channels
513. * +g - callerid - Server Side Ignore (for privmsgs etc)
514. * +H - hidden - Hides operator status to other users
515. * +i - invisible - Not shown in NAMES or WHO unless you share a channel
516. * +j - rej - See rejected client notices
517. * +k - skill - See server generated KILL messages
518. * +l - locops - See LOCOPS messages
519. * +n - nchange - See client nick changes
520. * +p - hidechans - Hides channel list in WHOIS
521. * +q - hideidle - Hides idle and signon time in WHOIS
522. * +R - nononreg - Only receive private messages from registered clients
523. * +s - servnotice - See general server notices
524. * +u - unauth - See unauthorized client notices
525. * +w - wallop - See server generated WALLOPS
526. * +y - spy - See LINKS, STATS, TRACE notices etc.
527. */
528. umodes = locops, servnotice, wallop, invisible;
529.  
530. /*
531. * flags: controls the activities and commands an oper is
532. * allowed to do on the server. All flags default to 'no'.
533. * Available flags:
534. *
535. * admin - gives administrator privileges | ('A' flag)
536. * close - allows CLOSE
537. * connect - allows local CONNECT | ('P' flag)
538. * connect:remote - allows remote CONNECT | ('Q' flag)
539. * die - allows DIE | ('D' flag)
540. * dline - allows DLINE |
541. * globops - allows GLOBOPS |
542. * join:resv - allows to JOIN resv {} channels
543. * kill - allows to KILL local clients | ('N' flag)
544. * kill:remote - allows remote users to be /KILL'd | ('O' flag)
545. * kline - allows KLINE | ('K' flag)
546. * locops - allows LOCOPS |
547. * module - allows MODULE |
548. * nick:resv - allows to use NICK on resv {} nicks
549. * opme - allows OPME |
550. * rehash - allows oper to REHASH config | ('H' flag)
551. * remoteban - allows remote KLINE/UNKLINE | ('B' flag)
552. * restart - allows RESTART |
553. * resv - allows RESV
554. * set - allows SET |
555. * squit - allows local SQUIT | ('R' flag)
556. * squit:remote - allows remote SQUIT | ('S' flag)
557. * undline - allows UNDLINE |
558. * unkline - allows UNKLINE | ('U' flag)
559. * unresv - allows UNRESV
560. * unxline - allows UNXLINE |
561. * wallops - allows WALLOPS |
562. * xline - allows XLINE | ('X' flag)
563. */
564. flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
565. kline, module, rehash, restart, set, unkline, unxline, xline;
566. };
567.  
568. /*
569. * connect {}: define a server to connect to
570. */
571. connect {
572. /* name: Precisa ser um dominio diferente. */
573. name = "services.{SEUDOMINIO}";
574.  
575. /*
576. * host: the host or IP address to connect to. If a hostname is used it
577. * must match the reverse DNS of the server.
578. */
579. host = "10.10.10.10"; #Seu IP do servidor
580.  
581. /*
582. * vhost: the IP address to bind to when making outgoing connections to
583. * servers.
584. * serverinfo::vhost and serverinfo::vhost6 will be overridden
585. * by this directive.
586. */
587. #vhost = "10.10.10.10";
588.  
589. /*
590. * senha utilizada para conectar a seus serviços.
591. */
592. send_password = "hackme";
593. accept_password = "hackme";
594.  
595. /*
596. * encrypted: controls whether the accept_password above has been
597. * encrypted.
598. */
599. encrypted = no;
600.  
601. /* port: the port to connect to this server on. */
602. port = 6667;
603.  
604. /*
605. * hub_mask: the mask of servers that this server may hub. Multiple
606. * entries are permitted.
607. */
608. hub_mask = "*";
609.  
610. /*
611. * leaf_mask: the mask of servers this server may not hub. Multiple
612. * entries are permitted. Useful for forbidding EU -> US -> EU routes.
613. */
614. # leaf_mask = "*.uk";
615.  
616. /* class: the class this server is in. */
617. class = "server";
618.  
619. /*
620. * ssl_cipher_list: list of ciphers that the server we are connecting to
621. * must support. If the server is not capable of using any of the ciphers
622. * listed below, the connection will simply be rejected.
623. * Can be used to enforce stronger ciphers, even though this option
624. * is not necessarily required to establish a SSL/TLS connection.
625. *
626. * Multiple ciphers are separated by colons. The order of preference
627. * is from left to right.
628. */
629. # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA";
630.  
631. /*
632. * ssl_certificate_fingerprint: enhances security by additionally checking
633. * the server's client certificate fingerprint against the specified
634. * fingerprint below.
635. */
636. # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D";
637.  
638. /*
639. * autoconn - controls whether we autoconnect to this server or not,
640. * dependent on class limits. By default, this is disabled.
641. * ssl - Initiates a TLS/SSL connection.
642. */
643. # flags = autoconn, ssl;
644. };
645.  
646. connect {
647. name = "ipv6.example.net";
648. host = "2001:DB8::3";
649. send_password = "password";
650. accept_password = "password";
651. port = 6666;
652.  
653. /*
654. * aftype: controls whether the connection uses "ipv4" or "ipv6".
655. * Default is ipv4.
656. */
657. aftype = ipv6;
658. class = "server";
659. };
660.  
661. /*
662. * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops
663. * automatically
664. */
665. cluster {
666. /*
667. * name: the server to share with; this can take wildcards
668. *
669. * NOTE: only local actions will be clustered, meaning that if
670. * the server receives a shared kline/unkline/etc, it
671. * will not be propagated to clustered servers.
672. *
673. * Remote servers are not necessarily required to accept
674. * clustered lines, they need a shared {} block for *THIS*
675. * server in order to accept them.
676. */
677. name = "*.example.net";
678.  
679. /*
680. * type: list of what to share; options are as follows:
681. * dline - share dlines
682. * undline - share undlines
683. * kline - share klines
684. * unkline - share unklines
685. * xline - share xlines
686. * unxline - share unxlines
687. * resv - share resvs
688. * unresv - share unresvs
689. * locops - share locops
690. * all - share all of the above (default)
691. */
692. type = kline, unkline, locops, xline, resv;
693. };
694.  
695. /*
696. * shared {}: users that are allowed to remote kline
697. *
698. * NOTE: This can effectively be used for remote klines.
699. * Please note that there is no password authentication
700. * for users setting remote klines. You must also be
701. * /oper'd in order to issue a remote kline.
702. */
703. shared {
704. /*
705. * name: the server the user must be connected to in order to set klines.
706. * If this is not specified, the user will be allowed to kline from all
707. * servers.
708. */
709. name = "irc2.example.net";
710.  
711. /*
712. * user: the user@host mask that is allowed to set klines. If this is
713. * not specified, all users on the server above will be allowed to set
714. * a remote kline.
715. */
716. user = "oper@my.host.is.spoofed";
717.  
718. /*
719. * type: list of what to share, options are as follows:
720. * dline - allow oper/server to dline
721. * undline - allow oper/server to undline
722. * kline - allow oper/server to kline
723. * unkline - allow oper/server to unkline
724. * xline - allow oper/server to xline
725. * unxline - allow oper/server to unxline
726. * resv - allow oper/server to resv
727. * unresv - allow oper/server to unresv
728. * locops - allow oper/server to locops - only used for servers that cluster
729. * all - allow oper/server to do all of the above (default)
730. */
731. type = kline, unkline, resv;
732. };
733.  
734. /*
735. * kill {}: users that are not allowed to connect
736. * Oper issued klines will be added to the specified kline database
737. */
738. kill {
739. user = "bad@*.example.net";
740. reason = "Obviously hacked account";
741. };
742.  
743. /*
744. * deny {}: IP addresses that are not allowed to connect
745. * (before DNS/ident lookup)
746. * Oper issued dlines will be added to the specified dline database
747. */
748. deny {
749. ip = "192.0.2.0/28";
750. reason = "Reconnecting vhosted bots";
751. };
752.  
753. /*
754. * exempt {}: IP addresses that are exempt from deny {} and Dlines
755. */
756. exempt {
757. ip = "192.0.2.240/28";
758. };
759.  
760. /*
761. * resv {}: nicks and channels users may not use/join
762. */
763. resv { mask = "clone*"; reason = "Clone bots"; };
764. resv { mask = "Global"; reason = "Reserved for services"; };
765. resv { mask = "ChanServ"; reason = "Reserved for services"; };
766. resv { mask = "NickServ"; reason = "Reserved for services"; };
767. resv { mask = "OperServ"; reason = "Reserved for services"; };
768. resv { mask = "MemoServ"; reason = "Reserved for services"; };
769. resv { mask = "BotServ"; reason = "Reserved for services"; };
770. resv { mask = "HelpServ"; reason = "Reserved for services"; };
771. resv { mask = "HostServ"; reason = "Reserved for services"; };
772. resv { mask = "StatServ"; reason = "Reserved for services"; };
773. resv { mask = "#*services*"; reason = "Reserved for services"; };
774.  
775. resv {
776. /*
777. * mask: masks starting with a '#' are automatically considered
778. * as channel name masks.
779. */
780. mask = "#helsinki";
781. reason = "Channel is reserved for Finnish inhabitants";
782.  
783. /*
784. * exempt: can be either a ISO 3166 alpha-2 two letter country
785. * code, or a nick!user@host mask. CIDR is supported. Exempt
786. * entries can be stacked.
787. */
788. exempt = "FI";
789. };
790.  
791. /*
792. * gecos {}: used for banning users based on their "realname".
793. */
794. gecos {
795. name = "*sex*";
796. reason = "Possible spambot";
797. };
798.  
799. gecos {
800. name = "sub7server";
801. reason = "Trojan drone";
802. };
803.  
804. /*
805. * service {}: specifies a server which may act as a network service
806. *
807. * NOTE: it is very important that every server on the network
808. * has the same service {} block.
809. */
810. service {
811. name = "service.example.net";
812. name = "stats.example.net";
813. };
814.  
815. /*
816. * pseudo {}: adds pseudo/custom commands also known as service aliases
817. */
818. pseudo {
819. /* command: the actual command/alias. */
820. command = "IDENTIFY";
821.  
822. /* prepend: optional text that can be prepended before the user's message. */
823. prepend = "IDENTIFY ";
824.  
825. /* name: the service name, used for error messages. */
826. name = "NickServ";
827.  
828. /* target: the actual target where this message should be sent to. */
829. target = "NickServ@service.example.net";
830. };
831.  
832. pseudo {
833. command = "CHANSERV";
834. name = "ChanServ";
835. target = "ChanServ@service.example.net";
836. };
837.  
838. pseudo {
839. command = "CS";
840. name = "ChanServ";
841. target = "ChanServ@service.example.net";
842. };
843.  
844. pseudo {
845. command = "NICKSERV";
846. name = "NickServ";
847. target = "NickServ@service.example.net";
848. };
849.  
850. pseudo {
851. command = "NS";
852. name = "NickServ";
853. target = "NickServ@service.example.net";
854. };
855.  
856. pseudo {
857. command = "MEMOSERV";
858. name = "MemoServ";
859. target = "MemoServ@service.example.net";
860. };
861.  
862. pseudo {
863. command = "MS";
864. name = "MemoServ";
865. target = "MemoServ@service.example.net";
866. };
867.  
868. pseudo {
869. command = "OPERSERV";
870. name = "OperServ";
871. target = "OperServ@service.example.net";
872. };
873.  
874. pseudo {
875. command = "OS";
876. name = "OperServ";
877. target = "OperServ@service.example.net";
878. };
879.  
880. pseudo {
881. command = "HOSTSERV";
882. name = "HostServ";
883. target = "HostServ@service.example.net";
884. };
885.  
886. pseudo {
887. command = "HS";
888. name = "HostServ";
889. target = "HostServ@service.example.net";
890. };
891.  
892. pseudo {
893. command = "BOTSERV";
894. name = "BotServ";
895. target = "BotServ@service.example.net";
896. };
897.  
898. pseudo {
899. command = "BS";
900. name = "BotServ";
901. target = "BotServ@service.example.net";
902. };
903.  
904. /*
905. * channel {}: the channel block contains options pertaining to channels
906. */
907. channel {
908. /*
909. * disable_fake_channels: this option, if set to 'yes', will
910. * disallow clients from creating or joining channels that have one
911. * of the following ASCII characters in their name:
912. *
913. * 2 | bold
914. * 3 | mirc color
915. * 15 | plain text
916. * 22 | reverse
917. * 29 | italic
918. * 31 | underline
919. * 160 | non-breaking space
920. */
921. disable_fake_channels = yes;
922.  
923. /*
924. * invite_client_count, invite_client_time: how many INVITE commands
925. * are permitted per client per invite_client_time.
926. */
927. invite_client_count = 10;
928. invite_client_time = 5 minutes;
929.  
930. /*
931. * knock_client_count, knock_client_time: how many KNOCK commands
932. * are permitted per client per knock_client_time.
933. */
934. knock_client_count = 1;
935. knock_client_time = 5 minutes;
936.  
937. /*
938. * knock_delay_channel: how often a KNOCK to any specific channel
939. * is permitted, regardless of the user sending the KNOCK.
940. */
941. knock_delay_channel = 1 minute;
942.  
943. /*
944. * max_channels: the maximum number of channels a user can join/be on.
945. * This is a default value which can be overriden with class {} blocks.
946. */
947. max_channels = 25;
948.  
949. /* max_bans: maximum number of +b/e/I modes in a channel. */
950. max_bans = 100;
951.  
952. /*
953. * default_join_flood_count, default_join_flood_time:
954. * how many joins in how many seconds constitute a flood. Use 0 to disable.
955. * +b opers will be notified. These are only default values which can be
956. * changed via "/QUOTE SET JFLOODCOUNT" and "/QUOTE SET JFLOODTIME".
957. */
958. default_join_flood_count = 18;
959. default_join_flood_time = 6 seconds;
960. };
961.  
962. /*
963. * serverhide {}: the serverhide block contains the options regarding
964. * to server hiding. For more information regarding server hiding,
965. * please see doc/serverhide.txt
966. */
967. serverhide {
968. /*
969. * disable_remote_commands: disable users issuing commands
970. * on remote servers.
971. */
972. disable_remote_commands = no;
973.  
974. /*
975. * flatten_links: this option will show all servers in /links appear
976. * as though they are linked to this current server.
977. */
978. flatten_links = no;
979.  
980. /*
981. * links_delay: how often to update the links file when it is
982. * flattened.
983. */
984. links_delay = 5 minutes;
985.  
986. /*
987. * hidden: hide this server from a /links output on servers that
988. * support it. This allows hub servers to be hidden etc.
989. */
990. hidden = no;
991.  
992. /*
993. * hide_servers: hide remote servernames everywhere and instead use
994. * hidden_name and network_desc.
995. */
996. hide_servers = no;
997.  
998. /*
999. * hide_services: define this if you want to hide the location of
1000. * services servers that are specified in the service {} block.
1001. */
1002. hide_services = no;
1003.  
1004. /*
1005. * hidden_name: use this as the servername users see if hide_servers = yes.
1006. */
1007. hidden_name = "*.example.net";
1008.  
1009. /*
1010. * hide_server_ips: if this is disabled, opers will be unable to see
1011. * servers' IP addresses and will be shown a masked IP address; admins
1012. * will be shown the real IP address.
1013. *
1014. * If this is enabled, nobody can see a server's IP address.
1015. * *This is a kludge*: it has the side effect of hiding the IP addresses
1016. * everywhere, including logfiles.
1017. *
1018. * We recommend you leave this disabled, and just take care with who you
1019. * give administrator privileges to.
1020. */
1021. hide_server_ips = no;
1022. };
1023.  
1024. /*
1025. * general {}: the general block contains many of the options that were once
1026. * compiled in options in config.h
1027. */
1028. general {
1029. /*
1030. * cycle_on_host_change: sends a fake QUIT/JOIN combination
1031. * when services change the hostname of a specific client.
1032. */
1033. cycle_on_host_change = yes;
1034.  
1035. /* max_watch: maximum WATCH entries a client can have. */
1036. max_watch = 30;
1037.  
1038. /* max_accept: maximum allowed /accept's for +g user mode. */
1039. max_accept = 30;
1040.  
1041. /*
1042. * dline_min_cidr: the minimum required length of a CIDR bitmask
1043. * for IPv4 based D-lines.
1044. */
1045. dline_min_cidr = 16;
1046.  
1047. /*
1048. * dline_min_cidr6: the minimum required length of a CIDR bitmask
1049. * for IPv6 based D-lines.
1050. */
1051. dline_min_cidr6 = 48;
1052.  
1053. /*
1054. * kline_min_cidr: the minimum required length of a CIDR bitmask
1055. * for IPv4 based K-lines.
1056. */
1057. kline_min_cidr = 16;
1058.  
1059. /*
1060. * kline_min_cidr6: the minimum required length of a CIDR bitmask
1061. * for IPv6 based K-lines.
1062. */
1063. kline_min_cidr6 = 48;
1064.  
1065. /*
1066. * invisible_on_connect: whether to automatically set mode +i on
1067. * connecting users.
1068. */
1069. invisible_on_connect = yes;
1070.  
1071. /*
1072. * kill_chase_time_limit: KILL chasing is a feature whereby a KILL
1073. * issued for a user who has recently changed nickname will be applied
1074. * automatically to the new nick. kill_chase_time_limit is the maximum
1075. * time following a nickname change that this chasing will apply.
1076. */
1077. kill_chase_time_limit = 30 seconds;
1078.  
1079. /*
1080. * ignore_bogus_ts: ignore bogus timestamps from other servers.
1081. * Yes, this will desync the network, but it will allow chanops
1082. * to resync with a valid non TS 0.
1083. *
1084. * This should be enabled network wide, or not at all.
1085. */
1086. ignore_bogus_ts = no;
1087.  
1088. /*
1089. * disable_auth: completely disable ident lookups; if you enable this,
1090. * be careful of what you set need_ident to in your auth {} blocks.
1091. */
1092. disable_auth = no;
1093.  
1094. /*
1095. * tkline_expire_notices: enables or disables temporary kline/xline
1096. * expire notices.
1097. */
1098. tkline_expire_notices = no;
1099.  
1100. /*
1101. * default_floodcount: the default value of floodcount that is configurable
1102. * via /quote set floodcount. This is the number of lines a user may send
1103. * to any other user/channel in one second. Set to 0 to disable.
1104. */
1105. default_floodcount = 10;
1106.  
1107. /*
1108. * failed_oper_notice: send a notice to all opers on the server when
1109. * someone tries to OPER and uses the wrong password, host or ident.
1110. */
1111. failed_oper_notice = yes;
1112.  
1113. /*
1114. * dots_in_ident: the number of '.' characters permitted in an ident
1115. * reply before the user is rejected.
1116. */
1117. dots_in_ident = 2;
1118.  
1119. /*
1120. * min_nonwildcard: the minimum number of non-wildcard characters in
1121. * k/d lines placed via the server. K-lines hand-placed are exempt from
1122. * this limit.
1123. * Wildcard characters: '.', ':', '*', '?'
1124. */
1125. min_nonwildcard = 4;
1126.  
1127. /*
1128. * min_nonwildcard_simple: the minimum number of non-wildcard characters
1129. * in gecos bans. Wildcard characters: '*', '?'
1130. */
1131. min_nonwildcard_simple = 3;
1132.  
1133. /* anti_nick_flood: enable the nickflood control code. */
1134. anti_nick_flood = yes;
1135.  
1136. /*
1137. * max_nick_changes, max_nick_time: the number of nick changes allowed in
1138. * the specified period.
1139. */
1140. max_nick_changes = 5;
1141. max_nick_time = 20 seconds;
1142.  
1143. /*
1144. * away_count, away_time: how many AWAY command are permitted per
1145. * client per away_time.
1146. */
1147. away_count = 2;
1148. away_time = 10 seconds;
1149.  
1150. /*
1151. * anti_spam_exit_message_time: the minimum time a user must be connected
1152. * before custom quit messages are allowed.
1153. */
1154. anti_spam_exit_message_time = 5 minutes;
1155.  
1156. /*
1157. * ts_warn_delta, ts_max_delta: the time delta allowed between server
1158. * clocks before a warning is given, or before the link is dropped.
1159. * All servers should run ntpdate/rdate to keep clocks in sync.
1160. */
1161. ts_warn_delta = 3 seconds;
1162. ts_max_delta = 15 seconds;
1163.  
1164. /*
1165. * warn_no_connect_block: warn opers about servers that try to connect
1166. * but for which we don't have a connect {} block. Twits with
1167. * misconfigured servers can become really annoying with this enabled.
1168. */
1169. warn_no_connect_block = yes;
1170.  
1171. /*
1172. * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
1173. * operators and administrators. Doing so is a good idea in case
1174. * there are any exempted (exempt {}) server IPs you don't want to
1175. * see leaked.
1176. */
1177. stats_e_disabled = no;
1178.  
1179. /* stats_m_oper_only: make /stats m/M (messages) oper only. */
1180. stats_m_oper_only = yes;
1181.  
1182. /* stats_o_oper_only: make stats o (opers) oper only. */
1183. stats_o_oper_only = yes;
1184.  
1185. /* stats_P_oper_only: make stats P (ports) oper only. */
1186. stats_P_oper_only = yes;
1187.  
1188. /* stats_u_oper_only: make stats u (uptime) oper only. */
1189. stats_u_oper_only = no;
1190.  
1191. /*
1192. * stats_i_oper_only: make stats i (auth {}) oper only. Set to:
1193. * yes - show users no auth {} blocks, made oper only
1194. * masked - show users the first matching auth {} block
1195. * no - show users all auth {} blocks
1196. */
1197. stats_i_oper_only = yes;
1198.  
1199. /*
1200. * stats_k_oper_only: make stats k/K (klines) oper only. Set to:
1201. * yes - show users no klines, made oper only
1202. * masked - show users the first matching kline
1203. * no - show users all klines
1204. */
1205. stats_k_oper_only = yes;
1206.  
1207. /*
1208. * caller_id_wait: time between notifying a +g user that somebody
1209. * is messaging them.
1210. */
1211. caller_id_wait = 1 minute;
1212.  
1213. /*
1214. * opers_bypass_callerid: allows operators to bypass +g and message
1215. * anyone who has it set.
1216. */
1217. opers_bypass_callerid = no;
1218.  
1219. /*
1220. * pace_wait_simple: minimum time required between use of less
1221. * intensive commands
1222. * (ADMIN, HELP, LUSERS, VERSION, remote WHOIS)
1223. */
1224. pace_wait_simple = 1 second;
1225.  
1226. /*
1227. * pace_wait: minimum time required between use of more intensive commands
1228. * (INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS)
1229. */
1230. pace_wait = 10 seconds;
1231.  
1232. /*
1233. * short_motd: send clients a notice telling them to read the MOTD
1234. * instead of forcing an MOTD to clients who may simply ignore it.
1235. */
1236. short_motd = no;
1237.  
1238. /*
1239. * ping_cookie: require clients to respond exactly to a PING command,
1240. * can help block certain types of drones and FTP PASV mode spoofing.
1241. */
1242. ping_cookie = no;
1243.  
1244. /* no_oper_flood: increase flood limits for opers. */
1245. no_oper_flood = yes;
1246.  
1247. /*
1248. * max_targets: the maximum number of targets in a single
1249. * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited.
1250. */
1251. max_targets = 4;
1252.  
1253. /*
1254. * user modes configurable: a list of user modes for the options below
1255. *
1256. * +b - bots - See bot and drone flooding notices
1257. * +c - cconn - Client connection/quit notices
1258. * +D - deaf - Don't receive channel messages
1259. * +d - debug - See debugging notices
1260. * +e - external - See remote server connection and split notices
1261. * +F - farconnect - Remote client connection/quit notices
1262. * +f - full - See auth {} block full notices
1263. * +G - softcallerid - Server Side Ignore for users not on your channels
1264. * +g - callerid - Server Side Ignore (for privmsgs etc)
1265. * +H - hidden - Hides operator status to other users
1266. * +i - invisible - Not shown in NAMES or WHO unless you share a channel
1267. * +j - rej - See rejected client notices
1268. * +k - skill - See server generated KILL messages
1269. * +l - locops - See LOCOPS messages
1270. * +n - nchange - See client nick changes
1271. * +p - hidechans - Hides channel list in WHOIS
1272. * +q - hideidle - Hides idle and signon time in WHOIS
1273. * +R - nononreg - Only receive private messages from registered clients
1274. * +s - servnotice - See general server notices
1275. * +u - unauth - See unauthorized client notices
1276. * +w - wallop - See server generated WALLOPS
1277. * +y - spy - See LINKS, STATS, TRACE notices etc.
1278. */
1279.  
1280. /* oper_only_umodes: user modes only operators may set. */
1281. oper_only_umodes = bots, cconn, debug, external, farconnect, full, hidden, locops,
1282. nchange, rej, skill, spy, unauth;
1283.  
1284. /* oper_umodes: default user modes operators get when they /oper or /challenge. */
1285. oper_umodes = bots, locops, servnotice, wallop;
1286.  
1287. /*
1288. * throttle_count: the maximum number of connections from the same
1289. * IP address allowed in throttle_time duration.
1290. */
1291. throttle_count = 1;
1292.  
1293. /*
1294. * throttle_time: the minimum amount of time required between
1295. * connections from the same IP address. exempt {} blocks are
1296. * excluded from this throttling.
1297. * Offers protection against flooders who reconnect quickly.
1298. * Set to 0 to disable.
1299. */
1300. throttle_time = 2 seconds;
1301. };
1302.  
1303. modules {
1304. /*
1305. * path: other paths to search for modules specified below
1306. * and in "/module load".
1307. */
1308. path = "lib/ircd-hybrid/modules";
1309. # path = "lib/ircd-hybrid/modules/extra";
1310. path = "lib/ircd-hybrid/modules/autoload";
1311.  
1312. /* module: the name of a module to load on startup/rehash. */
1313. # module = "some_module.la";
1314. };
1315.  
1316. /*
1317. * log {}: contains information about logfiles.
1318. */
1319. log {
1320. /* Do you want to enable logging to ircd.log? */
1321. use_logging = yes;
1322.  
1323. file {
1324. type = oper;
1325. name = "var/log/oper.log";
1326. size = unlimited;
1327. };
1328.  
1329. file {
1330. type = user;
1331. name = "var/log/user.log";
1332. size = 50 megabytes;
1333. };
1334.  
1335. file {
1336. type = kill;
1337. name = "var/log/kill.log";
1338. size = 50 megabytes;
1339. };
1340.  
1341. file {
1342. type = kline;
1343. name = "var/log/kline.log";
1344. size = 50 megabytes;
1345. };
1346.  
1347. file {
1348. type = dline;
1349. name = "var/log/dline.log";
1350. size = 50 megabytes;
1351. };
1352.  
1353. file {
1354. type = xline;
1355. name = "var/log/xline.log";
1356. size = 50 megabytes;
1357. };
1358.  
1359. file {
1360. type = resv;
1361. name = "var/log/resv.log";
1362. size = 50 megabytes;
1363. };
1364.  
1365. file {
1366. type = debug;
1367. name = "var/log/debug.log";
1368. size = 50 megabytes;
1369. };
1370. };