# IRC - Internet Relay Chat, doc/example.conf# Copyright (C) 1992, Bill Wi

1. # IRC - Internet Relay Chat, doc/example.conf
2. # Copyright (C) 1992, Bill Wisner
3. #
4. # Modified by Rodder, Jon Lusky <lusky@blown.net>,
5. # at one time, but he didn't credit his changes.
6. # Updated Dec 19, 1997 Diane Bruce aka db/Dianora <db@db.net>
7. # please also read example.conf.trillian, it covers
8. # elements this example misses.
9. # -db
10. # Updated again July 17, 1998 -db
11. # Updated 990102 to take out P: line connection limiting code
12. # Updated again July 5, 1999 -db
13. # Updated for dancer 2000/08/04 -- asuffield
14. #
15. # This program is free software; you can redistribute it and/or modify
16. # it under the terms of the GNU General Public License as published by
17. # the Free Software Foundation; either version 1, or (at your option)
18. # any later version.
19. #
20. # This program is distributed in the hope that it will be useful,
21. # but WITHOUT ANY WARRANTY; without even the implied warranty of
22. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23. # GNU General Public License for more details.
24. #
25. # You should have received a copy of the GNU General Public License
26. # along with this program; if not, write to the Free Software
27. # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28. #
29. #
30. # IRC example configuration file
31. #
32. # This file describes the information that should be present in your IRC
33. # configuration and how to present it.
34. #
35. # M: set your server's name. Fields are, in order, host name (domain style),
36. # optional bind address, a text name, and unused.
37. #
38. # NOTE: The "optional bind address" is an address used in binding to a
39. # local address when we connect outbound. For example, if your server machine
40. # is myhost.example.com (192.168.1.5) and you want IRCD to connect to others
41. # from irc.example.com (192.168.1.250), you'd put 192.168.1.250 in the
42. # "optional bind address" field. If left blank, UNIX will choose the primary
43. # address of the interface closest to the destination.
44. #
45. # NOTE: As of hybrid-6, the port field no longer binds a port by default.
46. # It is an inoperative and obsolete field.
47. #
48. M:localhost.:127.0.0.1:Debian localhost:
49. #
50. # A: administrative information. This line should have three fields, which
51. # may contain any arbitrary text. It is printed by the /ADMIN command.
52. #
53. A:Example location:My address:Inept server admin <dancer@localhost>
54.  
55. #
56. # Y: define connection class. A class must be defined in a Y: line before
57. # it is used in a C, N, or I line. The fields are, in order, class number,
58. # ping frequency in seconds, connect frequency in seconds, maximum
59. # number of links (used for auto-connecting), and size of sendq.
60. # For servers a sendq of at least 4mb is recommended if not more.
61. #
62. # N.B. Y lines must be defined before I lines and O lines, since
63. # both I lines and O lines make reference to Y lines or classes.
64. #
65. # For clients, the connect frequency field is used to set the maximum
66. # number of connects from same IP address. i.e. setting this field to '1'
67. # will limit every I line using this Y, to one connection per IP address.
68. # leaving it blank or 0, will disable any such checking.
69. #
70. # Class numbers must be positive to ensure future modification of ircd to
71. # use -1 internally could not be complicated with it's use externally.
72. #
73. Y:1:90:0:20:100000
74. Y:2:90:300:10:4000000
75.  
76. #
77. # .include lines, insert a file from DPATH directory into the conf
78. # you could use this to insert a common file between several
79. # ircd's if you wished. include files are handled after all the
80. # other lines in the conf file are done. i.e. a .include is always
81. # as if it was at the end of the conf file.
82. #
83. # This brings in the external O:lines file, if there is one
84. .include "/etc/dancer-ircd/olines"
85.  
86. #
87. # I: authorize clients to connect to your server. You can use domains,
88. # IP addresses, and asterisk wildcards. The second field can contain a
89. # password that the client must use in order to be allowed to connect.
90. # The optional fifth field may contain a connection class number.
91. #
92. #I:NOMATCH::*.alaska.edu::1
93. #I:NOMATCH:password:acad3.alaska.edu::1
94. #
95. # If using IDENT, to activate it, you need to place a "user@" in the
96. # host segment.
97. #
98. #I:*@acad3.alask.edu::*@acad3.alaska.edu::1
99. #I:root@acad.alask.edu::root@acad.alaska.edu::1
100. #
101. # The above are bad examples of I-lines, what really happens is something
102. # like this:
103. #
104.  
105. I:NOMATCH::*@*::1
106.  
107. ## This is a correct example in hybrid-6, the username
108. ## is not used for an IP I line (this may be changed, its a simple change
109. ## but EFnet is currently deprecating the use of non resolving client hosts)
110. ## If the IP block has a resolving host name, it will be shown instead
111. ## of the IP address. This just serves to allow on an entire block of ip's
112. ## without needing to specify each individual hostname.
113. ## Note, you must use an 'x' in the name field
114.  
115. #I:128.250.0.0/16::x::1
116.  
117. #
118. # You can also limit the number of connections from one host
119. # to any value. This can be used to stop cloners
120. # This is done using the normally unused confreq line in the Y line.
121. #
122. # i.e.
123. # Allow 100 users in a "bad boy" class, but allow only ONE
124. # user per IP to connect at a time.
125. #
126. #Y:3:90:1:100:100000
127. #
128. # Remember to put your "bad boy" I line last in the file, so it
129. # seen first and matches first before your standard I lines
130. #
131. # With hybrid ircd, max connections is taken from the class
132. # not per I line. i.e. the 3 I lines following will always add
133. # up to 100 or less, not 100 per I line.
134. #
135. #I:NOMATCH::*@*ppp*::3
136. #I:NOMATCH::*@*slip*::3
137. #I:NOMATCH::*@*ts*::3
138. #
139. # a name pattern in the first field will never cause a match since it's only
140. # ever matched against an IP# in the form a.b.c.d and a number in the third
141. # field will never match since a hostname is always compared against this
142. # field. The '@' needs to be in the IP# section for ident to be used.
143.  
144. #
145. ## additional prefix characters in I lines are defined
146. ##
147. ## from comstud
148. ##
149. ## 1) There are noticable differences in I: lines now.
150. ## There are 4 special characters that you can stick in front
151. ## of a hostname or ip# that do special things.
152. ## These characers are:
153. ## - This will never put a ~ for a user not running identd
154. ## + This will force people matching this I: to require identd
155. ## ! This means to only allow 1 connection per ip# in this I:
156. ## $ (Not used in hybrid)
157. ##
158. ## Examples:
159. ##
160. ## a) I:x::!*@*ppp*::class will only allow X connections per ip# for people
161. ## who have *ppp* in their hostname where X is given in the Y: line.
162. ## If there is no ! and you have a limit in your Y: line, then it matches
163. ## full user@host instead of just host.
164.  
165. ## b) I:x::-*@*.cris.com::class will never show a ~, even though they may
166. ## not be running identd. (This is equivilent to the old way of not
167. ## specifying a @ in the I: line).
168.  
169. ## Additionally since ircd-hybrid-6
170. ## B/E/F lines were removed and replaced with 3 other special characters
171. ## in I lines
172. ##
173. ## ^ This will exempt a user from K/G lines, limited protection from D lines
174. ## & User can run bots (old B line)
175. ## > This user is exempt from I line/server side connection limits
176. ## (old F line)
177. ## _ This user is exempt from G lines
178. ##
179. ## A variant of amm's spoofing code was added
180. ## = Spoof this users IP, normally only used for opers
181. ##
182. ## < This user is exempt from idle restrictions if IDLE_CHECK is defined
183. ##
184.  
185. ## Examples
186. ## c) I:NOMATCH::^db@koruna.varner.com::3
187. ## This user is exempt from k/g lines
188. ## d) I:NOMATCH::&jerdfelt@*mindspring.net::3
189. ## This user can run a bot, and is also "e lined"
190. ## e) I:NOMATCH::>lusky@*vol.com::3
191. ## This user is immune from I line limits
192. ## f) I:NOMATCH::^&>mpearce@*varner.com::3
193. ## This user can run a bot, is exempt
194. ## from client connect limits.
195. ## g) I:smurfers.are.lame::=dgalas@*somewhere.com::3
196. ## Show this user as being dgalas@smurfers.are.lame
197. ## an IP can be used instead as long as the name field does not begin
198. ## with an 'x'
199. ## i.e.
200. ## I:192.168.0.0/24::x::3 #this is an IP I line
201. ## I:192.168.0.0::db@*somesite.com::3 #this is a spoofed IP
202. #
203. # O: authorize operators. Fields are, in order, host name the operator must
204. # be logged in from (wildcards allowed), operator's password, operator's
205. # nickname.
206. ##
207.  
208. ## O:lines are better described in the dancer-oper-guide than here
209. ## The new format for dancer has the 4th field (port) as the allowed umodes,
210. ## and the 6th field (after the connection class) as the default umodes to
211. ## be set on OPER.
212. # Examples:
213.  
214. O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:admin:abcdDfFgGhHkKlLmMnNpPrRsSUvVwWxXyYzZ0123459*:1:acdDfFgGhHkKlRsSUvVWXyYzZ0123459
215. O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:luser::1:
216.  
217. ## NOTE: These examples are from hybrid, and are not valid for dancer.
218. #
219. # The first example allows me to become an operator from any
220. # machine in alaska.edu by typing /oper crunchy frog.
221. #
222. #O:*.alaska.edu:frog:crunchy
223. #
224. ## This example allow this oper, to global kill, do remote squit/connect
225. ## unklines, glines, and use umode +n
226. ##
227. #O:db@*db.net:-encrypted password-:Dianora:ORUGN:3
228. #
229. ##
230. ## This example disables this opers use of global kill, unkline, and gline
231. ## The oper can still do remote squits/connects
232. ##
233. #O:newbie@*some.net:-encrypted password-:newbie:oug:3
234. ##
235. ## This example disables this opers use of global kill, unkline,
236. ## gline and gline and remote squits/connects
237. ## essentially the same permissions as a local oper, but with the "vanity"
238. ## They can still local kill and kline for example.
239. ##
240. #O:vanity@*some.net:-encrypted password-:vanity:oug:3
241. ##
242. ## you could make someone vantiy even more, by disabling their
243. ## kill/kline privs... note they can still do full traces
244. ## umode +c (watch connections) and do rehash
245. ## But otherwise, this set of flags is not practical for
246. ## a normal oper.
247. ##
248. #O:vanity@*some.net:-encrypted password-:vanity:nougk:3
249. #
250. ## a monitor bot could be given the following privs
251. ## k - no kline/kill
252. ## g - make sure no GLINE
253. ## o - no global kill (already taken care of by 'k' flag above)
254. ## r - no remote routing/squits
255. ## N - allow this monitor to use umode +n for nick changes
256. ##
257. ## Some admins do not like remote tcm kills/klines. If this
258. ## tcm oper gets compromised, the best they can do is
259. ## rehash/trace/umode +cn , i.e. no global kills or "fun" for the
260. ## compromised o line. But its still quite usuable for monitoring
261. ## clones and nick flooders.
262. ##
263. #
264. #o:tcm@*varner.com:-encrypted password-:tcm:kgorN:3
265. #
266. ## Of course, leaving out the flags entirely defaults to
267. ## reasonable defaults, so if you don't want to worry about it, then don't.
268. ## You can always add G later for example.
269. #
270. ## O : Global operator
271. ## No explicit G or G-line flag, no N or allow umode +n flag
272. ##
273. #O:db@ircd.dianora.com:-encrypted password-:Dianora::3
274. #
275. # o : local operator.
276. #o:trainee@shell.box.com:password:MyNick::3
277. #
278. ##
279. ## The fifth field of an O line, is the new class this oper will join
280. ##
281.  
282. # C:, N: set up connections to other servers.
283. #
284. # C: specifies a server that your server may connect to.
285. # N: allows a remote server to connect to your own.
286. #
287. # The two lines are usually given in pairs.
288. #
289. # These lines may contain a password in the second field. In fact, to
290. # maintain proper security, *all* IRC server links must have passwords.
291. #
292. # If a C: line contains four fields (the fourth being a TCP port number)
293. # IRC will actively try to connect to that server. You should have at least
294. # one such line.
295. #
296. # If an N: line contains four fields, the fourth should contain a number that
297. # specifies how many components of your own server's name to strip off the
298. # front and be replaced with a *. This is done to implement hostmasking.
299. # For example, to make hayes.ims.alaska.edu present itself to the world as
300. # *.alaska.edu, I would use a 2 (to strip off the first two parts). If you
301. # use this, be sure to tell the administrator of the servers you link to --
302. # they must add your hostmasked name to their configuration file or you will
303. # be unable to connect.
304. #
305. # The host part of C/N lines MUST contain a valid hostname or IP address
306. # The host part in the C:line MUST be identical to the host part in the N:line
307. # The name part of the C/N lines MUST match the associated H/L line name
308. #
309. # The fifth field may contain a connection class number.
310. #
311. # The following two lines tell my server to try connecting to
312. # byron.u.washington.edu.
313. #
314. C:127.0.0.1:passwordbg1977:localhost:6667:2
315. N:127.0.0.1:passwordbg1977:services.
316. #
317. # The following two lines allow a server to connect to my server, but my
318. # server will not make any attempt to connect to it. Note that since the
319. # server is local to me, I am not using hostmasking.
320. #
321. C:127.0.0.1:passwordbg1977:dancer-services::2
322. N:127.0.0.1:passwordbg1977:dancer-services::2
323. #
324. # C and N lines may also use the "user@" combination in the same way as
325. # the I-lines.
326. #
327. #C:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
328. #N:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
329.  
330. ## The password in the N:line is usually an MD5 hash, not cleartext
331. ## It must match the password in the C:line on the remote server.
332. ## For serious security, the two servers should have different passwords
333. ## in their C lines, with each other's hash in their N lines.
334.  
335. #
336. # K: kill a user automatically upon connecting. This is used to deny
337. # troublesome users access to your server. The fields are, in order,
338. # hostname (wildcards are allowed), time of day, and username.
339.  
340. ## Timed k-lines and R: lines are not recommended by the hybrid
341. ## team. They might not even work. Timed-klines made more sense
342. ## for university ircd's but nowadays with so many open irc servers
343. ## around, it just seems pointless.
344. ## -Dianora
345.  
346. # The second example restricts access from acad3.alaska.edu from
347. # 9:00am to noon, and 2:00pm to 5:00pm. This form is only supported if
348. # TIMED_KLINES is defined.
349. #
350. #K:*.alaska.edu::FSSPR
351. #K:acad3.alaska.edu:0900-1200,1400-1700:*
352.  
353. # Note: it is preferable to place and remove K:lines from a running
354. # ircd, with the KLINE and UNKLINE commands, which write to the kline.conf
355. # file directly, in order to handle timestampts and distribution
356. # across the network cleanly.
357.  
358. #
359. # R: restrict user access. This is an extended form of the K: line.
360. # It looks for a match then runs an outside program that will determine
361. # whether the person should be allowed on. The fields are hostname,
362. # program, and username. A full pathname to the program should be used.
363. # The output of the program should be a string of the form "Y <message>"
364. # to allow the user, or "N <message>" to block them. In the first case
365. # the message is ignored; in the latter, it is sent as an error message
366. # to the user. R: lines are only functional if activated in config.h.
367. #
368. #R:kaja.gi.alaska.edu:/usr/local/lib/irc/does-eric-get-in:ejo
369. #
370. ## NOTE: L:lines are not really appropriate for centrally maintained
371. ## networks. It is not recommended that you use them.
372. #
373. # L: leaf. This forces the server listed to act as a leaf. If such a
374. # server allows any other servers to connect to it, its link is
375. # dropped. If a port parameter is non-zero, it is used to control the
376. # maximum depth that link will allow, where depth is the tree depth of
377. # that branch.
378. #
379. #L:::kaja.gi.alaska.edu
380. #L:::cm5.eng.umd.edu:1
381. #
382. # A new extension to the L-line allows you to be selective
383. # about which other servers you wish the connecting server to behave as
384. # as a leaf towards. The following would not allow any server connecting
385. # with a name that matches *.fi to introduce a server matching *.edu.
386. #
387. #L:*.edu::*.fi
388. #
389. # H: Hub. This is required to allow other servers which connect to you as
390. # a hub and introduce other servers.
391. #
392. #H:*.au:*:*.au
393. H:*::*
394. #
395. # P : port. The port line allows the server to listen on various ports for
396. # connections. Fields in order: unused,
397. # address to bind to, unused, port to listen on
398. #
399. # NOTE: As of hybrid-6, you MUST have at least one P: line defining a port
400. # to listen on, or the server won't do much.
401. #
402. P::::6667
403. #P::209.42.128.252::31337
404. #
405. # Listen on port 6665 on all available interfaces. Only allow connections from
406. # net 128.32. This is checked before existance of other access is available.
407. # 128.32.* == 128.32.0.0 where 0 is a wildcard.
408. # Also listen to port 31337 on only 209.42.128.252. Allow connections from
409. # anywhere.
410. #
411. # D : dump. Dumps all connect attempts from the matched IP
412. # without any procesing.
413. #
414. # First arg is target IP and CIDR mask, second is a comment.
415. #
416. #D:208.148.84.3:bot host that changes domain names frequently
417. #D:128.183.0/24:NASA users aren't supposed to be on IRC
418. #
419. # d : immunity to D dump
420. # As in D line , First arg is targe IP and CIDR mask, second is a comment.
421. #
422. #d:199.0.154.0/24:Don't D line ais.net:
423.  
424. #
425. #
426. # Q lines, not the old server Q lines, but Quarantine lines for
427. # nicks. Only checked at NICK time, i.e. if added and hashed in
428. # will not kill users who match this nick.
429. #
430. #Q:dcc-*:dcc bots not allowed on this server
431. #Q:lamestbot:You have to be kidding me
432. #Q:crush:In memory of Janet Pippin
433. #Q:cwush:In memory of Janet Pippin
434. #Q:callas:Only allowed from this host:callas@oper.irc.arpa.com
435.  
436. #
437. # if JUPE_CHANNEL is defined you can also jupe a channel locally
438. #
439. ## NOTE: JUPE_CHANNEL is not defined by default. This may change later
440. ## when it can be arranged for a jupe to propagate across all servers
441. ## more effectively.
442. #
443. # i.e. no one on your server can join this channel.
444. # You need the backslash to escape the # in the channel
445. #
446. #Q:\#packet:I am tired of the packet fights for this channel
447. #
448. # X lines.
449. # Used to match gecos fields and prohibit users or warn about users
450. # who have matching strings in those fields from getting on the server.
451. #
452. # All X line matches are sent to opers in +r user mode
453. # On an X line, a non 0 value for port exits that client
454. # a 0 value, only warns on +r
455. #
456. # These three examples only warn
457. #X:*www*:Possible spambot warning 1::0
458. #X:*http*:Possible spambot warning 2::0
459. #X:*sex*:Possible spambot warning 3::0
460. #
461. # These two examples reject the client
462. # use this to reject IPHONE users
463. #X:* vc:IPHONE user::1
464. # This is a very probable spambot
465. #X:*see me at*:This has GOT to be a spambot::1
466. #X:*hi baby*:This has GOT to be a spambot::1