Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # IRC - Internet Relay Chat, doc/example.conf
- # Copyright (C) 1992, Bill Wisner
- #
- # Modified by Rodder, Jon Lusky <lusky@blown.net>,
- # at one time, but he didn't credit his changes.
- # Updated Dec 19, 1997 Diane Bruce aka db/Dianora <db@db.net>
- # please also read example.conf.trillian, it covers
- # elements this example misses.
- # -db
- # Updated again July 17, 1998 -db
- # Updated 990102 to take out P: line connection limiting code
- # Updated again July 5, 1999 -db
- # Updated for dancer 2000/08/04 -- asuffield
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation; either version 1, or (at your option)
- # any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- #
- #
- # IRC example configuration file
- #
- # This file describes the information that should be present in your IRC
- # configuration and how to present it.
- #
- # M: set your server's name. Fields are, in order, host name (domain style),
- # optional bind address, a text name, and unused.
- #
- # NOTE: The "optional bind address" is an address used in binding to a
- # local address when we connect outbound. For example, if your server machine
- # is myhost.example.com (192.168.1.5) and you want IRCD to connect to others
- # from irc.example.com (192.168.1.250), you'd put 192.168.1.250 in the
- # "optional bind address" field. If left blank, UNIX will choose the primary
- # address of the interface closest to the destination.
- #
- # NOTE: As of hybrid-6, the port field no longer binds a port by default.
- # It is an inoperative and obsolete field.
- #
- M:localhost.:127.0.0.1:Debian localhost:
- #
- # A: administrative information. This line should have three fields, which
- # may contain any arbitrary text. It is printed by the /ADMIN command.
- #
- A:Example location:My address:Inept server admin <dancer@localhost>
- #
- # Y: define connection class. A class must be defined in a Y: line before
- # it is used in a C, N, or I line. The fields are, in order, class number,
- # ping frequency in seconds, connect frequency in seconds, maximum
- # number of links (used for auto-connecting), and size of sendq.
- # For servers a sendq of at least 4mb is recommended if not more.
- #
- # N.B. Y lines must be defined before I lines and O lines, since
- # both I lines and O lines make reference to Y lines or classes.
- #
- # For clients, the connect frequency field is used to set the maximum
- # number of connects from same IP address. i.e. setting this field to '1'
- # will limit every I line using this Y, to one connection per IP address.
- # leaving it blank or 0, will disable any such checking.
- #
- # Class numbers must be positive to ensure future modification of ircd to
- # use -1 internally could not be complicated with it's use externally.
- #
- Y:1:90:0:20:100000
- Y:2:90:300:10:4000000
- #
- # .include lines, insert a file from DPATH directory into the conf
- # you could use this to insert a common file between several
- # ircd's if you wished. include files are handled after all the
- # other lines in the conf file are done. i.e. a .include is always
- # as if it was at the end of the conf file.
- #
- # This brings in the external O:lines file, if there is one
- .include "/etc/dancer-ircd/olines"
- #
- # I: authorize clients to connect to your server. You can use domains,
- # IP addresses, and asterisk wildcards. The second field can contain a
- # password that the client must use in order to be allowed to connect.
- # The optional fifth field may contain a connection class number.
- #
- #I:NOMATCH::*.alaska.edu::1
- #I:NOMATCH:password:acad3.alaska.edu::1
- #
- # If using IDENT, to activate it, you need to place a "user@" in the
- # host segment.
- #
- #I:*@acad3.alask.edu::*@acad3.alaska.edu::1
- #I:root@acad.alask.edu::root@acad.alaska.edu::1
- #
- # The above are bad examples of I-lines, what really happens is something
- # like this:
- #
- I:NOMATCH::*@*::1
- ## This is a correct example in hybrid-6, the username
- ## is not used for an IP I line (this may be changed, its a simple change
- ## but EFnet is currently deprecating the use of non resolving client hosts)
- ## If the IP block has a resolving host name, it will be shown instead
- ## of the IP address. This just serves to allow on an entire block of ip's
- ## without needing to specify each individual hostname.
- ## Note, you must use an 'x' in the name field
- #I:128.250.0.0/16::x::1
- #
- # You can also limit the number of connections from one host
- # to any value. This can be used to stop cloners
- # This is done using the normally unused confreq line in the Y line.
- #
- # i.e.
- # Allow 100 users in a "bad boy" class, but allow only ONE
- # user per IP to connect at a time.
- #
- #Y:3:90:1:100:100000
- #
- # Remember to put your "bad boy" I line last in the file, so it
- # seen first and matches first before your standard I lines
- #
- # With hybrid ircd, max connections is taken from the class
- # not per I line. i.e. the 3 I lines following will always add
- # up to 100 or less, not 100 per I line.
- #
- #I:NOMATCH::*@*ppp*::3
- #I:NOMATCH::*@*slip*::3
- #I:NOMATCH::*@*ts*::3
- #
- # a name pattern in the first field will never cause a match since it's only
- # ever matched against an IP# in the form a.b.c.d and a number in the third
- # field will never match since a hostname is always compared against this
- # field. The '@' needs to be in the IP# section for ident to be used.
- #
- ## additional prefix characters in I lines are defined
- ##
- ## from comstud
- ##
- ## 1) There are noticable differences in I: lines now.
- ## There are 4 special characters that you can stick in front
- ## of a hostname or ip# that do special things.
- ## These characers are:
- ## - This will never put a ~ for a user not running identd
- ## + This will force people matching this I: to require identd
- ## ! This means to only allow 1 connection per ip# in this I:
- ## $ (Not used in hybrid)
- ##
- ## Examples:
- ##
- ## a) I:x::!*@*ppp*::class will only allow X connections per ip# for people
- ## who have *ppp* in their hostname where X is given in the Y: line.
- ## If there is no ! and you have a limit in your Y: line, then it matches
- ## full user@host instead of just host.
- ## b) I:x::-*@*.cris.com::class will never show a ~, even though they may
- ## not be running identd. (This is equivilent to the old way of not
- ## specifying a @ in the I: line).
- ## Additionally since ircd-hybrid-6
- ## B/E/F lines were removed and replaced with 3 other special characters
- ## in I lines
- ##
- ## ^ This will exempt a user from K/G lines, limited protection from D lines
- ## & User can run bots (old B line)
- ## > This user is exempt from I line/server side connection limits
- ## (old F line)
- ## _ This user is exempt from G lines
- ##
- ## A variant of amm's spoofing code was added
- ## = Spoof this users IP, normally only used for opers
- ##
- ## < This user is exempt from idle restrictions if IDLE_CHECK is defined
- ##
- ## Examples
- ## c) I:NOMATCH::^db@koruna.varner.com::3
- ## This user is exempt from k/g lines
- ## d) I:NOMATCH::&jerdfelt@*mindspring.net::3
- ## This user can run a bot, and is also "e lined"
- ## e) I:NOMATCH::>lusky@*vol.com::3
- ## This user is immune from I line limits
- ## f) I:NOMATCH::^&>mpearce@*varner.com::3
- ## This user can run a bot, is exempt
- ## from client connect limits.
- ## g) I:smurfers.are.lame::=dgalas@*somewhere.com::3
- ## Show this user as being dgalas@smurfers.are.lame
- ## an IP can be used instead as long as the name field does not begin
- ## with an 'x'
- ## i.e.
- ## I:192.168.0.0/24::x::3 #this is an IP I line
- ## I:192.168.0.0::db@*somesite.com::3 #this is a spoofed IP
- #
- # O: authorize operators. Fields are, in order, host name the operator must
- # be logged in from (wildcards allowed), operator's password, operator's
- # nickname.
- ##
- ## O:lines are better described in the dancer-oper-guide than here
- ## The new format for dancer has the 4th field (port) as the allowed umodes,
- ## and the 6th field (after the connection class) as the default umodes to
- ## be set on OPER.
- # Examples:
- O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:admin:abcdDfFgGhHkKlLmMnNpPrRsSUvVwWxXyYzZ0123459*:1:acdDfFgGhHkKlRsSUvVWXyYzZ0123459
- O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:luser::1:
- ## NOTE: These examples are from hybrid, and are not valid for dancer.
- #
- # The first example allows me to become an operator from any
- # machine in alaska.edu by typing /oper crunchy frog.
- #
- #O:*.alaska.edu:frog:crunchy
- #
- ## This example allow this oper, to global kill, do remote squit/connect
- ## unklines, glines, and use umode +n
- ##
- #O:db@*db.net:-encrypted password-:Dianora:ORUGN:3
- #
- ##
- ## This example disables this opers use of global kill, unkline, and gline
- ## The oper can still do remote squits/connects
- ##
- #O:newbie@*some.net:-encrypted password-:newbie:oug:3
- ##
- ## This example disables this opers use of global kill, unkline,
- ## gline and gline and remote squits/connects
- ## essentially the same permissions as a local oper, but with the "vanity"
- ## They can still local kill and kline for example.
- ##
- #O:vanity@*some.net:-encrypted password-:vanity:oug:3
- ##
- ## you could make someone vantiy even more, by disabling their
- ## kill/kline privs... note they can still do full traces
- ## umode +c (watch connections) and do rehash
- ## But otherwise, this set of flags is not practical for
- ## a normal oper.
- ##
- #O:vanity@*some.net:-encrypted password-:vanity:nougk:3
- #
- ## a monitor bot could be given the following privs
- ## k - no kline/kill
- ## g - make sure no GLINE
- ## o - no global kill (already taken care of by 'k' flag above)
- ## r - no remote routing/squits
- ## N - allow this monitor to use umode +n for nick changes
- ##
- ## Some admins do not like remote tcm kills/klines. If this
- ## tcm oper gets compromised, the best they can do is
- ## rehash/trace/umode +cn , i.e. no global kills or "fun" for the
- ## compromised o line. But its still quite usuable for monitoring
- ## clones and nick flooders.
- ##
- #
- #o:tcm@*varner.com:-encrypted password-:tcm:kgorN:3
- #
- ## Of course, leaving out the flags entirely defaults to
- ## reasonable defaults, so if you don't want to worry about it, then don't.
- ## You can always add G later for example.
- #
- ## O : Global operator
- ## No explicit G or G-line flag, no N or allow umode +n flag
- ##
- #O:db@ircd.dianora.com:-encrypted password-:Dianora::3
- #
- # o : local operator.
- #o:trainee@shell.box.com:password:MyNick::3
- #
- ##
- ## The fifth field of an O line, is the new class this oper will join
- ##
- # C:, N: set up connections to other servers.
- #
- # C: specifies a server that your server may connect to.
- # N: allows a remote server to connect to your own.
- #
- # The two lines are usually given in pairs.
- #
- # These lines may contain a password in the second field. In fact, to
- # maintain proper security, *all* IRC server links must have passwords.
- #
- # If a C: line contains four fields (the fourth being a TCP port number)
- # IRC will actively try to connect to that server. You should have at least
- # one such line.
- #
- # If an N: line contains four fields, the fourth should contain a number that
- # specifies how many components of your own server's name to strip off the
- # front and be replaced with a *. This is done to implement hostmasking.
- # For example, to make hayes.ims.alaska.edu present itself to the world as
- # *.alaska.edu, I would use a 2 (to strip off the first two parts). If you
- # use this, be sure to tell the administrator of the servers you link to --
- # they must add your hostmasked name to their configuration file or you will
- # be unable to connect.
- #
- # The host part of C/N lines MUST contain a valid hostname or IP address
- # The host part in the C:line MUST be identical to the host part in the N:line
- # The name part of the C/N lines MUST match the associated H/L line name
- #
- # The fifth field may contain a connection class number.
- #
- # The following two lines tell my server to try connecting to
- # byron.u.washington.edu.
- #
- C:127.0.0.1:passwordbg1977:localhost:6667:2
- N:127.0.0.1:passwordbg1977:services.
- #
- # The following two lines allow a server to connect to my server, but my
- # server will not make any attempt to connect to it. Note that since the
- # server is local to me, I am not using hostmasking.
- #
- C:127.0.0.1:passwordbg1977:dancer-services::2
- N:127.0.0.1:passwordbg1977:dancer-services::2
- #
- # C and N lines may also use the "user@" combination in the same way as
- # the I-lines.
- #
- #C:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
- #N:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
- ## The password in the N:line is usually an MD5 hash, not cleartext
- ## It must match the password in the C:line on the remote server.
- ## For serious security, the two servers should have different passwords
- ## in their C lines, with each other's hash in their N lines.
- #
- # K: kill a user automatically upon connecting. This is used to deny
- # troublesome users access to your server. The fields are, in order,
- # hostname (wildcards are allowed), time of day, and username.
- ## Timed k-lines and R: lines are not recommended by the hybrid
- ## team. They might not even work. Timed-klines made more sense
- ## for university ircd's but nowadays with so many open irc servers
- ## around, it just seems pointless.
- ## -Dianora
- # The second example restricts access from acad3.alaska.edu from
- # 9:00am to noon, and 2:00pm to 5:00pm. This form is only supported if
- # TIMED_KLINES is defined.
- #
- #K:*.alaska.edu::FSSPR
- #K:acad3.alaska.edu:0900-1200,1400-1700:*
- # Note: it is preferable to place and remove K:lines from a running
- # ircd, with the KLINE and UNKLINE commands, which write to the kline.conf
- # file directly, in order to handle timestampts and distribution
- # across the network cleanly.
- #
- # R: restrict user access. This is an extended form of the K: line.
- # It looks for a match then runs an outside program that will determine
- # whether the person should be allowed on. The fields are hostname,
- # program, and username. A full pathname to the program should be used.
- # The output of the program should be a string of the form "Y <message>"
- # to allow the user, or "N <message>" to block them. In the first case
- # the message is ignored; in the latter, it is sent as an error message
- # to the user. R: lines are only functional if activated in config.h.
- #
- #R:kaja.gi.alaska.edu:/usr/local/lib/irc/does-eric-get-in:ejo
- #
- ## NOTE: L:lines are not really appropriate for centrally maintained
- ## networks. It is not recommended that you use them.
- #
- # L: leaf. This forces the server listed to act as a leaf. If such a
- # server allows any other servers to connect to it, its link is
- # dropped. If a port parameter is non-zero, it is used to control the
- # maximum depth that link will allow, where depth is the tree depth of
- # that branch.
- #
- #L:::kaja.gi.alaska.edu
- #L:::cm5.eng.umd.edu:1
- #
- # A new extension to the L-line allows you to be selective
- # about which other servers you wish the connecting server to behave as
- # as a leaf towards. The following would not allow any server connecting
- # with a name that matches *.fi to introduce a server matching *.edu.
- #
- #L:*.edu::*.fi
- #
- # H: Hub. This is required to allow other servers which connect to you as
- # a hub and introduce other servers.
- #
- #H:*.au:*:*.au
- H:*::*
- #
- # P : port. The port line allows the server to listen on various ports for
- # connections. Fields in order: unused,
- # address to bind to, unused, port to listen on
- #
- # NOTE: As of hybrid-6, you MUST have at least one P: line defining a port
- # to listen on, or the server won't do much.
- #
- P::::6667
- #P::209.42.128.252::31337
- #
- # Listen on port 6665 on all available interfaces. Only allow connections from
- # net 128.32. This is checked before existance of other access is available.
- # 128.32.* == 128.32.0.0 where 0 is a wildcard.
- # Also listen to port 31337 on only 209.42.128.252. Allow connections from
- # anywhere.
- #
- # D : dump. Dumps all connect attempts from the matched IP
- # without any procesing.
- #
- # First arg is target IP and CIDR mask, second is a comment.
- #
- #D:208.148.84.3:bot host that changes domain names frequently
- #D:128.183.0/24:NASA users aren't supposed to be on IRC
- #
- # d : immunity to D dump
- # As in D line , First arg is targe IP and CIDR mask, second is a comment.
- #
- #d:199.0.154.0/24:Don't D line ais.net:
- #
- #
- # Q lines, not the old server Q lines, but Quarantine lines for
- # nicks. Only checked at NICK time, i.e. if added and hashed in
- # will not kill users who match this nick.
- #
- #Q:dcc-*:dcc bots not allowed on this server
- #Q:lamestbot:You have to be kidding me
- #Q:crush:In memory of Janet Pippin
- #Q:cwush:In memory of Janet Pippin
- #Q:callas:Only allowed from this host:callas@oper.irc.arpa.com
- #
- # if JUPE_CHANNEL is defined you can also jupe a channel locally
- #
- ## NOTE: JUPE_CHANNEL is not defined by default. This may change later
- ## when it can be arranged for a jupe to propagate across all servers
- ## more effectively.
- #
- # i.e. no one on your server can join this channel.
- # You need the backslash to escape the # in the channel
- #
- #Q:\#packet:I am tired of the packet fights for this channel
- #
- # X lines.
- # Used to match gecos fields and prohibit users or warn about users
- # who have matching strings in those fields from getting on the server.
- #
- # All X line matches are sent to opers in +r user mode
- # On an X line, a non 0 value for port exits that client
- # a 0 value, only warns on +r
- #
- # These three examples only warn
- #X:*www*:Possible spambot warning 1::0
- #X:*http*:Possible spambot warning 2::0
- #X:*sex*:Possible spambot warning 3::0
- #
- # These two examples reject the client
- # use this to reject IPHONE users
- #X:* vc:IPHONE user::1
- # This is a very probable spambot
- #X:*see me at*:This has GOT to be a spambot::1
- #X:*hi baby*:This has GOT to be a spambot::1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement