#------------------------------------------------------------------------- # Configuracao em portugues # # @FILESOURCE ircd.conf # @AUTHOR BLX32 # @DATE Seg 27 Out, 21:41 - 2015 # @VERSION 1.0.0 for irc-hybrid # Copyright (c) 2000-2015 ircd-hybrid development team # reference.conf 6524 2015-09-09 16:35:53Z # ######################################################################## # IMPORTANT NOTE: # # auth {} blocks MUST be specified in order of precedence. The first one # that matches a user will be used. So place spoofs first, then specials, # then general access. # # Para melhor configurar edite as linhas. # LINHAS, 48, 66, 72, 73, 85, 202, 442, 449, 455, 578, 592, 593. ######################################################################## # # Shell style (#), C++ style (//) and C style comments are supported. # # Files may be included by either: # .include "filename" # .include # # Times/durations are written as: # 12 hours 30 minutes 1 second # # Valid units of time: # year, month, week, day, hour, minute, second # # Valid units of size: # megabyte/mbyte/mb, kilobyte/kbyte/kb, byte # # Sizes and times may be singular or plural. # #------------------------------------------------------------------------- /* * serverinfo {}: contains information about the server */ serverinfo { /* * name: the name of this server. This cannot be changed at runtime. */ name = "{SEUDOMINIO}"; /* * sid: a server's unique ID. This is three characters long and must * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be * a digit, followed by 2 alpha-numerical letters. * * NOTE: The letters must be capitalized. This cannot be changed at runtime. * * A sid is automatically generated at runtime, if you want to configure * a specific sid, uncomment the following line. */ # sid = "0HY"; /* * description: the description of the server. */ description = "{SEUDESCRICAO}"; /* * network_name, network_desc: the name and description of the network this * server is on. Shown in the 005 reply and used with serverhiding. */ network_name = "{SEU NOME DA REDE}"; network_desc = "{SEU DESCRICAO DA REDE}"; /* * hub: allow this server to act as a hub and have multiple servers * connected to it. */ hub = no; /* * vhost: the IP address to bind to when we connect outward to IPv4 servers. * This should be an IPv4 address, or "*" for INADDR_ANY. */ vhost = "{SEU IP}"; /* * vhost6: the IP address to bind to when we connect outward to IPv6 servers. * This should be an IPv6 address, or "*" for in6addr_any. */ #vhost6 = "2001:DB8::1"; /* * default_max_clients: the default maximum number of clients allowed * to connect. This can be changed from within IRC via /QUOTE SET MAX. */ default_max_clients = 512; #Maximo de clientes permitidos /* * max_nick_length: only applies to local clients. Must be in the * range of 9 to 30. Default is 9 if nothing else is specified. */ max_nick_length = 9; /* * max_topic_length: only applies to topics set by local clients. * Must be in the range of 80 to 300. Default is 80 if nothing * else is specified. */ max_topic_length = 160; /* * rsa_private_key_file: the path to the file containing the * RSA key. * * Example commands to store a 2048 bit RSA key in rsa.key: * * openssl genrsa -out rsa.key 2048 * chown . rsa.key * chmod 0600 rsa.key */ #rsa_private_key_file = "etc/rsa.key"; /* * ssl_certificate_file: the path to the file containing our * SSL certificate for encrypted client connection. * * This assumes your private RSA key is stored in rsa.key. You * MUST have an RSA key in order to generate the certificate. * * Example command: * * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem * * Please use the following values when generating the cert * * Organization Name: Network Name * Organization Unit Name: unit.example.net * Common Name: irc.example.net * E-mail: email@example.net */ #ssl_certificate_file = "etc/cert.pem"; /* * ssl_dh_param_file: path to the PEM encoded Diffie-Hellman * parameter file. DH parameters are required when using * ciphers with EDH (ephemeral Diffie-Hellman) key exchange. * * A DH parameter file can be created by running: * * openssl dhparam -out dhparam.pem 2048 * * Prime size must be at least 1024 bits. Further information * regarding specific OpenSSL dhparam command-line options * can be found in the OpenSSL manual. */ #ssl_dh_param_file = "etc/dhparam.pem"; /* * ssl_dh_elliptic_curve: defines the curve to use for the * Elliptic Curve Diffie-Hellman (ECDH) algorithm. * Default is ANSI X9.62 prime256v1/secp256r1 if nothing else is specified. * * A list of supported curves by OpenSSL can be obtained by running: * * openssl ecparam -list_curves */ # ssl_dh_elliptic_curve = "secp521r1"; /* * ssl_cipher_list: list of ciphers to support on _this_ server. * Can be used to enforce specific ciphers for incoming SSL/TLS * connections. If a client (which also includes incoming server connections) * is not capable of using any of the ciphers listed here, the connection will * simply be rejected. * * A list of supported ciphers by OpenSSL can be obtained by running: * * openssl ciphers -tls1 -v * * Multiple ciphers are separated by colons. The order of preference is * from left to right. */ # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; /* * ssl_message_digest_algorithm: defines what cryptographic hash function * to use for generating fingerprint hashes of X.509 certificates. * Default is SHA-256 if nothing else is specified. * * A list of supported message digest algorithms by OpenSSL can be obtained by running: * * openssl list-message-digest-algorithms */ # ssl_message_digest_algorithm = "sha256"; }; /* * admin {}: contains administrative information about the server */ admin { name = "{SEU NOME DE ADMIN}"; description = "Main Server Administrator"; email = ""; }; /* * class {}: contains information about classes for users */ class { /* name: the name of the class. */ name = "users"; /* * ping_time: how often a client must reply to a PING from the * server before they are dropped. */ ping_time = 90 seconds; /* * number_per_ip: how many local users are allowed to connect * from a single IP address (optional) */ number_per_ip = 2; /* * max_local: how many local users are allowed to connect * from a single ident@host (optional) */ max_local = 2; /* * max_global: network-wide limit of users per ident@host (optional) */ max_global = 10; /* * max_number: the maximum number of users allowed in this class (optional) */ max_number = 100; /* * The following lines are optional and allow you to define * how many users can connect from one /NN subnet. */ cidr_bitlen_ipv4 = 24; cidr_bitlen_ipv6 = 120; number_per_cidr = 16; /* * sendq: the amount of data allowed in a client's send queue before * they are dropped. */ sendq = 100 kbytes; /* * recvq: the amount of data allowed in a client's receive queue before * they are dropped for flooding. Defaults to 2560 if the chosen value * isn't within the range of 512 to 8000. */ recvq = 2560 bytes; }; class { name = "opers"; ping_time = 90 seconds; number_per_ip = 10; max_number = 100; sendq = 100 kbytes; /* * max_channels: maximum number of channels users in this class can join. */ max_channels = 60; /* * min_idle: minimum idle time that is shown in /whois. */ min_idle = 3 hours; /* * max_idle: maximum idle time that is shown in /whois. */ max_idle = 8 hours; /* * flags: * * random_idle - a fake idle time is set randomly between * min_idle and max_idle * hide_idle_from_opers - the fake idle time will also be shown to operators */ flags = random_idle, hide_idle_from_opers; }; class { name = "server"; ping_time = 90 seconds; /* * connectfreq: only used in server classes. Specifies the delay * between autoconnecting to servers. */ connectfreq = 5 minutes; /* max number: the number of servers to autoconnect to. */ max_number = 1; /* sendq: servers need a higher sendq as they send more data. */ sendq = 2 megabytes; }; /* * motd {}: Allows the display of a different MOTD to a client * depending on its origin. Applies to local users only. */ motd { /* * mask: multiple mask entries are permitted. Mask can either be * a class name or a hostname. CIDR is supported. */ mask = "*.at"; mask = "*.de"; mask = "*.ch"; /* * file: path to the actual motd file. */ file = "etc/german.motd"; }; /* * listen {}: contains information about the ports ircd listens on */ listen { /* * port: the port to listen on. If no host is specified earlier in the * listen {} block, it will listen on all available IP addresses. * * Ports are separated by commas; a range may be specified using ".." */ /* port: listen on all available IP addresses, ports 6665 to 6669. */ port = 6665 .. 6669; /* * Listen on 192.0.2.1/6697 with SSL enabled and hidden from STATS P * unless you are an administrator. * * NOTE: The "flags" directive always has to come before "port". * * Currently available flags are: * * ssl - Port may only accept TLS/SSL connections * server - Only server connections are permitted * hidden - Port is hidden from /stats P, unless you're an admin */ flags = hidden, ssl; host = "127.0.0.1"; port = 6667; /* * host: set a specific IP address to listen on using the * subsequent port definitions. This may be IPv4 or IPv6. */ host = "45.58.42.103"; port = 6667; }; /* * auth {}: allow users to connect to the ircd */ auth { /* * user: the user@host allowed to connect. Multiple user * lines are permitted within each auth {} block. */ #user = "*@*.*.*.*"; /* password: an optional password that is required to use this block. */ password = "letmein"; /* * encrypted: controls whether the auth password above has been * encrypted. Default is 'no' if nothing else is specified. */ encrypted = yes; /* * spoof: fake the user's host to this. This is free-form, just do * everyone a favor and don't abuse it. ('=' prefix on /stats I) */ spoof = "I.still.hate.packets"; /* class: the class the user is placed in. */ class = "opers"; /* * need_password - don't allow users who haven't supplied the correct | ('&' prefix on /stats I if disabled) * password to connect using another auth {} block * need_ident - require the user to have identd to connect | ('+' prefix on /stats I) * spoof_notice - enable spoofing notification to admins * exceed_limit - allow a user to exceed class limits | ('>' prefix on /stats I) * kline_exempt - exempt this user from k-lines | ('^' prefix on /stats I) * xline_exempt - exempt this user from x-lines | ('!' prefix on /stats I) * resv_exempt - exempt this user from resvs | ('$' prefix on /stats I) * no_tilde - remove ~ from a user with no ident | ('-' prefix on /stats I) * can_flood - allow this user to exceed flood limits | ('|' prefix on /stats I) * webirc - enables WEBIRC authentication for web-based | ('<' prefix on /stats I) * clients such as Mibbit */ flags = need_password, spoof_notice, exceed_limit, kline_exempt, xline_exempt, resv_exempt, no_tilde, can_flood; }; auth { /* * redirserv, redirport: the server and port to redirect a user to. * A user does not have to obey the redirection; the ircd just * suggests an alternative server for them. */ redirserv = "server2.example.net"; redirport = 6667; user = "*@*.ch"; /* class: a class is required even though it is not used. */ class = "users"; }; auth { user = "*@*"; class = "users"; #flags = need_ident; }; /* * operator {}: defines ircd operators */ operator { /* name: the name of the operator */ name = "{SEU USUARIO OPER}"; /* * user: the user@host required for this operator. Multiple user * lines are permitted within each operator {} block. */ user = "*@10.10.10.10"; # Aqui é o ip do servidor user = "*@*.*.*.*"; /* * password: É necessario utiliazar o password no programa para cifrar sua senha. */ password = "{SEU PASS}"; /* * encrypted: controls whether the oper password above has been * encrypted. Default is 'yes' if nothing else is specified. */ encrypted = yes; /* * whois: allows to override the default RPL_WHOISOPERATOR numeric * string shown in /whois. * This string is propagated to all servers on the network. */ # whois = "is a Smurf Target (IRC Operator)"; /* * rsa_public_key_file: the public key for this oper when using /challenge. * A password should not be defined when this is used; see * doc/challenge.txt for more information. */ # rsa_public_key_file = "etc/oper.pub"; /* * ssl_certificate_fingerprint: enhances security by additionally checking * the oper's client certificate fingerprint against the specified * fingerprint below. * * Hint: your users can use the following command to obtain a SHA-256 hash * of their ssl certificate: * * openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g' */ # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; /* * ssl_connection_required: client must be connected over SSL/TLS * in order to be able to use this operator {} block. * Default is 'no' if nothing else is specified. */ ssl_connection_required = no; /* class: the class the oper joins when they successfully /oper or /challenge. */ class = "opers"; /* * umodes: the default user modes opers get when they /oper or /challenge. * If defined, it will override oper_umodes settings in general {}. * Available user modes: * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +D - deaf - Don't receive channel messages * +d - debug - See debugging notices * +e - external - See remote server connection and split notices * +F - farconnect - Remote client connection/quit notices * +f - full - See auth {} block full notices * +G - softcallerid - Server Side Ignore for users not on your channels * +g - callerid - Server Side Ignore (for privmsgs etc) * +H - hidden - Hides operator status to other users * +i - invisible - Not shown in NAMES or WHO unless you share a channel * +j - rej - See rejected client notices * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +p - hidechans - Hides channel list in WHOIS * +q - hideidle - Hides idle and signon time in WHOIS * +R - nononreg - Only receive private messages from registered clients * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +y - spy - See LINKS, STATS, TRACE notices etc. */ umodes = locops, servnotice, wallop, invisible; /* * flags: controls the activities and commands an oper is * allowed to do on the server. All flags default to 'no'. * Available flags: * * admin - gives administrator privileges | ('A' flag) * close - allows CLOSE * connect - allows local CONNECT | ('P' flag) * connect:remote - allows remote CONNECT | ('Q' flag) * die - allows DIE | ('D' flag) * dline - allows DLINE | * globops - allows GLOBOPS | * join:resv - allows to JOIN resv {} channels * kill - allows to KILL local clients | ('N' flag) * kill:remote - allows remote users to be /KILL'd | ('O' flag) * kline - allows KLINE | ('K' flag) * locops - allows LOCOPS | * module - allows MODULE | * nick:resv - allows to use NICK on resv {} nicks * opme - allows OPME | * rehash - allows oper to REHASH config | ('H' flag) * remoteban - allows remote KLINE/UNKLINE | ('B' flag) * restart - allows RESTART | * resv - allows RESV * set - allows SET | * squit - allows local SQUIT | ('R' flag) * squit:remote - allows remote SQUIT | ('S' flag) * undline - allows UNDLINE | * unkline - allows UNKLINE | ('U' flag) * unresv - allows UNRESV * unxline - allows UNXLINE | * wallops - allows WALLOPS | * xline - allows XLINE | ('X' flag) */ flags = admin, connect, connect:remote, die, globops, kill, kill:remote, kline, module, rehash, restart, set, unkline, unxline, xline; }; /* * connect {}: define a server to connect to */ connect { /* name: Precisa ser um dominio diferente. */ name = "services.{SEUDOMINIO}"; /* * host: the host or IP address to connect to. If a hostname is used it * must match the reverse DNS of the server. */ host = "10.10.10.10"; #Seu IP do servidor /* * vhost: the IP address to bind to when making outgoing connections to * servers. * serverinfo::vhost and serverinfo::vhost6 will be overridden * by this directive. */ #vhost = "10.10.10.10"; /* * senha utilizada para conectar a seus serviços. */ send_password = "hackme"; accept_password = "hackme"; /* * encrypted: controls whether the accept_password above has been * encrypted. */ encrypted = no; /* port: the port to connect to this server on. */ port = 6667; /* * hub_mask: the mask of servers that this server may hub. Multiple * entries are permitted. */ hub_mask = "*"; /* * leaf_mask: the mask of servers this server may not hub. Multiple * entries are permitted. Useful for forbidding EU -> US -> EU routes. */ # leaf_mask = "*.uk"; /* class: the class this server is in. */ class = "server"; /* * ssl_cipher_list: list of ciphers that the server we are connecting to * must support. If the server is not capable of using any of the ciphers * listed below, the connection will simply be rejected. * Can be used to enforce stronger ciphers, even though this option * is not necessarily required to establish a SSL/TLS connection. * * Multiple ciphers are separated by colons. The order of preference * is from left to right. */ # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; /* * ssl_certificate_fingerprint: enhances security by additionally checking * the server's client certificate fingerprint against the specified * fingerprint below. */ # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; /* * autoconn - controls whether we autoconnect to this server or not, * dependent on class limits. By default, this is disabled. * ssl - Initiates a TLS/SSL connection. */ # flags = autoconn, ssl; }; connect { name = "ipv6.example.net"; host = "2001:DB8::3"; send_password = "password"; accept_password = "password"; port = 6666; /* * aftype: controls whether the connection uses "ipv4" or "ipv6". * Default is ipv4. */ aftype = ipv6; class = "server"; }; /* * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops * automatically */ cluster { /* * name: the server to share with; this can take wildcards * * NOTE: only local actions will be clustered, meaning that if * the server receives a shared kline/unkline/etc, it * will not be propagated to clustered servers. * * Remote servers are not necessarily required to accept * clustered lines, they need a shared {} block for *THIS* * server in order to accept them. */ name = "*.example.net"; /* * type: list of what to share; options are as follows: * dline - share dlines * undline - share undlines * kline - share klines * unkline - share unklines * xline - share xlines * unxline - share unxlines * resv - share resvs * unresv - share unresvs * locops - share locops * all - share all of the above (default) */ type = kline, unkline, locops, xline, resv; }; /* * shared {}: users that are allowed to remote kline * * NOTE: This can effectively be used for remote klines. * Please note that there is no password authentication * for users setting remote klines. You must also be * /oper'd in order to issue a remote kline. */ shared { /* * name: the server the user must be connected to in order to set klines. * If this is not specified, the user will be allowed to kline from all * servers. */ name = "irc2.example.net"; /* * user: the user@host mask that is allowed to set klines. If this is * not specified, all users on the server above will be allowed to set * a remote kline. */ user = "oper@my.host.is.spoofed"; /* * type: list of what to share, options are as follows: * dline - allow oper/server to dline * undline - allow oper/server to undline * kline - allow oper/server to kline * unkline - allow oper/server to unkline * xline - allow oper/server to xline * unxline - allow oper/server to unxline * resv - allow oper/server to resv * unresv - allow oper/server to unresv * locops - allow oper/server to locops - only used for servers that cluster * all - allow oper/server to do all of the above (default) */ type = kline, unkline, resv; }; /* * kill {}: users that are not allowed to connect * Oper issued klines will be added to the specified kline database */ kill { user = "bad@*.example.net"; reason = "Obviously hacked account"; }; /* * deny {}: IP addresses that are not allowed to connect * (before DNS/ident lookup) * Oper issued dlines will be added to the specified dline database */ deny { ip = "192.0.2.0/28"; reason = "Reconnecting vhosted bots"; }; /* * exempt {}: IP addresses that are exempt from deny {} and Dlines */ exempt { ip = "192.0.2.240/28"; }; /* * resv {}: nicks and channels users may not use/join */ resv { mask = "clone*"; reason = "Clone bots"; }; resv { mask = "Global"; reason = "Reserved for services"; }; resv { mask = "ChanServ"; reason = "Reserved for services"; }; resv { mask = "NickServ"; reason = "Reserved for services"; }; resv { mask = "OperServ"; reason = "Reserved for services"; }; resv { mask = "MemoServ"; reason = "Reserved for services"; }; resv { mask = "BotServ"; reason = "Reserved for services"; }; resv { mask = "HelpServ"; reason = "Reserved for services"; }; resv { mask = "HostServ"; reason = "Reserved for services"; }; resv { mask = "StatServ"; reason = "Reserved for services"; }; resv { mask = "#*services*"; reason = "Reserved for services"; }; resv { /* * mask: masks starting with a '#' are automatically considered * as channel name masks. */ mask = "#helsinki"; reason = "Channel is reserved for Finnish inhabitants"; /* * exempt: can be either a ISO 3166 alpha-2 two letter country * code, or a nick!user@host mask. CIDR is supported. Exempt * entries can be stacked. */ exempt = "FI"; }; /* * gecos {}: used for banning users based on their "realname". */ gecos { name = "*sex*"; reason = "Possible spambot"; }; gecos { name = "sub7server"; reason = "Trojan drone"; }; /* * service {}: specifies a server which may act as a network service * * NOTE: it is very important that every server on the network * has the same service {} block. */ service { name = "service.example.net"; name = "stats.example.net"; }; /* * pseudo {}: adds pseudo/custom commands also known as service aliases */ pseudo { /* command: the actual command/alias. */ command = "IDENTIFY"; /* prepend: optional text that can be prepended before the user's message. */ prepend = "IDENTIFY "; /* name: the service name, used for error messages. */ name = "NickServ"; /* target: the actual target where this message should be sent to. */ target = "NickServ@service.example.net"; }; pseudo { command = "CHANSERV"; name = "ChanServ"; target = "ChanServ@service.example.net"; }; pseudo { command = "CS"; name = "ChanServ"; target = "ChanServ@service.example.net"; }; pseudo { command = "NICKSERV"; name = "NickServ"; target = "NickServ@service.example.net"; }; pseudo { command = "NS"; name = "NickServ"; target = "NickServ@service.example.net"; }; pseudo { command = "MEMOSERV"; name = "MemoServ"; target = "MemoServ@service.example.net"; }; pseudo { command = "MS"; name = "MemoServ"; target = "MemoServ@service.example.net"; }; pseudo { command = "OPERSERV"; name = "OperServ"; target = "OperServ@service.example.net"; }; pseudo { command = "OS"; name = "OperServ"; target = "OperServ@service.example.net"; }; pseudo { command = "HOSTSERV"; name = "HostServ"; target = "HostServ@service.example.net"; }; pseudo { command = "HS"; name = "HostServ"; target = "HostServ@service.example.net"; }; pseudo { command = "BOTSERV"; name = "BotServ"; target = "BotServ@service.example.net"; }; pseudo { command = "BS"; name = "BotServ"; target = "BotServ@service.example.net"; }; /* * channel {}: the channel block contains options pertaining to channels */ channel { /* * disable_fake_channels: this option, if set to 'yes', will * disallow clients from creating or joining channels that have one * of the following ASCII characters in their name: * * 2 | bold * 3 | mirc color * 15 | plain text * 22 | reverse * 29 | italic * 31 | underline * 160 | non-breaking space */ disable_fake_channels = yes; /* * invite_client_count, invite_client_time: how many INVITE commands * are permitted per client per invite_client_time. */ invite_client_count = 10; invite_client_time = 5 minutes; /* * knock_client_count, knock_client_time: how many KNOCK commands * are permitted per client per knock_client_time. */ knock_client_count = 1; knock_client_time = 5 minutes; /* * knock_delay_channel: how often a KNOCK to any specific channel * is permitted, regardless of the user sending the KNOCK. */ knock_delay_channel = 1 minute; /* * max_channels: the maximum number of channels a user can join/be on. * This is a default value which can be overriden with class {} blocks. */ max_channels = 25; /* max_bans: maximum number of +b/e/I modes in a channel. */ max_bans = 100; /* * default_join_flood_count, default_join_flood_time: * how many joins in how many seconds constitute a flood. Use 0 to disable. * +b opers will be notified. These are only default values which can be * changed via "/QUOTE SET JFLOODCOUNT" and "/QUOTE SET JFLOODTIME". */ default_join_flood_count = 18; default_join_flood_time = 6 seconds; }; /* * serverhide {}: the serverhide block contains the options regarding * to server hiding. For more information regarding server hiding, * please see doc/serverhide.txt */ serverhide { /* * disable_remote_commands: disable users issuing commands * on remote servers. */ disable_remote_commands = no; /* * flatten_links: this option will show all servers in /links appear * as though they are linked to this current server. */ flatten_links = no; /* * links_delay: how often to update the links file when it is * flattened. */ links_delay = 5 minutes; /* * hidden: hide this server from a /links output on servers that * support it. This allows hub servers to be hidden etc. */ hidden = no; /* * hide_servers: hide remote servernames everywhere and instead use * hidden_name and network_desc. */ hide_servers = no; /* * hide_services: define this if you want to hide the location of * services servers that are specified in the service {} block. */ hide_services = no; /* * hidden_name: use this as the servername users see if hide_servers = yes. */ hidden_name = "*.example.net"; /* * hide_server_ips: if this is disabled, opers will be unable to see * servers' IP addresses and will be shown a masked IP address; admins * will be shown the real IP address. * * If this is enabled, nobody can see a server's IP address. * *This is a kludge*: it has the side effect of hiding the IP addresses * everywhere, including logfiles. * * We recommend you leave this disabled, and just take care with who you * give administrator privileges to. */ hide_server_ips = no; }; /* * general {}: the general block contains many of the options that were once * compiled in options in config.h */ general { /* * cycle_on_host_change: sends a fake QUIT/JOIN combination * when services change the hostname of a specific client. */ cycle_on_host_change = yes; /* max_watch: maximum WATCH entries a client can have. */ max_watch = 30; /* max_accept: maximum allowed /accept's for +g user mode. */ max_accept = 30; /* * dline_min_cidr: the minimum required length of a CIDR bitmask * for IPv4 based D-lines. */ dline_min_cidr = 16; /* * dline_min_cidr6: the minimum required length of a CIDR bitmask * for IPv6 based D-lines. */ dline_min_cidr6 = 48; /* * kline_min_cidr: the minimum required length of a CIDR bitmask * for IPv4 based K-lines. */ kline_min_cidr = 16; /* * kline_min_cidr6: the minimum required length of a CIDR bitmask * for IPv6 based K-lines. */ kline_min_cidr6 = 48; /* * invisible_on_connect: whether to automatically set mode +i on * connecting users. */ invisible_on_connect = yes; /* * kill_chase_time_limit: KILL chasing is a feature whereby a KILL * issued for a user who has recently changed nickname will be applied * automatically to the new nick. kill_chase_time_limit is the maximum * time following a nickname change that this chasing will apply. */ kill_chase_time_limit = 30 seconds; /* * ignore_bogus_ts: ignore bogus timestamps from other servers. * Yes, this will desync the network, but it will allow chanops * to resync with a valid non TS 0. * * This should be enabled network wide, or not at all. */ ignore_bogus_ts = no; /* * disable_auth: completely disable ident lookups; if you enable this, * be careful of what you set need_ident to in your auth {} blocks. */ disable_auth = no; /* * tkline_expire_notices: enables or disables temporary kline/xline * expire notices. */ tkline_expire_notices = no; /* * default_floodcount: the default value of floodcount that is configurable * via /quote set floodcount. This is the number of lines a user may send * to any other user/channel in one second. Set to 0 to disable. */ default_floodcount = 10; /* * failed_oper_notice: send a notice to all opers on the server when * someone tries to OPER and uses the wrong password, host or ident. */ failed_oper_notice = yes; /* * dots_in_ident: the number of '.' characters permitted in an ident * reply before the user is rejected. */ dots_in_ident = 2; /* * min_nonwildcard: the minimum number of non-wildcard characters in * k/d lines placed via the server. K-lines hand-placed are exempt from * this limit. * Wildcard characters: '.', ':', '*', '?' */ min_nonwildcard = 4; /* * min_nonwildcard_simple: the minimum number of non-wildcard characters * in gecos bans. Wildcard characters: '*', '?' */ min_nonwildcard_simple = 3; /* anti_nick_flood: enable the nickflood control code. */ anti_nick_flood = yes; /* * max_nick_changes, max_nick_time: the number of nick changes allowed in * the specified period. */ max_nick_changes = 5; max_nick_time = 20 seconds; /* * away_count, away_time: how many AWAY command are permitted per * client per away_time. */ away_count = 2; away_time = 10 seconds; /* * anti_spam_exit_message_time: the minimum time a user must be connected * before custom quit messages are allowed. */ anti_spam_exit_message_time = 5 minutes; /* * ts_warn_delta, ts_max_delta: the time delta allowed between server * clocks before a warning is given, or before the link is dropped. * All servers should run ntpdate/rdate to keep clocks in sync. */ ts_warn_delta = 3 seconds; ts_max_delta = 15 seconds; /* * warn_no_connect_block: warn opers about servers that try to connect * but for which we don't have a connect {} block. Twits with * misconfigured servers can become really annoying with this enabled. */ warn_no_connect_block = yes; /* * stats_e_disabled: set this to 'yes' to disable "STATS e" for both * operators and administrators. Doing so is a good idea in case * there are any exempted (exempt {}) server IPs you don't want to * see leaked. */ stats_e_disabled = no; /* stats_m_oper_only: make /stats m/M (messages) oper only. */ stats_m_oper_only = yes; /* stats_o_oper_only: make stats o (opers) oper only. */ stats_o_oper_only = yes; /* stats_P_oper_only: make stats P (ports) oper only. */ stats_P_oper_only = yes; /* stats_u_oper_only: make stats u (uptime) oper only. */ stats_u_oper_only = no; /* * stats_i_oper_only: make stats i (auth {}) oper only. Set to: * yes - show users no auth {} blocks, made oper only * masked - show users the first matching auth {} block * no - show users all auth {} blocks */ stats_i_oper_only = yes; /* * stats_k_oper_only: make stats k/K (klines) oper only. Set to: * yes - show users no klines, made oper only * masked - show users the first matching kline * no - show users all klines */ stats_k_oper_only = yes; /* * caller_id_wait: time between notifying a +g user that somebody * is messaging them. */ caller_id_wait = 1 minute; /* * opers_bypass_callerid: allows operators to bypass +g and message * anyone who has it set. */ opers_bypass_callerid = no; /* * pace_wait_simple: minimum time required between use of less * intensive commands * (ADMIN, HELP, LUSERS, VERSION, remote WHOIS) */ pace_wait_simple = 1 second; /* * pace_wait: minimum time required between use of more intensive commands * (INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS) */ pace_wait = 10 seconds; /* * short_motd: send clients a notice telling them to read the MOTD * instead of forcing an MOTD to clients who may simply ignore it. */ short_motd = no; /* * ping_cookie: require clients to respond exactly to a PING command, * can help block certain types of drones and FTP PASV mode spoofing. */ ping_cookie = no; /* no_oper_flood: increase flood limits for opers. */ no_oper_flood = yes; /* * max_targets: the maximum number of targets in a single * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited. */ max_targets = 4; /* * user modes configurable: a list of user modes for the options below * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +D - deaf - Don't receive channel messages * +d - debug - See debugging notices * +e - external - See remote server connection and split notices * +F - farconnect - Remote client connection/quit notices * +f - full - See auth {} block full notices * +G - softcallerid - Server Side Ignore for users not on your channels * +g - callerid - Server Side Ignore (for privmsgs etc) * +H - hidden - Hides operator status to other users * +i - invisible - Not shown in NAMES or WHO unless you share a channel * +j - rej - See rejected client notices * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +p - hidechans - Hides channel list in WHOIS * +q - hideidle - Hides idle and signon time in WHOIS * +R - nononreg - Only receive private messages from registered clients * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +y - spy - See LINKS, STATS, TRACE notices etc. */ /* oper_only_umodes: user modes only operators may set. */ oper_only_umodes = bots, cconn, debug, external, farconnect, full, hidden, locops, nchange, rej, skill, spy, unauth; /* oper_umodes: default user modes operators get when they /oper or /challenge. */ oper_umodes = bots, locops, servnotice, wallop; /* * throttle_count: the maximum number of connections from the same * IP address allowed in throttle_time duration. */ throttle_count = 1; /* * throttle_time: the minimum amount of time required between * connections from the same IP address. exempt {} blocks are * excluded from this throttling. * Offers protection against flooders who reconnect quickly. * Set to 0 to disable. */ throttle_time = 2 seconds; }; modules { /* * path: other paths to search for modules specified below * and in "/module load". */ path = "lib/ircd-hybrid/modules"; # path = "lib/ircd-hybrid/modules/extra"; path = "lib/ircd-hybrid/modules/autoload"; /* module: the name of a module to load on startup/rehash. */ # module = "some_module.la"; }; /* * log {}: contains information about logfiles. */ log { /* Do you want to enable logging to ircd.log? */ use_logging = yes; file { type = oper; name = "var/log/oper.log"; size = unlimited; }; file { type = user; name = "var/log/user.log"; size = 50 megabytes; }; file { type = kill; name = "var/log/kill.log"; size = 50 megabytes; }; file { type = kline; name = "var/log/kline.log"; size = 50 megabytes; }; file { type = dline; name = "var/log/dline.log"; size = 50 megabytes; }; file { type = xline; name = "var/log/xline.log"; size = 50 megabytes; }; file { type = resv; name = "var/log/resv.log"; size = 50 megabytes; }; file { type = debug; name = "var/log/debug.log"; size = 50 megabytes; }; };