underchat
/
gnuworld
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gnuworld/doc/ircds.example.conf/ircd-nef.example.conf

1327 lines
44 KiB
Plaintext
Raw Blame History

# General {
# name = "servername";
# vhost = "ipv4vhost";
# vhost = "ipv6vhost";
# description = "description";
# numeric = numericnumber;
# dns vhost = "ipv4vhost";
# dns vhost = "ipv6vhost";
# dns server = "ipaddress";
# dns server = "ipaddress2";
# };
General {
name = "Nefarious2.YourNetwork.org";
description = "Nefarious test server";
#vhost = "168.235.93.155";
numeric = 1;
};
# [Admin]
#
# This sets information that can be retrieved with the /ADMIN command.
# It should contain at least an admin Email contact address.
Admin {
# At most two location lines are allowed...
Location = "Somwhere";
Location = "YourNetwork IRC server";
Contact = "IRC Admins <irc@london.co.uk>";
};
# [Classes]
#
# All connections to the server are associated with a certain "connection
# class", be they incoming or outgoing (initiated by the server), be they
# clients or servers.
#
# Class {
# name = "<class>";
# pingfreq = time;
# connectfreq = time;
# maxlinks = number;
# maxchans = number;
# sendq = size;
# recvq = size;
# usermode = "+i";
# snomask = number;
# fakelagminimum = number;
# fakelagfactor = number;
# autojoinchannel = "channellist";
# autojoinnotice = "autojoinnotice";
# restrict_join = yes/no;
# restrict_privmsg = yes/no;
# restrict_umode = yes/no;
# };
#
# For connection classes used on server links, maxlinks should be set
# to either 0 (for hubs) or 1 (for leaf servers). Client connection
# classes may use maxlinks between 0 and approximately 4,000,000,000.
# maxlinks = 0 means there is no limit on the number of connections
# using the class.
#
# <connect freq> applies only to servers, and specifies the frequency
# that the server tries to autoconnect. setting this to 0 will cause
# the server to attempt to connect repeatedly with no delay until the
# <maximum links> condition is satisfied. This is a Bad Thing(tm).
# Note that times can be specified as a number, or by giving something
# like: 1 minutes 20 seconds, or 1*60+20.
#
# <snomask> applies only to classes used for Operator blocks and is
# used to specify the server notice mask an oper gets when he/she uses
# /oper. See doc/snomask.txt or doc/snomask.html for details on what
# this number means.
#
# <fakelagminimum> is the minimum number of seconds to wait before
# processing commands received from clients.
#
# <fakelagfactor> is a number to devide the message length by to
# determine addtional fake lag to apply. If set to 0 (zero) the user
# will not be subject to fake lag at all.
#
# <autojoinchannel> can be specified to automatically join users of the
# class into. If <autojoinnotice> is specified then a notice is sent
# to the user when automatically joined.
#
# <restrict_join> when enabled restricts users in the class from joining
# any channel with the exception of channels specified in the
# autojoinchannel class option.
#
# <restrict_privmsg> when enabled prevents users in the class from
# sending PRIVMSG or NOTICE to other users who are not on the same
# channel as the user.
#
# <restrict_umode> when enabled prevents users in the class from
# changing their user modes.
#
# Recommended server classes:
# All your server uplinks you are not a hub for.
Class {
name = "Server";
pingfreq = 1 minutes 30 seconds;
connectfreq = 5 minutes;
maxlinks = 1;
sendq = 9000000;
};
# All the leaf servers you hub for.
Class {
name = "LeafServer";
pingfreq = 1 minutes 30 seconds;
connectfreq = 5 minutes;
maxlinks = 0;
sendq = 9000000;
};
# Client {
# username = "ident";
# host = "host";
# ip = "127.0.0.0/8";
# password = "password";
# class = "classname";
# maxlinks = 3;
# };
#
# Everything in a Client block is optional. If a username mask is
# given, it must match the client's username from the IDENT protocol.
# If a host mask is given, the client's hostname must resolve and
# match the host mask. If a CIDR-style IP mask is given, the client
# must have an IP matching that range. If maxlinks is given, it is
# limits the number of matching clients allowed from a particular IP
# address.
#
# Take the following class blocks only as a guide.
Class {
name = "Local";
pingfreq = 1 minutes 30 seconds;
sendq = 160000;
maxlinks = 100;
usermode = "+iw";
};
Class {
name = "America";
pingfreq = 1 minutes 30 seconds;
sendq = 80000;
maxlinks = 5;
};
Class {
name = "Other";
pingfreq = 1 minutes 30 seconds;
sendq = 160000;
maxlinks = 0;
autojoinchannel = "#YourNetwork";
};
Class {
name = "Coders";
pingfreq = 1 minutes 30 seconds;
sendq = 160000;
maxlinks = 10;
local = no;
};
Class {
name = "Opers";
pingfreq = 1 minutes 30 seconds;
sendq = 160000;
maxlinks = 10;
# For connection classes intended for operator use, you can specify
# privileges used when the Operator block (see below) names this
# class. The local (aka globally_opered) privilege MUST be defined
# by either the Class or Operator block. The following privileges
# exist:
#
# local (or propagate, with the opposite sense)
# whox (log oper's use of x flag with /WHO)
# display (oper status visible to lusers)
# chan_limit (can join local channels when in
# MAXCHANNELSPERUSER channels)
# mode_lchan (can /MODE &channel without chanops)
# deop_lchan (cannot be deopped or kicked on local channels)
# walk_lchan (can forcibly /JOIN &channel OVERRIDE)
# show_invis (see +i users in /WHO x)
# show_all_invis (see +i users in /WHO x)
# unlimit_query (show more results from /WHO)
# local_kill (can kill clients on this server)
# rehash (can use /REHASH)
# restart (can use /RESTART)
# die (can use /DIE)
# local_jupe (not used)
# set (can use /SET)
# local_gline (can set a G-line for this server only)
# local_badchan (can set a Gchan for this server only)
# local_jupe (can set a Jupe for this server only)
# local_shun (can set a Shun for this server only)
# see_chan (can see users in +s channels in /WHO)
# list_chan (can see +s channels with /LIST S, or modes with /LIST M)
# wide_gline (can use ! to force a wide G-line)
# wide_shun (can use ! to force a wide Shun)
# see_opers (can see opers without DISPLAY privilege)
# local_opmode (can use OPMODE/CLEARMODE on local channels)
# force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels)
# kill (can kill clients on other servers)
# gline (can issue G-lines to other servers)
# jupe (can issue Jupes to other servers)
# shun (can issue Shuns to other servers)
# opmode (can use /OPMODE)
# badchan (can issue Gchans to other servers)
# force_opmode (can use OPMODE/CLEARMODE on quarantined global channels)
# apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys)
# check (can use /CHECK)
# whois_notice (can set user mode +W)
# hide_oper (can set user mode +H)
# hide_channels (can set user mode +n)
# hide_idle (can set user mode +I)
# admin (gets user mode +a and can set/unset it too)
# xtraop (can set user mode +X)
# service (can set user mode +k)
# remote (can use associated operator block from a remote server)
# freeform (can use /SETHOST to apply a spoofhost not configured with a Spoofhost block)
# remoterehash (can use /REHASH to rehash remote servers)
# remove (can use /REMOVE to remove glines and shuns by force)
# local_zline (can set a Z-line for this server only)
# zline (can issue Z-lines to other servers)
# wide_zline (can use ! to force a wide Z-line)
#
# For global opers (with propagate = yes or local = no), the default
# is to grant all of the above privileges EXCEPT walk_lchan,
# unlimit_query, set, badchan, local_badchan, apass_opmode,
# whois_notice, hide_oper, hide-channels, hide_idle, admin, xtraop,
# service, remote, freeform and remove.
# For local opers, the default is to grant ONLY the following
# privileges:
# chan_limit, mode_lchan, show_invis, show_all_invis, local_kill,
# rehash, local_gline, local_jupe, local_opmode, whox, display,
# force_local_opmode, local_shun and local_zline
# Any privileges listed in a Class block override the defaults.
local = no;
};
# [Client]
#
# To allow clients to connect, they need authorization. This can be
# done based on hostmask, address mask, and/or with a password.
# With intelligent use of classes and the maxconnections field in the
# Client blocks, you can let in a specific domain, but get rid of all other
# domains in the same toplevel, thus setting up some sort of "reverse
# Kill block".
# Client {
# host = "user@host";
# ip = "user@ip";
# password = "password";
# class = "classname";
# sslfp = "sslfingerprint";
# noidenttilde = yes/no;
# hidehostcomponents = number;
# autojoinchannel = "channellist";
# autojoinnotice = "autojoinnotice";
# };
#
# Technical description (for examples, see below):
# For every connecting client, the IP address is known. A reverse lookup
# on this IP-number is done to get the (/all) hostname(s).
# Each hostname that belongs to this IP-number is matched to <hostmask>,
# and the Client {} is used when any matches; the client will then show
# with this particular hostname. If none of the hostnames match, then
# the IP-number is matched against the <IP mask ...> field, if this matches
# then the Client{} is used nevertheless and the client will show with the
# first (main) hostname if any; if the IP-number did not resolve then the
# client will show with the dot notation of the IP-number.
# There is a special case for the UNIX domain sockets and localhost connections
# though; in this case the <IP mask ...> field is compared with the
# name of the server (thus not with any IP-number representation). The name
# of the server is the one returned in the numeric 002 reply, for example:
# 002 Your host is 2.undernet.org[jolan.ppro], running version ...
# Then the "jolan.ppro" is the name used for matching.
# Therefore, unix domain sockets, and connections to localhost would
# match this block:
# host = "*@jolan.ppro";
#
# This is the "fallback" entry. All .uk, .nl, and all unresolved are
# in these two lines.
# By using two different lines, multiple connections from a single IP
# are only allowed from hostnames which have both valid forward and
# reverse DNS mappings.
Client
{
class = "Other";
ip = "*@*";
maxlinks = 5;
};
Client
{
class = "Other";
host = "*@*";
maxlinks = 5;
};
# If you don't want unresolved dudes to be able to connect to your
# server, do not specify any "ip = " settings.
#
# Here, take care of all American ISPs.
Client
{
host = "*@*.com";
class = "America";
maxlinks = 2;
};
Client
{
host = "*@*.net";
class = "America";
maxlinks = 2;
};
# Now list all the .com / .net domains that you wish to have access...
# actually it's less work to do it this way than to do it the other
# way around - K-lining every single ISP in the US.
# I wish people in Holland just got a .nl domain, and not try to be
# cool and use .com...
Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; };
# You can request a more complete listing, including the "list of standard
# Kill blocks" from the Routing Committee; it will also be sent to you if
# you apply for a server and get accepted.
#
# Ourselves - this makes sure that we can get in, no matter how full
# the server is (hopefully).
Client
{
host = "*@*.london.ac.uk";
ip = "*@193.37.*";
class = "Local";
# A maxlinks of over 5 will automatically be glined by euworld on Undernet
maxlinks = 5;
};
# You can put an expression in the maxlinks value, which will make ircd
# only accept a client when the total number of connections to the network
# from the same IP number doesn't exceed this number.
# The following example would accept at most one connection per IP number
# from "*.swipnet.se" and at most two connections from dial up accounts
# that have "dial??.*" as host mask:
# Client {
# host = "*@*.swipnet.se";
# maxlinks = 1;
# class = "Other";
# };
# Client {
# host = "*@dial??.*";
# maxlinks = 2;
# class = "Other";
# };
#
# If you are not worried about who connects, this line will allow everyone
# to connect.
Client {
host = "*@*";
ip = "*@*";
class = "Other";
maxlinks = 5;
};
# You can additionally specify either a country code or continent code
# using the country or continent fields for a Client block to be matched
# by.
# Client {
# country = "GB";
# class = "Local";
# };
# You can also specify an SSL client certificate fingerprint for a Client
# block as an alternative, or addition to the password for authentication.
# Client {
# host "*@*";
# ip = "*@*";
# class = "Other";
# sslfp = "61D0720B27D8AED9C0A7CB788091B0D8D9A94E119D5118E574B70EECD41B3C26";
# };
# You can disable the '~' prefix applied to users with no ident reply by
# setting noidenttilde to 'no' (default: 'yes').
# Client {
# host = "*@*";
# ip = "*@*";
# class = "Other";
# noidenttilde = no;
# }
# You can specify a server (and optionally a port) that a client should be advised
# to reconnect to using the 'redirect' option. If a port is not specified then
# 6667 is used.
#
# Client {
# host = "*@*";
# ip = "*@*";
# class = "Other";
# redirect = "some.other.server.com" 6667;
# };
# You can specify the number of host name components to hide when using
# HOST_HIDING_STYLE 2 or 3 by adding the hidehostcomponents option to a Client
# block.
#
# Client {
# host = "*@*";
# ip = "*@*";
# class = "Other";
# hidehostcomponents = 2;
# };
# You can specify a list of channels to automatically join users into upon
# connecting by adding the autojoinchannel option to the Client block. You
# can also specify a notice to send to users when they are automatically.
#
# Client {
# host = "*@*";
# ip = "*@*";
# class = "Other";
# autojoinchannel = "#channel1,#channel2";
# autojoinnotice = "*** Notice -- You are now being autojoined into #channel1 and #channel2";
# };
# [motd]
#
# It is possible to show a different Message of the Day to a connecting
# client depending on its origin.
# motd {
# # Note: host can also be a classname.
# host = "Other";
# country = "countrycode";
# continent = "continentcode";
# file = "path/to/motd/file";
# };
#
# More than one host/country/continent = "mask"; entry may be present in
# one block; this has the same effect as one Motd block for each host
# entry, but makes it easier to update the messages's filename.
#
# DPATH/net_com.motd contains a special MOTD where users are encouraged
# to register their domains and get their own client{} lines if they're in
# Europe, or move to US.UnderNet.org if they're in the USA.
motd {
host = "*.net";
file = "net_com.motd";
};
motd {
host = "*.com";
file = "net_com.motd";
};
motd {
host = "America";
file = "net_com.motd";
};
# A different MOTD for ourselves, where we point out that the helpdesk
# better not be bothered with questions regarding irc...
motd {
host = "*.london.ac.uk";
file = "london.motd";
};
# [UWorld]
#
# One of the many nice features of Undernet is "Uworld", a program
# connected to the net as a server. This allows it to broadcast any mode
# change, thus allowing opers to, for example, "unlock" a channel that
# has been taken over.
# There is only one slight problem: the TimeStamp protocol prevents this.
# So there is a configuration option to allow them anyway from a certain
# server.
# UWorld {
# # The servername or wildcard mask for it that this applies to.
# name = "relservername";
# };
#
# You may have have more than one name listed in each block.
#
# Note: (1) These lines are agreed on by every server admin on Undernet;
# (2) These lines must be the same on every single server, or results
# will be disasterous; (3) This is a useful feature, not something that
# is a liability and abused regularly (well... :-)
# If you're on Undernet, you MUST have these lines. I cannnot stress
# this enough. If all of the servers don't have the same lines, the
# servers will try to undo the mode hacks that Uworld does. Make SURE that
# all of the servers have the EXACT same UWorld blocks.
#
# If your server starts on a bit larger network, you'll probably get
# assigned one or two uplinks to which your server can connect.
# If your uplink(s) also connect to other servers than yours (which is
# probable), you need to define your uplink as being allowed to "hub".
# See the Connect block documentation for details on how to do that.
UWorld {
name = "uworld.eu.yournetwork.org";
name = "uworld2.yournetwork.org";
name = "uworld.yournetwork.org";
name = "channels.yournetwork.org";
name = "channels2.yournetwork.org";
name = "channels3.yournetwork.org";
name = "channels4.yournetwork.org";
name = "channels5.yournetwork.org";
name = "channels6.yournetwork.org";
};
# As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and
# CFV-0255, the following nicks must be juped, it is not allowed to
# jupe others as well.
Jupe {
nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`";
nick = "EuWorld,UWorld,UWorld2";
nick = "login,yournetwork,protocol,pass,newpass,org";
nick = "StatServ,NoteServ";
nick = "ChanSvr,ChanSaver,ChanServ";
nick = "NickSvr,NickSaver,NickServ";
nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX";
};
# [Kill]
#
# While running your server, you will most probably encounter individuals
# or groups of persons that you do not wish to have access to your server.
#
# For this purpose, the ircd understands "kill blocks". These are also
# known as K-lines, by virtue of the former config file format.
# Kill
# {
# host = "user@host";
# reason = "The reason the user will see";
# };
# It is possible to ban on the basis of the real name.
# It is also possible to use a file as comment for the ban, using
# file = "file":
# Kill
# {
# realname = "realnametoban";
# file = "path/to/file/with/reason/to/show";
# };
# It is also possible to ban using either the 2 letter country code or
# the 2 letter continent code provided by GeoIP using either the country
# or continent fields.
# Kill
# {
# country = "US";
# reason = "Local server for local people!";
# };
#
#
# The default reason is: "You are banned from this server"
# Note that Kill blocks are local to the server; if you ban a person or a
# whole domain from your server, they can get on IRC via any other server
# that doesn't have them Killed (yet).
#
# With a simple comment, using quotes:
Kill { host = "*.au"; reason = "Please use a nearer server"; };
Kill { host = "*.edu"; reason = "Please use a nearer server"; };
# You can also kill based on username.
Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; };
# The file can contain for example, a reason, a link to the
# server rules and a contact address. Note the combination
# of username and host in the host field.
Kill
{
host = "*luser@unixbox.flooder.co.uk";
file = "kline/youflooded.txt";
};
# IP-based kill lines apply to all hosts, even if an IP address has a
# properly resolving host name.
Kill
{
host = "192.168.*";
file = "klines/martians";
};
# The realname field lets you ban by realname...
Kill
{
realname = "*sub7*";
reason = "You are infected with a Trojan";
};
# The version field lets you ban by CTCP version (requires "CTCP_VERSION" and
# "CTCP_VERSIONING_KILL" to be enabled in the Features block)
#Kill
#{
# version = "*iroffer*";
# reason = "You are using a disallowed chat client version. Either upgrade or get a new client.";
#};
# A Kill block can also allow authenticated users to connect even if they match
# the kill block in question. This can be achieved by adding the authexempt
# option to the kill block. Addition of the mark option will add a line to the
# users WHOIS with the value of the mark option.
Kill
{
host = "silly.people";
reason = "Silly people are not allowed unless authenticated.";
authexempt = yes;
mark = "Silly Person";
};
# [Connect]
#
# You probably want your server connected to other servers, so your users
# have other users to chat with.
# IRC servers connect to other servers forming a network with a star or
# tree topology. Loops are not allowed.
# In this network, two servers can be distinguished: "hub" and "leaf"
# servers. Leaf servers connect to hubs; hubs connect to each other.
# Of course, many servers can't be directly classified in one of these
# categories. Both a fixed and a rule-based decision making system for
# server links is provided for ircd to decide what links to allow, what
# to let humans do themselves, and what links to (forcefully) disallow.
#
# The Connect blocks
# define what servers the server connect to, and which servers are
# allowed to connect.
# Connect {
# name = "servername";
# host = "hostnameORip";
# vhost = "localIP";
# password = "passwd";
# port = portno;
# class = "classname";
# maxhops = 2;
# hub = "*.eu.yournetwork.org";
# autoconnect = no;
# sslfp = "sslfingerprint";
# sslciphers = "ssl ciphers string";
# ssl = no;
# };
#
# The "port" field defines the default port the server tries to connect
# to if an operator uses /connect without specifying a port. This is also
# the port used when the server attempts to auto-connect to the remote
# server. (See Class blocks for more informationa about auto-connects).
# You may tell ircu to not automatically connect to a server by adding
# "autoconnect = no;"; the default is to autoconnect.
#
# If the vhost field is present, the server will use that IP as the
# local end of connections that it initiates to this server. This
# overrides the vhost value from the General block.
#
# If the sslfp field is present the remote server must be connected via
# SSL using an SSL certificate with the SHA256 fingerprint specified to
# be allowed to use the Connect block.
#
# If the ssliphers field is present then the ciphers list specified will
# be used when this server connects to the server the Connect block
# belongs to. See https://www.openssl.org/docs/apps/ciphers.html for an
# explanation on how to format this string.
#
# The maxhops field causes an SQUIT if a hub tries to introduce
# servers farther away than that; the element 'leaf;' is an alias for
# 'maxhops = 0;'. The hub field limits the names of servers that may
# be introduced by a hub; the element 'hub;' is an alias for
# 'hub = "*";'.
## Our primary uplink.
#Connect {
# name = "Amsterdam.NL.Eu.UnderNet.org";
# host = "1.2.3.4";
# password = "passwd";
# port = 4400;
# class = "Server";
# autoconnect = no;
# hub;
#};
Connect {
name = "channels.yournetwork.org";
host = "127.0.0.1";
password = "54321";
port = 4400;
class = "Server";
autoconnect = no;
hub = "*";
};
Connect {
name = "irc.YourNetwork.org";
host = "168.235.93.155";
password = "54321";
port = 4400;
class = "Server";
autoconnect = yes;
hub;
};
# [crule]
#
# For an advanced, real-time rule-based routing decision making system
# you can use crule blocks. For more information, see doc/readme.crules.
# If more than one server mask is present in a single crule, the rule
# applies to all servers.
# CRULE
# {
# server = "servermask";
# rule = "connectrule";
# # Setting all to yes makes the rule always apply. Otherwise it only
# # applies to autoconnects.
# all = yes;
# };
CRULE
{
server = "*.US.UnderNet.org";
rule = "connected(*.US.UnderNet.org)";
};
CRULE
{
server = "*.EU.UnderNet.org";
rule = "connected(Amsterdam.NL.EU.*)";
};
# The following block is recommended for leaf servers:
CRULE
{
server = "*";
rule = "directcon(*)";
};
# [Operator]
#
# Inevitably, you have reached the part about "IRC Operators". Oper status
# grants some special privileges to a user, like the power to make the
# server break or (try to) establish a connection with another server,
# and to "kill" users off IRC.
# I can write many pages about this; I will restrict myself to saying that
# if you want to appoint somebody as IRC Operator on your server, that
# person should be aware of his/her responsibilities, and that you, being
# the admin, will be held accountable for their actions.
#
# There are two sorts of IRC Operators: "local" and "global". Local opers
# can squit, connect and kill - but only locally: their +o user mode
# is not not passed along to other servers. On Undernet, this prevents
# them from using Uworld as well.
#
# More than one host = "mask"; entry may be present in one block; this
# has the same effect as one Operator block for each host entry, but
# makes it easier to update operator nicks, passwords, classes, and
# privileges.
#
# Operator {
# host = "host/IP mask";
# name = "opername";
# password = "encryptedpass";
# class = "classname";
# sslfp = "sslfingerprint";
# snomask = number;
# autojoinchannel = "channellist";
# autojoinnotice = "autjoinnotice";
# # You can also set any operator privilege; see the Class block
# # documentation for details. A privilege defined for a single
# # Operator will override the privilege settings for the Class
# # and the default setting.
# };
#
# By default, the password is hashed using the system's native crypt()
# function. Other password mechanisms are available; the umkpasswd
# utility from the ircd directory can hash passwords using those
# mechanisms. If you use a password format that is NOT generated by
# umkpasswd, ircu will not recognize the oper's password.
#
# If sslfp is present the user must be connected via SSL from a client
# setup to use an SSL client certificate with the SHA256 fingerprint
# specified.
#
# snomask is used to specify the server notice mask an oper gets when
# he/she uses /oper. See doc/snomask.txt or doc/snomask.html for
# details on what this number means.
#
# autjoinchannel allows you to specify channels the user is automatically
# joined into when he/she uses /oper. Additionally you can specify a
# notice to be sent to the user by using autojoinnotice.
#
# All privileges are shown with their default values; if you wish to
# override defaults, you should set only those privileges for the
# operator. Listing defaulted privileges just makes things harder to
# find.
Operator {
local = no;
host = "*@*.cs.vu.nl";
password = "VRKLKuGKn0jLt";
name = "Niels";
class = "Local";
};
Operator {
host = "*@*";
password = "$PLAIN$temPass";
name = "Seven";
class = "Coders";
};
# Note that the <connection class> is optional, but leaving it away
# puts the opers in class "default", which usually only accepts one
# connection at a time. If you want users to Oper up more then once per
# block, then use a connection class that allows more then one connection,
# for example (using class Local as in the example above):
#
# Once you OPER your connection class changes no matter where you are or
# your previous connection classes. If the defined connection class is
# Local for the operator block, then your new connection class is Local.
# [Port]
# When your server gets more full, you will notice delays when trying to
# connect to your server's primary listening port. It is possible via the
# Port lines to specify additional ports for the ircd to listen to.
# De facto ports are: 6667 - standard; 6660-6669 - additional client
# ports;
# Undernet uses 4400 for server listener ports.
# These are just hints, they are in no way official IANA or IETF policies.
# IANA says we should use port 194, but that requires us to run as root,
# so we don't do that.
#
#
# Port {
# port = [ipv4] [ipv6] number;
# mask = "ipmask";
# # Use this to control the interface you bind to.
# vhost = [ipv4] [ipv6] "virtualhostip";
# # You can specify both virtual host and port number in one entry.
# vhost = [ipv4] [ipv6] "virtualhostip" number;
# # Setting to yes makes this server only.
# server = yes;
# # Setting to yes makes the port "hidden" from stats.
# hidden = yes;
# # Setting to yes makes the port accept SSL encrypted connections.
# ssl = yes;
# };
#
# The port and vhost lines allow you to specify one or both of "ipv4"
# and "ipv6" as address families to use for the port. The default is
# to listen on both IPv4 and IPv6.
#
# The mask setting allows you to specify a range of IP addresses that
# you will allow connections from. This should only contain IP addresses
# and '*' if used. This field only uses IP addresses. This does not use
# DNS in any way so you can't use it to allow *.nl or *.uk. Attempting
# to specify anything other than numbers, dots and stars [0-9.*] will result
# in the port allowing connections from anyone.
#
# The interface setting allows multiply homed hosts to specify which
# interface to use on a port by port basis, if an interface is not specified
# the default interface will be used. The interface MUST be the complete
# IP address for a real hardware interface on the machine running ircd.
# If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it
# WILL bind to all interfaces - not what most people seem to expect.
#
Port {
server = yes;
port = 4400;
};
# This is an SSL port.
Port {
ssl = yes;
port = 6697;
};
## This is an IPv4-only Server port that is Hidden
#Port {
# server = yes;
# hidden = yes;
# port = ipv4 4400;
#};
# The following are normal client ports
Port { port = 6667; };
#Port { port = 6668; };
#Port { port = 7000; };
#Port {
# # This only accepts clients with IPs like 192.168.*.
# mask = "192.168.*";
# port = 6666;
#};
# This is a hidden client port, listening on 168.8.21.107.
#Port {
# vhost = "168.8.21.107";
# hidden = yes;
# port = 7000;
#};
# More than one vhost may be present in a single Port block; in this case,
# we recommend listing the port number on the vhost line for clarity.
Port {
# vhost = "172.16.0.1" 6667;
# vhost = "172.16.3.1" 6668;
# vhost = "172.16.3.1" 7000;
hidden = no;
};
# [Spoofhost]
#
# Spoofhost "<spoof host>" {
# pass = "<password>";
# host = "<hostmask>";
# autoapply = <yes/no>;
# ismask = <yes/no>;
# matchusername = <yes/no>;
# };
#
# <spoof host> An ident@hostname or hostname to be spoofed
# <password> A password for this spoof host. Used if SETHOST_USER is enabled.
# <hostmask> A hostmask for matching against users that are to be auto
# spoofed or to restrict access to a spoof host.
# <autoapply> Either yes or no, yes indicates that the Spoofhost should be
# automatically applied to a user. If set to yes, <pass> is
# ignored when automatically applying the host.
# <ismask> Either yes or no, yes indicates that <spoof host> is a wild
# card mask (includes * or ?) to match against the supplied spoof
# host. A yes also sets <autoapply> to no.
# <matchusername> If set to yes when <autoapply> is set to yes, the user portion
# of <hostmask> will match against the USER supplied user name
# as well as the ident supplied user name.
#
# NOTE: When using ismask steps should be taken to ensure only users you trust
# can make use of a Spoofhost block using the option. The reason for this
# is because of the nature of ismask, users who can use a Spoofhost block
# with ismask enabled can make use of a wild card mask to change their
# host name and evade channel bans.
#
# Spoofhost "testsline.AfterNET.Org" { pass = "secret"; host = "*"; };
#
# This is how to define Spoofhosts when having freeform turned off.
# Spoofhost "testsline2.AfterNET.Org" { username = "x"; host = "nohost"; };
# Quarantine blocks disallow operators from using OPMODE and CLEARMODE
# on certain channels. Opers with the force_opmode (for local
# channels, force_local_opmode) privilege may override the quarantine
# by prefixing the channel name with an exclamation point ('!').
# Wildcards are NOT supported; the channel name must match exactly.
Quarantine {
"#shells" = "Thou shalt not support the h4><0rz";
"&kiddies" = "They can take care of themselves";
};
# This is a server-implemented alias to send a message to a service.
# The string after Pseudo is the command name; the name entry inside
# is the service name, used for error messages. More than one nick
# entry can be provided; the last one listed has highest priority.
#Pseudo "CHANSERV" {
# name = "X";
# nick = "X@channels.yournetwork.org";
#};
# You can also prepend text before the user's message.
Pseudo "LOGIN" {
name = "X";
prepend = "LOGIN ";
nick = "X@channels.yournetwork.org";
};
# You can also specify the default text to send if the user does not
# supply some text.
#Pseudo "AUTHSERV" {
# name = "AuthServ";
# nick = "AuthServ@channels.yournetwork.org";
# defaulttext = "HELP";
#};
# You can ask a separate server whether to allow users to connect.
# Uncomment this ONLY if you have an iauth helper program.
# IAuth {
# program = "../path/to/iauth" "-n" "options go here";
# };
# [Forwards]
# These blocks will enable the server to forward any messages which
# are prefixed and specific with a b:line. This will allow users to
# use the services without the services being in channel.
#
# Forwards {
# "<prefix>" = "<services server>";
# };
#
# Forwards {
# "!" = "channels.yournetwork.org";
# "?" = "channels.yournetwork.org";
# "." = "channels.yournetwork.org";
# };
#
# Any channel messages prefixed with a ? ! or a . would be sent to
# channels.yournetwork.org in the above examples.
# [WebIRC]
# These blocks allow you to run a WEBIRC client on your website without
# having to set clone exceptions for your websites hostname on your IRCd.
# WEBIRC will send a WEBIRC command along with the clients hostname, ip and
# WEBIRC password.
#
# WebIRC {
# host = "user@host";
# password = "password";
# ident = "fakeident";
# userident = yes/no;
# ignoreident = yes/no;
# stripsslfp = yes/no;
# description = "description";
# };
#
# The host and password fields take the same formats as in the Client block.
# The host field is matched against the host mask of the client attempting
# to use the WEBIRC command. The ident field is optional and if specified
# is used as if it were the reply from the users identd. The ignoreident
# option causes any identd reply already received to be ignored. The
# userident option uses the USER user name as if it were an identd reply if
# none was received or if ignoreident is set to yes. The description field is
# a short line of text to be added to the user's WHOIS to mark them as a
# WEBIRC user. If the client issuing the WEBIRC command uses an SSL client
# certificate then stripsslfp should be set to yes.
#
# Example:
# WebIRC {
# host = "*@127.0.0.1";
# password = "$PLAIN$kg533n6xVI";
# };
# [Except]
# These blocks allow you to exempt matching clients from various
# restrictions or checks.
#
# Except {
# host = "user@host";
# shun = yes/no;
# kline = yes/no;
# gline = yes/no;
# ident = yes/no;
# rdns = yes/no;
# ipcheck = yes/no;
# targetlimit = yes/no;
# };
#
# The host field is used to specify a user@host mask to select clients to
# apply the exemptions to. For some exemption types such as ipcheck, ident and
# rdns, you can only specify a mask of *@<ip> or *@<cidr> as neither ident nor
# rDNS checks have been performed when exceptions have been checked. The kline
# type exempts users from Kill blocks in ircd.conf that the client matches.
# The gline and shun types exempt matching clients from glines and shuns
# respectively. The ident and rdns types stop the IRCd from performing ident
# and reverse DNS lookups for matching clients. The ipcheck type exempts
# matching clients from connection throttling and IP limits. The targetlimit
# type exempts matching clients from the message target limits.
# [features]
# IRC servers have a large number of options and features. Most of these
# are set at compile time through the use of #define's--see "make config"
# for more details--but we are working to move many of these into the
# configuration file. Features let you configure these at runtime.
# You only need one feature block in which you use
# "featurename" = "value1" , "value2", ..., "valuen-1", "valuen";
#
# The entire purpose of F:lines are so that you do not have to recompile
# the IRCD everytime you want to change a feature. All of the features
# are listed below, and at the bottom is how to set logging.
#
# A Special Thanks to Kev for writing the documentation of F:lines. It can
# be found at doc/readme.features and the logging documentation can be
# found at doc/readme.log. The defaults used by the Undernet network are
# below.
#
features
{
# These log features are the only way to get certain error messages
# (such as when the server dies from being out of memory). For more
# explanation of how they work, see doc/readme.log.
"LOG" = "SYSTEM" "FILE" "ircd-nef.log";
"LOG" = "SYSTEM" "LEVEL" "CRIT";
# "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>";
# "RELIABLE_CLOCK"="FALSE";
# "BUFFERPOOL"="27000000";
# "HAS_FERGUSON_FLUSHER"="FALSE";
# "CLIENT_FLOOD"="1024";
"SERVER_PORT"="4400";
# "NODEFAULTMOTD"="TRUE";
# "MOTD_BANNER"="";
# "KILL_IPMISMATCH"="FALSE";
# "IDLE_FROM_MSG"="TRUE";
"HUB"="TRUE";
# "WALLOPS_OPER_ONLY"="FALSE";
# "NODNS"="FALSE";
# "RANDOM_SEED"="<you should set one explicitly>";
# "DEFAULT_LIST_PARAM"="";
# "NICKNAMEHISTORYLENGTH"="800";
"NETWORK"="YourNetwork";
"HOST_HIDING"="TRUE";
"HIDDEN_HOST"="users.yournetwork.org";
"HIDDEN_IP"="127.0.0.1";
# "KILLCHASETIMELIMIT"="30";
# "MAXCHANNELSPERUSER"="10";
"NICKLEN" = "20";
# "AVBANLEN"="40";
# "MAXBANS"="50";
# "MAXSILES"="15";
# "HANGONGOODLINK"="300";
# "HANGONRETRYDELAY" = "10";
# "CONNECTTIMEOUT" = "90";
# "MAXIMUM_LINKS" = "1";
# "PINGFREQUENCY" = "120";
# "CONNECTFREQUENCY" = "600";
# "DEFAULTMAXSENDQLENGTH" = "40000";
# "GLINEMAXUSERCOUNT" = "20";
# "MPATH" = "ircd.motd";
# "RPATH" = "remote.motd";
"PPATH" = "ircd-nef.pid";
# "TOS_SERVER" = "0x08";
# "TOS_CLIENT" = "0x08";
# "POLLS_PER_LOOP" = "200";
# "IRCD_RES_TIMEOUT" = "4";
# "IRCD_RES_RETRIES" = "2";
# "AUTH_TIMEOUT" = "9";
# "IPCHECK_CLONE_LIMIT" = "4";
# "IPCHECK_CLONE_PERIOD" = "40";
# "IPCHECK_CLONE_DELAY" = "600";
# "CHANNELLEN" = "200";
# "CONFIG_OPERCMDS" = "TRUE";
# "OPLEVELS" = "TRUE";
# "ZANNELS" = "TRUE";
# "LOCAL_CHANNELS" = "TRUE";
# "ANNOUNCE_INVITES" = "FALSE";
# These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS)
# behavior to hide most network topology from users.
# "HIS_SNOTICES" = "TRUE";
# "HIS_SNOTICES_OPER_ONLY" = "TRUE";
# "HIS_DEBUG_OPER_ONLY" = "TRUE";
# "HIS_WALLOPS" = "TRUE";
# "HIS_MAP" = "TRUE";
# "HIS_LINKS" = "TRUE";
# "HIS_TRACE" = "TRUE";
# "HIS_STATS_a" = "TRUE";
# "HIS_STATS_c" = "TRUE";
# "HIS_STATS_d" = "TRUE";
# "HIS_STATS_e" = "TRUE";
# "HIS_STATS_f" = "TRUE";
# "HIS_STATS_g" = "TRUE";
# "HIS_STATS_i" = "TRUE";
# "HIS_STATS_j" = "TRUE";
# "HIS_STATS_J" = "TRUE";
# "HIS_STATS_k" = "TRUE";
# "HIS_STATS_l" = "TRUE";
# "HIS_STATS_L" = "TRUE";
# "HIS_STATS_m" = "TRUE";
# "HIS_STATS_M" = "TRUE";
# "HIS_STATS_o" = "TRUE";
# "HIS_STATS_p" = "TRUE";
# "HIS_STATS_q" = "TRUE";
# "HIS_STATS_r" = "TRUE";
# "HIS_STATS_R" = "TRUE";
# "HIS_STATS_S" = "TRUE";
# "HIS_STATS_t" = "TRUE";
# "HIS_STATS_T" = "TRUE";
# "HIS_STATS_u" = "FALSE";
# "HIS_STATS_U" = "TRUE";
# "HIS_STATS_v" = "TRUE";
# "HIS_STATS_w" = "TRUE";
# "HIS_STATS_x" = "TRUE";
# "HIS_STATS_y" = "TRUE";
# "HIS_STATS_z" = "TRUE";
# "HIS_STATS_IAUTH" = "TRUE";
# "HIS_WHOIS_SERVERNAME" = "TRUE";
# "HIS_WHOIS_IDLETIME" = "TRUE";
# "HIS_WHOIS_LOCALCHAN" = "TRUE";
# "HIS_WHO_SERVERNAME" = "TRUE";
# "HIS_WHO_HOPCOUNT" = "TRUE";
# "HIS_MODEWHO" = "TRUE";
# "HIS_BANWHO" = "TRUE";
# "HIS_KILLWHO" = "FALSE";
# "HIS_REWRITE" = "TRUE";
# "HIS_REMOTE" = "TRUE";
# "HIS_NETSPLIT" = "TRUE";
"HIS_SERVERNAME" = "*.yournetwork.org";
"HIS_SERVERINFO" = "The YourNetwork Underworld";
"HIS_URLSERVERS" = "http://www.yournetwork.org/servers.php";
"URLREG" = "http://cservice.yournetwork.org/live/";
# "CHECK" = "TRUE";
# "CHECK_EXTENDED" = "TRUE";
# "MAX_CHECK_OUTPUT" = "1000";
"OPER_WHOIS_PARANOIA" = "TRUE";
# "OPER_HIDE" = "FALSE";
# "AUTOCHANMODES" = "FALSE";
# "AUTOCHANMODES_LIST" = "";
# "UHNAMES" = "TRUE";
# "RESTARTPASS" = "";
# "DIEPASS" = "";
# "HIS_STATS_W" = "TRUE";
# "WHOIS_OPER" = "is an IRC Operator";
# "WHOIS_SERVICE" = "is a Network Service";
# "TARGET_LIMITING" = "TRUE";
# "OPER_XTRAOP" = "FALSE";
# "OPERMOTD" = "FALSE";
# "RULES" = "FALSE";
# "DISABLE_SHUNS" = FALSE";
# "SHUNMAXUSERCOUNT" = "20";
# "HIS_SHUN_REASON" = "TRUE";
# "HIS_GLINE_REASON" = "FALSE";
# "NOIDENT" = "FALSE";
"EXTENDED_ACCOUNTS" = "FALSE";
# "LOGIN_ON_CONNECT" = "FALSE";
# "LOC_SENDHOST" = "FALSE";
# "LOC_SENDSSLFP" = "FALSE";
# "LOC_DEFAULT_SERVICE" = "AuthServ";
# "LOC_TIMEOUT" = "3";
# "STRICTUSERNAME" = "FALSE";
# "APASS_CANSEND" = "FALSE";
# "HOST_IN_TOPIC" = "TRUE";
# "HIS_STATS_s" = "TRUE";
# "SETHOST" = "TRUE";
# "FLEXIBLEKEYS" = "FALSE";
# "HIS_STATS_E" = "TRUE";
# "SASL_SERVER" = "*";
# "LISTDELAY" = "15";
# "ALLOW_OPLEVEL_CHANGE" = "FALSE";
# "NETWORK_REHASH" = "TRUE";
# "LIST_SHOWMODES_OPERONLY" = "FALSE";
# "LIST_PRIVATE_CHANNELS" = "";
# "MAXWATCHS" = "128";
# "HIS_STATS_Z" = "TRUE";
# "SASL_TIMEOUT" = "8";
# "NOMULTITARGETS" = "FALSE";
# "HIS_IRCOPS" = "TRUE";
# "HIS_IRCOPS_SERVERS" = "TRUE";
# "SASL_SENDHOST" = "TRUE";
# "SASL_AUTOHIDEHOST" = "TRUE";
# "SNOMASK_DEFAULT" = "1540";
# "SNOMASK_OPERDEFAULT" = "5645";
# "TPATH" = "ircd.tune";
# "CHMODE_m_NONICKCHANGE" = "TRUE";
# "CHMODE_r_NONICKCHANGE" = "TRUE";
# "SILENCE_CHANMSGS" = "TRUE";
# "CHANNEL_CREATE_IRCOPONLY" = "FALSE";
"CHMODE_a" = "FALSE";
"CHMODE_c" = "FALSE";
"CHMODE_C" = "FALSE";
"CHMODE_L" = "FALSE";
"CHMODE_M" = "FALSE";
"CHMODE_N" = "FALSE";
"CHMODE_O" = "FALSE";
"CHMODE_Q" = "FALSE";
"CHMODE_S" = "FALSE";
"CHMODE_T" = "FALSE";
"CHMODE_Z" = "FALSE";
"HALFOPS" = "TRUE";
# "EXCEPTS" = "FALSE";
# "MAXEXCEPTS" = "45";
# "AVEXCEPTLEN" = "40";
# "CHMODE_e_CHMODEEXCEPTION" = "FALSE";
# "HALFOP_DEHALFOP_SELF" = "FALSE";
# "CHMODE_Z_STRICT" = "TRUE";
# "MAX_BOUNCE" = "5";
# "EXTBANS" = "TRUE";
# "EXTBAN_j_MAXDEPTH" = "1";
# "EXTBAN_j_MAXPERCHAN" = "2";
# "EXTBAN_a" = "TRUE";
# "EXTBAN_c" = "TRUE";
# "EXTBAN_j" = "TRUE";
# "EXTBAN_n" = "TRUE";
# "EXTBAN_q" = "TRUE";
# "EXTBAN_r" = "TRUE";
# "EXTBAN_m" = "TRUE";
# "EXTBAN_M" = "TRUE";
# "OMPATH" = "ircd.opermotd";
# "EPATH" = "ircd.rules";
"HIDDEN_HOST_QUIT" = "TRUE";
"HIDDEN_HOST_SET_MESSAGE" = "Registered";
"HIDDEN_HOST_UNSET_MESSAGE" = "UnRegistered";
# "ALLOWRMX" = "FALSE";
"OPERHOST_HIDING" = "FALSE";
# "HIDDEN_OPERHOST" = "Staff.Nefarious";
# "HOST_HIDING_STYLE" = "1";
# "HOST_HIDING_PREFIX" = "Nefarious";
# "HOST_HIDING_KEY1" = "aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
# "HOST_HIDING_KEY2" = "sdfjkLJKHlkjdkfjsdklfjlkjKLJ";
# "HOST_HIDING_KEY3" = "KJklJSDFLkjLKDFJSLKjlKJFlkjS";
# "HOST_HIDING_COMPONENTS" = "1";
# "CTCP_VERSIONING" = "FALSE";
# "CTCP_VERSIONING_KILL" = "FALSE";
# "CTCP_VERSIONING_CHAN" = "FALSE";
# "CTCP_VERSIONING_CHANNAME" = "#opers";
# "CTCP_VERSIONING_USEMSG" = "FALSE";
# "CTCP_VERSIONING_NOTICE" = "*** Checking your client version";
"GEOIP_ENABLE" = "TRUE";
"GEOIP_FILE" = "GeoIP.dat";
"GEOIP_IPV6_FILE" = "GeoIPv6.dat";
# "SSL_CERTFILE" = "ircd.pem";
# "SSL_KEYFILE" = "ircd.pem";
# "SSL_CACERTFILE" = "";
# "SSL_VERIFYCERT" = "FALSE";
# "SSL_NOSELFSIGNED" = "FALSE";
# "SSL_REQUIRECLIENTCERT" = "FALSE";
# "SSL_NOSSLV2" = "TRUE";
# "SSL_NOSSLv3" = "TRUE";
# "SSL_NOTLSV1" = "TRUE";
# "SSL_CIPHERS" = "";
# "DISABLE_ZLINES" = "FALSE";
# "HIS_ZLINE_REASON" = "FALSE";
# "ZLINEMAXUSERCOUNT" = "20";
# "CAP_multi_prefix" = "TRUE";
# "CAP_userhost_in_names" = "TRUE";
# "CAP_extended_join" = "TRUE";
# "CAP_away_notify" = "TRUE";
# "CAP_account_notify" = "TRUE";
# "CAP_sasl" = "TRUE";
# "CAP_tls" = "TRUE";
# "CONNEXIT_NOTICES" = "FALSE";
};
# Well, you have now reached the end of this sample configuration
# file. If you have any questions, feel free to mail
# <coder-com@undernet.org>. If you are interested in linking your
# server to the Undernet IRC network visit
# http://www.routing-com.undernet.org/, and if there are any
# problems then contact <routing-com@undernet.org> asking for
# information. Upgrades of the Undernet ircd can be found on
# http://coder-com.undernet.org/.
#
# For the rest: Good Luck!
#
# -- Niels.
Reference in New Issue View Git Blame Copy Permalink