This repository has been archived on 2025-02-12. You can view files and clone it, but cannot push or open issues or pull requests.
NeoStats-NeoIRCd/doc/example.conf

773 lines
23 KiB
Text
Raw Permalink Normal View History

/* doc/example.conf - NeoIRCd Example configuration file
* Copyright (C) 2002 NeoStats
2002-08-13 14:34:25 +00:00
*
* ported from Hybrid7 by fish
2002-08-13 14:34:25 +00:00
*
* $Id: example.conf,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $
2002-08-13 14:34:25 +00:00
*/
/* IMPORTANT NOTES:
*
* class {} blocks MUST be specified before anything that uses them. That
* means they must be defined before auth {} and before connect {}.
*
* auth {} blocks MUST be specified in order of precedence. The first one
* that matches a user will be used. So place spoofs first, then specials,
* then general access, then restricted.
*
* Both shell style (#) and C style comments are supported.
*
* Files may be included by either:
* .include "filename"
* .include <filename>
*
* Times/durations are written as:
* 12 hours 30 minutes 1 second
*
* Valid units of time:
* month, week, day, hour, minute, second
*
* Valid units of size:
* megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
*
* Sizes and times may be singular or plural.
*/
/* serverinfo {}: Contains information about the server. (OLD M:) */
serverinfo {
/* name: the name of our server */
name = "irc.dynam.ac";
2002-08-13 14:34:25 +00:00
/* description: the description of our server. '[' and ']' may not
* be used here for compatibility with older servers.
*/
description = "NeoIRCd test server";
2002-08-13 14:34:25 +00:00
/* network info: the name and description of the network this server
* is on. Shown in the 005 reply and used with serverhiding.
*/
network_name = "MyNet";
network_desc = "This is My Network";
/* hub: allow this server to act as a hub and have multiple servers
* connected to it. This may not be changed if there are active
* LazyLink servers.
*/
hub = yes;
2002-08-13 14:34:25 +00:00
/* vhost: the IP to bind to when we connect outward to ipv4 servers.
* This should be an ipv4 IP only.
*/
#vhost = "192.169.0.1";
/* vhost6: the IP to bind to when we connect outward to ipv6 servers.
* This should be an ipv6 IP only.
*/
#vhost6 = "3ffe:80e8:546::2";
/* max clients: the maximum number of clients allowed to connect */
max_clients = 512;
/* rsa key: the path to the file containing our rsa key for cryptlink.
*
* Example command to store a 2048 bit RSA keypair in
* rsa.key, and the public key in rsa.pub:
*
* openssl genrsa -out rsa.key 2048
* openssl rsa -in rsa.key -pubout -out rsa.pub
* chown <ircd-user>.<ircd.group> rsa.key rsa.pub
* chmod 0600 rsa.key
* chmod 0644 rsa.pub
*/
#rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
};
/* admin {}: contains admin information about the server. (OLD A:) */
admin {
name = "Smurf target";
description = "Main Server Administrator";
email = "<syn@packets.r.us>";
};
/* logging {}: contains information about logfiles. */
logging {
/* log level: the amount of detail to log in ircd.log. The
* higher, the more information is logged. May be changed
* once the server is running via /quote SET LOG. Either:
* L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
*/
log_level = L_INFO;
};
/* class {}: contain information about classes for users (OLD Y:) */
class {
/* name: the name of the class. classes are text now */
name = "users";
/* ping time: how often a client must reply to a PING from the
* server before they are dropped.
*/
ping_time = 2 minutes;
/* number per ip: the number of users per host allowed to connect */
number_per_ip = 2;
/* max number: the maximum number of users allowed in this class */
max_number = 100;
/* sendq: the amount of data allowed in a clients queue before
* they are dropped.
*/
sendq = 100 kbytes;
};
class {
name = "restricted";
ping_time = 1 minute 30 seconds;
number_per_ip = 1;
max_number = 100;
sendq = 60kb;
};
class {
name = "opers";
ping_time = 5 minutes;
number_per_ip = 10;
max_number = 100;
sendq = 100kbytes;
auto_join="#ircop";
2002-08-13 14:34:25 +00:00
};
class {
name = "server";
ping_time = 5 minutes;
/* connectfreq: only used in server classes. specifies the delay
* between autoconnecting to servers.
*/
connectfreq = 5 minutes;
/* max number: the amount of servers to autoconnect to */
max_number = 0;
2002-08-13 14:34:25 +00:00
/* sendq: servers need a higher sendq as they send more data */
sendq=2 megabytes;
};
/* listen {}: contain information about the ports ircd listens on (OLD P:) */
listen {
/* port: the specific port to listen on. if no host is specified
* before, it will listen on all available IPs.
*
* ports are seperated via a comma, a range may be specified using ".."
*/
/* port: listen on all available IPs, ports 6665 to 6669 */
port = 6667;
2002-08-13 14:34:25 +00:00
/* host: set a specific IP/host the ports after the line will listen
* on. This may be ipv4 or ipv6.
*/
#host = "10.1.1.2"
2002-08-13 14:34:25 +00:00
};
/* auth {}: allow users to connect to the ircd (OLD I:) */
auth {
2002-09-26 13:56:13 +00:00
/* this block is ideal for opers, as it exempts them from Klines etc */
2002-08-13 14:34:25 +00:00
/* user: the user@host allowed to connect. multiple IPv4/IPv6 user
* lines are permitted per auth block.
*/
2002-09-26 13:56:13 +00:00
user = "*@neostats.net";
2002-08-13 14:34:25 +00:00
/* password: an optional password that is required to use this block */
#password = "letmein";
2002-08-13 14:34:25 +00:00
/* exceed limit: allow a user to exceed class limits (OLD I: > flag) */
exceed_limit = yes;
/* kline exempt: exempt this user from k/glines (OLD I: ^ flag) */
kline_exempt = yes;
/* gline exempt: exempt this user from glines (OLD I: _ flag) */
gline_exempt = yes;
/* no tilde: remove ~ from a user with no ident (OLD I: - flag) */
no_tilde = yes;
/* class: the class the user is placed in */
class = "opers";
};
auth {
/* redirect: the server and port to redirect a user to. A user does
* not have to obey the redirection, the ircd just suggests to them
* an alternative server.
*/
redirserv = "irc.fi";
redirport = 6667;
user = "*.fi";
/* class: a class is required even though it is not used */
class = "users";
};
auth {
user = "*@*";
class = "users";
/* restricted: stop the client sending mode changes */
#restricted = yes;
/* have ident: require the user has identd to connect (OLD I: + flag) */
have_ident = yes;
};
/* operator {}: defines ircd operators. (OLD O:)
*/
operator {
/* name: the name of the oper */
name = "ircop";
2002-08-13 14:34:25 +00:00
/* user: the user@host required for this operator. CIDR is not
* supported. multiple user="" lines are supported.
*/
user = "*@*";
#user = "*@127.0.0.1";
2002-08-13 14:34:25 +00:00
/* password: the password required to oper. By default this will
* need to be encrypted using 'mkpasswd'. MD5 is supported.
*/
password = "g4uSVO1Mi9jy2";
2002-08-13 14:34:25 +00:00
/* rsa key: the public key for this oper when using Challenge.
* A password should not be defined when this is used, see
* doc/challenge.txt for more information.
*/
#rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
/* class: the class the oper joins when they successfully /oper */
class = "opers";
/* privileges: controls the activities and commands an oper are
* allowed to do on the server. All options default to no.
* Available options:
*
* global_kill: allows remote users to be /KILL'd (OLD 'O' flag)
* remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
* kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
* unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
* gline: allows GLINE (OLD 'G' flag)
* nick_changes: allows oper to see nickchanges (OLD 'N' flag)
* via usermode +n
* rehash: allows oper to REHASH config (OLD 'H' flag)
* die: allows DIE and RESTART (OLD 'D' flag)
* admin: gives admin privileges. admins
* may (un)load modules and see the
* real IPs of servers.
*/
global_kill = yes;
remote = yes;
kline = yes;
unkline = yes;
gline = yes;
die = yes;
rehash = yes;
nick_changes = yes;
admin = yes;
};
/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */
connect {
/* name: the name of the server */
name = "stats.dynam.ac";
2002-08-13 14:34:25 +00:00
/* host: the host or IP to connect to. If a hostname is used it
* must match the reverse dns of the server.
*/
host = "*";
2002-08-13 14:34:25 +00:00
/* passwords: the passwords we send (OLD C:) and accept (OLD N:).
* The remote server will have these passwords reversed.
*/
send_password = "linkpass";
accept_password = "linkpass";
2002-08-13 14:34:25 +00:00
/* encrypted: controls whether the accept_password above has been
* encrypted. (OLD CRYPT_LINK_PASSWORD now optional per connect)
*/
encrypted = no;
2002-09-16 04:57:20 +00:00
/* set_ulined: Controls weather this server should be u-lined
* on the entire network. This means that you no longer have
* to set a individual U line (or Shared entry in Hybrid) on every
* server for your services. The U line setting will be dynamically
* set on all other servers when it links.
*/
set_ulined = yes;
2002-09-16 04:57:20 +00:00
2002-08-13 14:34:25 +00:00
/* port: the port to connect to this server on */
port = 6666;
/* hub mask: the mask of servers that this server may hub. Multiple
* entries are permitted
*/
hub_mask = "*";
/* leaf mask: the mask of servers this server may not hub. Multiple
* entries are permitted. Useful for forbidding EU -> US -> EU routes.
*/
#leaf_mask = "*.uk";
/* class: the class this server is in */
class = "server";
/* autoconnect: controls whether we autoconnect to this server or not,
* dependent on class limits.
*/
autoconn = no;
2002-08-13 14:34:25 +00:00
/* compressed: controls whether traffic is compressed via ziplinks.
* By default this is disabled
*/
2002-09-26 13:56:13 +00:00
/* Compression *MIGHT* be un-reliable right at the moment. AND
* if you have a shell that restricts the number of background processes that
* you run, this could cause trouble, as Encrypted and/or Compressed IRCd
* server connections will fork a program called servlink to handle the
* compression and encryption of the traffic. This means that if you are a
* hub, and have 4 servers link to you, you will have 5 processes
* running, the ircd, and 4 servlink processes. This will change in
* future version.
*/
2002-08-13 14:34:25 +00:00
#compressed = yes;
/* lazylink: controls whether this server is a LazyLink. LazyLink
* servers may NOT hub. see doc/LazyLinks.as.implemented.txt
*/
#lazylink = yes;
/* masking: the servername we pretend to be when we connect */
2002-09-26 13:56:13 +00:00
/* this doesn't work just yet */
2002-08-13 14:34:25 +00:00
#fakename = "*.arpa";
};
/* kill {}: users that are not allowed to connect (OLD K:)
* Oper issued klines will be added to the specified kline config
*/
kill {
user = "bad@*.hacked.edu";
reason = "Obviously hacked account";
};
/* deny {}: IPs that are not allowed to connect (before DNS/ident lookup)
* Oper issued dlines will be added to the specified dline config
*/
deny {
ip = "10.0.1.0/24";
reason = "Reconnecting vhosted bots";
};
/* exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:) */
exempt {
ip = "192.168.0.0/16";
};
/* resv {}: nicks and channels users may not use/join (OLD Q:) */
resv {
/* reason: the reason for the proceeding resv's */
reason = "There are no services on this network";
/* resv: the nicks and channels users may not join/use */
nick = "nickserv";
nick = "chanserv";
#channel = "#services";
2002-08-13 14:34:25 +00:00
/* resv: wildcard masks are also supported in nicks only */
reason = "Clone bots";
nick = "clone*";
};
/* gecos {}: The X: replacement, used for banning users based on their
* "realname". The action may be either:
* warn: allow client to connect, but send message to opers
* reject: drop clients but also send message to opers.
* silent: silently drop clients who match.
*/
gecos {
name = "*sex*";
reason = "Possible spambot";
action = warn;
};
gecos {
name = "sub7server";
reason = "Trojan drone";
action = reject;
};
gecos {
name = "*http*";
reason = "Spambot";
action = silent;
};
/* The channel block contains options pertaining to channels */
channel {
/* knock delay: The amount of time a user must wait between issuing
* the knock command.
*/
knock_delay = 5 minutes;
/* knock channel delay: How often a knock to any specific channel
* is permitted, regardless of the user sending the knock.
*/
knock_delay_channel = 1 minute;
/* max chans: The maximum number of channels a user can join/be on. */
max_chans_per_user = 15;
/* quiet on ban: stop banned people talking in channels. */
quiet_on_ban = yes;
/* max bans: maximum number of +b/e/I modes in a channel */
max_bans = 25;
/* persist time: the minimum amount of time a channel will remain with
* all its modes intact once the last user has left the channel.
*
2002-09-16 04:57:20 +00:00
* set to 0 to disable.
2002-08-13 14:34:25 +00:00
*/
persist_time = 30 minutes;
/* splitcode: the ircd will check every 60s as to whether splitmode
* should be disabled or not, so there may be a delay between a
* netsplit ending and splitmode ending.
*
* both split users and split servers must be true to enter splitmode
*
* you may force splitmode to be permanent by /quote set splitmode on
*/
/* split users: when the usercount is lower than this level, consider
* ourselves split. this must be set for automatic splitmode
*/
default_split_user_count = 0;
/* split servers: when the servercount is lower than this, consider
* ourselves split. this must be set for automatic splitmode
*/
default_split_server_count = 0;
/* split no create: disallow users creating channels on split, works in
* tandem with persistant channels, that have retained their modes.
*/
no_create_on_split = no;
/* split: no join: disallow users joining channels at all on a split */
no_join_on_split = no;
};
/* The serverhide block contains the options regarding serverhiding */
serverhide {
/* flatten links: this option will show all servers in /links appear
* that they are linked to this current server
*/
flatten_links = no;
/* links delay: how often to update the links file when it is
* flattened.
*/
links_delay = 5 minutes;
/* hidden: hide this server from a /links output on servers that
* support it. this allows hub servers to be hidden etc.
*/
hidden = no;
/* disable hidden: prevent servers hiding themselves from a
* /links ouput.
*/
disable_hidden = no;
/* hide servers: hide remote servernames everywhere and instead use
* network_name and network_desc.
*/
hide_servers = no;
/* disable remote: disable users doing commands on remote servers */
disable_remote_commands = no;
/* disable local channels: prevent users from joining &channels.
* This is extreme, but it is still a flaw in serverhide. It will
* however remove far more from users than it will give back in
* security.
*/
disable_local_channels = no;
};
/* The general block contains many of the options that were once compiled
* in options in config.h. The general block is read at start time.
*/
general {
/* floodcount: the default value of floodcount that is configurable
* via /quote set floodcount. This is the amount of lines a user
* may send to any other user/channel in one second.
*/
default_floodcount = 10;
/* autojoin: when anyone opers up, they will automatically be
* joined to this channel.
* if the channel doesn't exist, it will be set +ntO
*/
autojoin = "#ircops";
2002-08-13 14:34:25 +00:00
/* failed oper notice: send a notice to all opers on the server when
* someone tries to OPER and uses the wrong password, host or ident.
*/
failed_oper_notice = yes;
/* dots in ident: the amount of '.' characters permitted in an ident
* reply before the user is rejected.
*/
dots_in_ident=2;
/* dot in ipv6: ircd-hybrid-6.0 and earlier will disallow hosts
* without a '.' in them. this will add one to the end. only needed
* for older servers.
*/
dot_in_ip6_addr = yes;
/* min nonwildcard: the minimum non wildcard characters in k/d/g lines
* placed via the server. klines hand placed are exempt from limits.
* wildcard chars: '.' '*' '?' '@'
*/
min_nonwildcard = 4;
/* max accept: maximum allowed /accept's for +g usermode */
max_accept = 20;
/* nick flood: enable the nickflood control code */
anti_nick_flood = yes;
/* nick flood: the nick changes allowed in the specified period */
max_nick_time = 20 seconds;
max_nick_changes = 5;
/* anti spam time: the minimum time a user must be connected before
* custom quit messages are allowed.
*/
anti_spam_exit_message_time = 5 minutes;
/* ts delta: the time delta allowed between server clocks before
* a warning is given, or before the link is dropped. all servers
* should run ntpdate/rdate to keep clocks in sync
*/
ts_warn_delta = 30 seconds;
ts_max_delta = 5 minutes;
/* client exit: prepend a users quit message with "Client exit: " */
client_exit = yes;
/* kline reason: show the user the reason why they are k/d/glined
* on exit. may give away who set k/dline when set via tcm.
*/
kline_with_reason = yes;
/* kline connection closed: make the users quit message on channels
* to be "Connection closed", instead of the kline reason.
*/
kline_with_connection_closed = no;
/* non redundant klines: flag and ignore redundant klines */
non_redundant_klines = yes;
/* warn no nline: warn opers about servers that try to connect but
* we dont have a connect {} block for. Twits with misconfigured
* servers can get really annoying with this enabled.
*/
warn_no_nline = yes;
/* stats o oper only: make stats o (opers) oper only */
stats_o_oper_only=yes;
/* stats P oper only: make stats P (ports) oper only */
stats_P_oper_only=no;
/* stats i oper only: make stats i (auth {}) oper only. set to:
* yes: show users no auth blocks, made oper only.
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_i_oper_only=masked;
/* stats k/K oper only: make stats k/K (klines) oper only. set to:
* yes: show users no auth blocks, made oper only
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_k_oper_only=masked;
/* caller id wait: time between notifying a +g user that somebody
* is messaging them.
*/
caller_id_wait = 1 minute;
/* pace wait simple: time between use of less intensive commands
* (HELP, remote WHOIS, WHOWAS)
*/
pace_wait_simple = 1 second;
/* pace wait: time between more intensive commands
* (ADMIN, INFO, LIST, LUSERS, MOTD, STATS, VERSION)
*/
pace_wait = 10 seconds;
/* short motd: send clients a notice telling them to read the motd
* instead of forcing a motd to clients who may simply ignore it.
*/
short_motd = no;
/* ping cookies: require clients to respond exactly to a ping command,
* can help block certain types of drones and FTP PASV mode spoofing.
*/
ping_cookie = no;
/* no oper flood: increase flood limits for opers. */
no_oper_flood = yes;
/* glines: enable glines, network wide temp klines */
glines = yes;
/* gline time: the amount of time a gline will remain before exiring */
gline_time = 1 day;
/* idletime: the maximum amount of time a user may idle before
* they are disconnected
*/
idletime = 0;
/* maximum links: the maximum amount of servers to connect to for
* connect blocks without a valid class.
*/
maximum_links = 1;
/* REMOVE ME. The following line checks you've been reading. */
/* logfiles: the logfiles to use for user connects, /oper uses,
* and failed /oper. These files must exist for logging to be used.
*/
fname_userlog = "logs/userlog";
fname_operlog = "logs/operlog";
fname_foperlog = "logs/foperlog";
/* max targets: the maximum amount of targets in a single
* PRIVMSG/NOTICE. set to 999 NOT 0 for unlimited.
*/
max_targets = 4;
/* client flood: maximum number of lines in a clients queue before
* they are dropped for flooding.
*/
client_flood = 20;
/* use help: whether an improved help system per command is available
* to users. If this is disabled, users will just be shown a command
* list.
*
* this is non-caching and the help file will be read per command
* which should be an adverse consideration for large servers.
*/
use_help = yes;
/* message locale: the default message locale if gettext() is enabled
* and working.
* Use "custom" for the (in)famous Hybrid custom messages.
* Use "standard" for the compiled in defaults.
*/
message_locale = "custom";
/* usermodes configurable: a list of usermodes for the options below
*
* +b - bots - See bot and drone flooding notices
* +c - cconn - Client connection/quit notices
* +d - debug - See debugging notices
* +f - full - See I: line full notices
* +g - callerid - Server Side Ignore
* +i - invisible - Not shown in NAMES or WHO unless you share a
* a channel
* +k - skill - See server generated KILL messages
* +l - locops - See LOCOPS messages
* +n - nchange - See client nick changes
* +r - rej - See rejected client notices
* +s - servnotice - See general server notices
* +u - unauth - See unauthorized client notices
* +w - wallop - See server generated WALLOPS
* +x - external - See remote server connection and split notices
* +y - spy - See LINKS, STATS, TRACE notices etc.
* +z - operwall - See oper generated WALLOPS
*/
/* oper only umodes: usermodes only opers may set */
oper_only_umodes = bots, cconn, debug, full, skill, nchange,
rej, spy, external, operwall, locops, unauth;
/* oper umodes: default usermodes opers get when they /oper */
2002-09-16 04:57:20 +00:00
/* oper_umodes = locops, servnotice, operwall, wallop, bots, ccon, debug, full, skil, nchange, rej, spy, external; */
2002-08-13 14:34:25 +00:00
/* servlink path: path to 'servlink' program used by ircd to handle
* encrypted/compressed server <-> server links.
*
* only define if servlink is not in same directory as ircd itself.
*/
#servlink_path = "/usr/local/ircd/bin/servlink";
/* default cipher: default cipher to use for cryptlink when none is
* specified in connect block.
*/
#default_cipher_preference = "BF/256";
/* use egd: if your system does not have *random devices yet you
* want to use OpenSSL and encrypted links, enable this. Beware -
* EGD is *very* CPU intensive when gathering data for its pool
*/
#use_egd = yes;
/* egdpool path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
* which automatically finds the path.
*/
#egdpool_path = "/var/run/egd-pool";
/* compression level: level of compression for compressed links between
* servers.
*
* values are between: 1 (least compression, fastest)
* and: 9 (most compression, slowest).
*/
#compression_level = 6;
/* throttle time: the minimum amount of time between connections from
* the same ip. exempt {} blocks are excluded from this throttling.
* Offers protection against flooders who reconnect quickly.
* Set to 0 to disable.
*/
throttle_time = 10;
};
modules {
/* module path: paths to search for modules specified below and
* in /modload.
*/
path = "/usr/local/ircd/modules";
path = "/usr/local/ircd/modules/autoload";
/* module: the name of a module to load on startup/rehash */
#module = "some_module.so";
};