/* doc/example.conf - NeoIRCd Example configuration file * Copyright (C) 2002 NeoStats * * ported from Hybrid7 by fish * * $Id: example.conf,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $ */ /* IMPORTANT NOTES: * * class {} blocks MUST be specified before anything that uses them. That * means they must be defined before auth {} and before connect {}. * * auth {} blocks MUST be specified in order of precedence. The first one * that matches a user will be used. So place spoofs first, then specials, * then general access, then restricted. * * Both shell style (#) and C style comments are supported. * * Files may be included by either: * .include "filename" * .include * * Times/durations are written as: * 12 hours 30 minutes 1 second * * Valid units of time: * month, week, day, hour, minute, second * * Valid units of size: * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte * * Sizes and times may be singular or plural. */ /* serverinfo {}: Contains information about the server. (OLD M:) */ serverinfo { /* name: the name of our server */ name = "irc.dynam.ac"; /* description: the description of our server. '[' and ']' may not * be used here for compatibility with older servers. */ description = "NeoIRCd test server"; /* network info: the name and description of the network this server * is on. Shown in the 005 reply and used with serverhiding. */ network_name = "MyNet"; network_desc = "This is My Network"; /* hub: allow this server to act as a hub and have multiple servers * connected to it. This may not be changed if there are active * LazyLink servers. */ hub = yes; /* vhost: the IP to bind to when we connect outward to ipv4 servers. * This should be an ipv4 IP only. */ #vhost = "192.169.0.1"; /* vhost6: the IP to bind to when we connect outward to ipv6 servers. * This should be an ipv6 IP only. */ #vhost6 = "3ffe:80e8:546::2"; /* max clients: the maximum number of clients allowed to connect */ max_clients = 512; /* rsa key: the path to the file containing our rsa key for cryptlink. * * Example command to store a 2048 bit RSA keypair in * rsa.key, and the public key in rsa.pub: * * openssl genrsa -out rsa.key 2048 * openssl rsa -in rsa.key -pubout -out rsa.pub * chown . rsa.key rsa.pub * chmod 0600 rsa.key * chmod 0644 rsa.pub */ #rsa_private_key_file = "/usr/local/ircd/etc/rsa.key"; }; /* admin {}: contains admin information about the server. (OLD A:) */ admin { name = "Smurf target"; description = "Main Server Administrator"; email = ""; }; /* logging {}: contains information about logfiles. */ logging { /* log level: the amount of detail to log in ircd.log. The * higher, the more information is logged. May be changed * once the server is running via /quote SET LOG. Either: * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG */ log_level = L_INFO; }; /* class {}: contain information about classes for users (OLD Y:) */ class { /* name: the name of the class. classes are text now */ name = "users"; /* ping time: how often a client must reply to a PING from the * server before they are dropped. */ ping_time = 2 minutes; /* number per ip: the number of users per host allowed to connect */ number_per_ip = 2; /* max number: the maximum number of users allowed in this class */ max_number = 100; /* sendq: the amount of data allowed in a clients queue before * they are dropped. */ sendq = 100 kbytes; }; class { name = "restricted"; ping_time = 1 minute 30 seconds; number_per_ip = 1; max_number = 100; sendq = 60kb; }; class { name = "opers"; ping_time = 5 minutes; number_per_ip = 10; max_number = 100; sendq = 100kbytes; auto_join="#ircop"; }; class { name = "server"; ping_time = 5 minutes; /* connectfreq: only used in server classes. specifies the delay * between autoconnecting to servers. */ connectfreq = 5 minutes; /* max number: the amount of servers to autoconnect to */ max_number = 0; /* sendq: servers need a higher sendq as they send more data */ sendq=2 megabytes; }; /* listen {}: contain information about the ports ircd listens on (OLD P:) */ listen { /* port: the specific port to listen on. if no host is specified * before, it will listen on all available IPs. * * ports are seperated via a comma, a range may be specified using ".." */ /* port: listen on all available IPs, ports 6665 to 6669 */ port = 6667; /* host: set a specific IP/host the ports after the line will listen * on. This may be ipv4 or ipv6. */ #host = "10.1.1.2" }; /* auth {}: allow users to connect to the ircd (OLD I:) */ auth { /* this block is ideal for opers, as it exempts them from Klines etc */ /* user: the user@host allowed to connect. multiple IPv4/IPv6 user * lines are permitted per auth block. */ user = "*@neostats.net"; /* password: an optional password that is required to use this block */ #password = "letmein"; /* exceed limit: allow a user to exceed class limits (OLD I: > flag) */ exceed_limit = yes; /* kline exempt: exempt this user from k/glines (OLD I: ^ flag) */ kline_exempt = yes; /* gline exempt: exempt this user from glines (OLD I: _ flag) */ gline_exempt = yes; /* no tilde: remove ~ from a user with no ident (OLD I: - flag) */ no_tilde = yes; /* class: the class the user is placed in */ class = "opers"; }; auth { /* redirect: the server and port to redirect a user to. A user does * not have to obey the redirection, the ircd just suggests to them * an alternative server. */ redirserv = "irc.fi"; redirport = 6667; user = "*.fi"; /* class: a class is required even though it is not used */ class = "users"; }; auth { user = "*@*"; class = "users"; /* restricted: stop the client sending mode changes */ #restricted = yes; /* have ident: require the user has identd to connect (OLD I: + flag) */ have_ident = yes; }; /* operator {}: defines ircd operators. (OLD O:) */ operator { /* name: the name of the oper */ name = "ircop"; /* user: the user@host required for this operator. CIDR is not * supported. multiple user="" lines are supported. */ user = "*@*"; #user = "*@127.0.0.1"; /* password: the password required to oper. By default this will * need to be encrypted using 'mkpasswd'. MD5 is supported. */ password = "g4uSVO1Mi9jy2"; /* rsa key: the public key for this oper when using Challenge. * A password should not be defined when this is used, see * doc/challenge.txt for more information. */ #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; /* class: the class the oper joins when they successfully /oper */ class = "opers"; /* privileges: controls the activities and commands an oper are * allowed to do on the server. All options default to no. * Available options: * * global_kill: allows remote users to be /KILL'd (OLD 'O' flag) * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) * kline: allows KILL, KLINE and DLINE (OLD 'K' flag) * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) * gline: allows GLINE (OLD 'G' flag) * nick_changes: allows oper to see nickchanges (OLD 'N' flag) * via usermode +n * rehash: allows oper to REHASH config (OLD 'H' flag) * die: allows DIE and RESTART (OLD 'D' flag) * admin: gives admin privileges. admins * may (un)load modules and see the * real IPs of servers. */ global_kill = yes; remote = yes; kline = yes; unkline = yes; gline = yes; die = yes; rehash = yes; nick_changes = yes; admin = yes; }; /* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */ connect { /* name: the name of the server */ name = "stats.dynam.ac"; /* host: the host or IP to connect to. If a hostname is used it * must match the reverse dns of the server. */ host = "*"; /* passwords: the passwords we send (OLD C:) and accept (OLD N:). * The remote server will have these passwords reversed. */ send_password = "linkpass"; accept_password = "linkpass"; /* encrypted: controls whether the accept_password above has been * encrypted. (OLD CRYPT_LINK_PASSWORD now optional per connect) */ encrypted = no; /* set_ulined: Controls weather this server should be u-lined * on the entire network. This means that you no longer have * to set a individual U line (or Shared entry in Hybrid) on every * server for your services. The U line setting will be dynamically * set on all other servers when it links. */ set_ulined = yes; /* port: the port to connect to this server on */ port = 6666; /* hub mask: the mask of servers that this server may hub. Multiple * entries are permitted */ hub_mask = "*"; /* leaf mask: the mask of servers this server may not hub. Multiple * entries are permitted. Useful for forbidding EU -> US -> EU routes. */ #leaf_mask = "*.uk"; /* class: the class this server is in */ class = "server"; /* autoconnect: controls whether we autoconnect to this server or not, * dependent on class limits. */ autoconn = no; /* compressed: controls whether traffic is compressed via ziplinks. * By default this is disabled */ /* Compression *MIGHT* be un-reliable right at the moment. AND * if you have a shell that restricts the number of background processes that * you run, this could cause trouble, as Encrypted and/or Compressed IRCd * server connections will fork a program called servlink to handle the * compression and encryption of the traffic. This means that if you are a * hub, and have 4 servers link to you, you will have 5 processes * running, the ircd, and 4 servlink processes. This will change in * future version. */ #compressed = yes; /* lazylink: controls whether this server is a LazyLink. LazyLink * servers may NOT hub. see doc/LazyLinks.as.implemented.txt */ #lazylink = yes; /* masking: the servername we pretend to be when we connect */ /* this doesn't work just yet */ #fakename = "*.arpa"; }; /* kill {}: users that are not allowed to connect (OLD K:) * Oper issued klines will be added to the specified kline config */ kill { user = "bad@*.hacked.edu"; reason = "Obviously hacked account"; }; /* deny {}: IPs that are not allowed to connect (before DNS/ident lookup) * Oper issued dlines will be added to the specified dline config */ deny { ip = "10.0.1.0/24"; reason = "Reconnecting vhosted bots"; }; /* exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:) */ exempt { ip = "192.168.0.0/16"; }; /* resv {}: nicks and channels users may not use/join (OLD Q:) */ resv { /* reason: the reason for the proceeding resv's */ reason = "There are no services on this network"; /* resv: the nicks and channels users may not join/use */ nick = "nickserv"; nick = "chanserv"; #channel = "#services"; /* resv: wildcard masks are also supported in nicks only */ reason = "Clone bots"; nick = "clone*"; }; /* gecos {}: The X: replacement, used for banning users based on their * "realname". The action may be either: * warn: allow client to connect, but send message to opers * reject: drop clients but also send message to opers. * silent: silently drop clients who match. */ gecos { name = "*sex*"; reason = "Possible spambot"; action = warn; }; gecos { name = "sub7server"; reason = "Trojan drone"; action = reject; }; gecos { name = "*http*"; reason = "Spambot"; action = silent; }; /* The channel block contains options pertaining to channels */ channel { /* knock delay: The amount of time a user must wait between issuing * the knock command. */ knock_delay = 5 minutes; /* knock channel delay: How often a knock to any specific channel * is permitted, regardless of the user sending the knock. */ knock_delay_channel = 1 minute; /* max chans: The maximum number of channels a user can join/be on. */ max_chans_per_user = 15; /* quiet on ban: stop banned people talking in channels. */ quiet_on_ban = yes; /* max bans: maximum number of +b/e/I modes in a channel */ max_bans = 25; /* persist time: the minimum amount of time a channel will remain with * all its modes intact once the last user has left the channel. * * set to 0 to disable. */ persist_time = 30 minutes; /* splitcode: the ircd will check every 60s as to whether splitmode * should be disabled or not, so there may be a delay between a * netsplit ending and splitmode ending. * * both split users and split servers must be true to enter splitmode * * you may force splitmode to be permanent by /quote set splitmode on */ /* split users: when the usercount is lower than this level, consider * ourselves split. this must be set for automatic splitmode */ default_split_user_count = 0; /* split servers: when the servercount is lower than this, consider * ourselves split. this must be set for automatic splitmode */ default_split_server_count = 0; /* split no create: disallow users creating channels on split, works in * tandem with persistant channels, that have retained their modes. */ no_create_on_split = no; /* split: no join: disallow users joining channels at all on a split */ no_join_on_split = no; }; /* The serverhide block contains the options regarding serverhiding */ serverhide { /* flatten links: this option will show all servers in /links appear * that they are linked to this current server */ flatten_links = no; /* links delay: how often to update the links file when it is * flattened. */ links_delay = 5 minutes; /* hidden: hide this server from a /links output on servers that * support it. this allows hub servers to be hidden etc. */ hidden = no; /* disable hidden: prevent servers hiding themselves from a * /links ouput. */ disable_hidden = no; /* hide servers: hide remote servernames everywhere and instead use * network_name and network_desc. */ hide_servers = no; /* disable remote: disable users doing commands on remote servers */ disable_remote_commands = no; /* disable local channels: prevent users from joining &channels. * This is extreme, but it is still a flaw in serverhide. It will * however remove far more from users than it will give back in * security. */ disable_local_channels = no; }; /* The general block contains many of the options that were once compiled * in options in config.h. The general block is read at start time. */ general { /* floodcount: the default value of floodcount that is configurable * via /quote set floodcount. This is the amount of lines a user * may send to any other user/channel in one second. */ default_floodcount = 10; /* autojoin: when anyone opers up, they will automatically be * joined to this channel. * if the channel doesn't exist, it will be set +ntO */ autojoin = "#ircops"; /* failed oper notice: send a notice to all opers on the server when * someone tries to OPER and uses the wrong password, host or ident. */ failed_oper_notice = yes; /* dots in ident: the amount of '.' characters permitted in an ident * reply before the user is rejected. */ dots_in_ident=2; /* dot in ipv6: ircd-hybrid-6.0 and earlier will disallow hosts * without a '.' in them. this will add one to the end. only needed * for older servers. */ dot_in_ip6_addr = yes; /* min nonwildcard: the minimum non wildcard characters in k/d/g lines * placed via the server. klines hand placed are exempt from limits. * wildcard chars: '.' '*' '?' '@' */ min_nonwildcard = 4; /* max accept: maximum allowed /accept's for +g usermode */ max_accept = 20; /* nick flood: enable the nickflood control code */ anti_nick_flood = yes; /* nick flood: the nick changes allowed in the specified period */ max_nick_time = 20 seconds; max_nick_changes = 5; /* anti spam time: the minimum time a user must be connected before * custom quit messages are allowed. */ anti_spam_exit_message_time = 5 minutes; /* ts delta: the time delta allowed between server clocks before * a warning is given, or before the link is dropped. all servers * should run ntpdate/rdate to keep clocks in sync */ ts_warn_delta = 30 seconds; ts_max_delta = 5 minutes; /* client exit: prepend a users quit message with "Client exit: " */ client_exit = yes; /* kline reason: show the user the reason why they are k/d/glined * on exit. may give away who set k/dline when set via tcm. */ kline_with_reason = yes; /* kline connection closed: make the users quit message on channels * to be "Connection closed", instead of the kline reason. */ kline_with_connection_closed = no; /* non redundant klines: flag and ignore redundant klines */ non_redundant_klines = yes; /* warn no nline: warn opers about servers that try to connect but * we dont have a connect {} block for. Twits with misconfigured * servers can get really annoying with this enabled. */ warn_no_nline = yes; /* stats o oper only: make stats o (opers) oper only */ stats_o_oper_only=yes; /* stats P oper only: make stats P (ports) oper only */ stats_P_oper_only=no; /* stats i oper only: make stats i (auth {}) oper only. set to: * yes: show users no auth blocks, made oper only. * masked: show users first matching auth block * no: show users all auth blocks. */ stats_i_oper_only=masked; /* stats k/K oper only: make stats k/K (klines) oper only. set to: * yes: show users no auth blocks, made oper only * masked: show users first matching auth block * no: show users all auth blocks. */ stats_k_oper_only=masked; /* caller id wait: time between notifying a +g user that somebody * is messaging them. */ caller_id_wait = 1 minute; /* pace wait simple: time between use of less intensive commands * (HELP, remote WHOIS, WHOWAS) */ pace_wait_simple = 1 second; /* pace wait: time between more intensive commands * (ADMIN, INFO, LIST, LUSERS, MOTD, STATS, VERSION) */ pace_wait = 10 seconds; /* short motd: send clients a notice telling them to read the motd * instead of forcing a motd to clients who may simply ignore it. */ short_motd = no; /* ping cookies: require clients to respond exactly to a ping command, * can help block certain types of drones and FTP PASV mode spoofing. */ ping_cookie = no; /* no oper flood: increase flood limits for opers. */ no_oper_flood = yes; /* glines: enable glines, network wide temp klines */ glines = yes; /* gline time: the amount of time a gline will remain before exiring */ gline_time = 1 day; /* idletime: the maximum amount of time a user may idle before * they are disconnected */ idletime = 0; /* maximum links: the maximum amount of servers to connect to for * connect blocks without a valid class. */ maximum_links = 1; /* REMOVE ME. The following line checks you've been reading. */ /* logfiles: the logfiles to use for user connects, /oper uses, * and failed /oper. These files must exist for logging to be used. */ fname_userlog = "logs/userlog"; fname_operlog = "logs/operlog"; fname_foperlog = "logs/foperlog"; /* max targets: the maximum amount of targets in a single * PRIVMSG/NOTICE. set to 999 NOT 0 for unlimited. */ max_targets = 4; /* client flood: maximum number of lines in a clients queue before * they are dropped for flooding. */ client_flood = 20; /* use help: whether an improved help system per command is available * to users. If this is disabled, users will just be shown a command * list. * * this is non-caching and the help file will be read per command * which should be an adverse consideration for large servers. */ use_help = yes; /* message locale: the default message locale if gettext() is enabled * and working. * Use "custom" for the (in)famous Hybrid custom messages. * Use "standard" for the compiled in defaults. */ message_locale = "custom"; /* usermodes configurable: a list of usermodes for the options below * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +d - debug - See debugging notices * +f - full - See I: line full notices * +g - callerid - Server Side Ignore * +i - invisible - Not shown in NAMES or WHO unless you share a * a channel * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +r - rej - See rejected client notices * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +x - external - See remote server connection and split notices * +y - spy - See LINKS, STATS, TRACE notices etc. * +z - operwall - See oper generated WALLOPS */ /* oper only umodes: usermodes only opers may set */ oper_only_umodes = bots, cconn, debug, full, skill, nchange, rej, spy, external, operwall, locops, unauth; /* oper umodes: default usermodes opers get when they /oper */ /* oper_umodes = locops, servnotice, operwall, wallop, bots, ccon, debug, full, skil, nchange, rej, spy, external; */ /* servlink path: path to 'servlink' program used by ircd to handle * encrypted/compressed server <-> server links. * * only define if servlink is not in same directory as ircd itself. */ #servlink_path = "/usr/local/ircd/bin/servlink"; /* default cipher: default cipher to use for cryptlink when none is * specified in connect block. */ #default_cipher_preference = "BF/256"; /* use egd: if your system does not have *random devices yet you * want to use OpenSSL and encrypted links, enable this. Beware - * EGD is *very* CPU intensive when gathering data for its pool */ #use_egd = yes; /* egdpool path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7 * which automatically finds the path. */ #egdpool_path = "/var/run/egd-pool"; /* compression level: level of compression for compressed links between * servers. * * values are between: 1 (least compression, fastest) * and: 9 (most compression, slowest). */ #compression_level = 6; /* throttle time: the minimum amount of time between connections from * the same ip. exempt {} blocks are excluded from this throttling. * Offers protection against flooders who reconnect quickly. * Set to 0 to disable. */ throttle_time = 10; }; modules { /* module path: paths to search for modules specified below and * in /modload. */ path = "/usr/local/ircd/modules"; path = "/usr/local/ircd/modules/autoload"; /* module: the name of a module to load on startup/rehash */ #module = "some_module.so"; };