/* * This is an example configuration file for ircd-hybrid * * Copyright (c) 2000-2014 ircd-hybrid development team * * $Id$ */ /* * ######################################################################## * IMPORTANT NOTE: * * auth {} blocks MUST be specified in order of precedence. The first one * that matches a user will be used. So place spoofs first, then specials, * then general access. * ######################################################################## * * Shell style (#), C++ style (//) and C style comments are supported. * * Files may be included by either: * .include "filename" * .include * * Times/durations are written as: * 12 hours 30 minutes 1 second * * Valid units of time: * year, month, week, day, hour, minute, second * * Valid units of size: * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte * * Sizes and times may be singular or plural. */ /* * serverinfo {}: contains information about the server */ serverinfo { /* * name: the name of this server. This cannot be changed at runtime. */ name = "hades.arpa"; /* * sid: a server's unique ID. This is three characters long and must * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be * a digit, followed by 2 alpha-numerical letters. * * NOTE: The letters must be capitalized. This cannot be changed at runtime. */ sid = "0HY"; /* * description: the description of the server. */ description = "ircd-hybrid test server"; /* * network info: the name and description of the network this server * is on. Shown in the 005 reply and used with serverhiding. */ network_name = "MyNet"; network_desc = "This is My Network"; /* * hub: allow this server to act as a hub and have multiple servers * connected to it. */ hub = no; /* * vhost: the IP to bind to when we connect outward to ipv4 servers. * This should be an ipv4 IP only, or "*" for INADDR_ANY. */ # vhost = "192.169.0.1"; /* * vhost6: the address to bind to when we make outgoing connections * to IPv6 servers. This should be an IPv6 address, or "*" for INADDR_ANY. */ # vhost6 = "3ffe:80e8:546::2"; /* max_clients: the maximum number of clients allowed to connect. */ max_clients = 512; /* * max_nick_length: only applies to local clients. Must be in the * range of 9 to 30. Default is 9 if nothing else is specified. */ max_nick_length = 9; /* * max_topic_length: only applies to topics set by local clients. * Must be in the range of 80 to 300. Default is 80 if nothing * else is specified. */ max_topic_length = 160; /* * rsa_private_key_file: the path to the file containing the * RSA key. * * Example commands to store a 2048 bit RSA key in rsa.key: * * openssl genrsa -out rsa.key 2048 * chown . rsa.key * chmod 0600 rsa.key */ # rsa_private_key_file = "etc/rsa.key"; /* * ssl_certificate_file: the path to the file containing our * SSL certificate for encrypted client connection. * * This assumes your private RSA key is stored in rsa.key. You * MUST have an RSA key in order to generate the certificate. * * Example command: * * openssl req -new -days 365 -x509 -key rsa.key -out cert.pem * * See http://www.openssl.org/docs/HOWTO/certificates.txt * * Please use the following values when generating the cert * * Organization Name: Network Name * Organization Unit Name: changme.someirc.net * Common Name: irc.someirc.net * E-mail: you@domain.com */ # ssl_certificate_file = "etc/cert.pem"; /* * ssl_dh_param_file: * * Path to the PEM encoded Diffie-Hellman parameter file. * DH parameters are required when using ciphers with EDH * (ephemeral Diffie-Hellman) key exchange. * * A DH parameter file can be created by running: * * openssl dhparam -out dhparam.pem 2048 * * Prime size must be at least 1024 bits. Further information * regarding specific OpenSSL dhparam command-line options * can be found in the OpenSSL manual. */ # ssl_dh_param_file = "etc/dhparam.pem"; /* * ssl_cipher_list: * * List of ciphers to support on _this_ server. Can be used to * enforce specific ciphers for incoming SSL/TLS connections. * If a client (which also includes incoming server connections) is not * capable of using any of the ciphers listed here, the connection will * simply be rejected. * * A list of supported ciphers by OpenSSL can be obtained by running: * * openssl ciphers -ssl3 -tls1 -v * * Multiple ciphers are separated by colons. The order of preference is * from left to right. */ # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; /* * ssl_server_method: * ssl_client_method: * * SSL/TLS methods we provide for incoming (server method) and * outgoing (client method) SSL/TLS connections. * This can be either sslv3 for SSLv3, and/or tlsv1 for TLSv1. */ # ssl_server_method = tlsv1, sslv3; # ssl_client_method = tlsv1; }; /* * admin {}: contains admin information about the server */ admin { name = "Smurf target"; description = "Main Server Administrator"; email = ""; }; /* * class {}: contains information about classes for users */ class { /* name: the name of the class. */ name = "users"; /* * ping_time: how often a client must reply to a PING from the * server before they are dropped. */ ping_time = 90 seconds; /* * number_per_ip: how many local users are allowed to connect * from a single IP address (optional) */ number_per_ip = 2; /* * max_local: how many local users are allowed to connect * from a single ident@host (optional) */ max_local = 2; /* * max_global: network-wide limit of users per ident@host (optional) */ max_global = 10; /* * max_number: the maximum number of users allowed in this class (optional) */ max_number = 100; /* * The following lines are optional and allow you to define * how many users can connect from one /NN subnet. */ cidr_bitlen_ipv4 = 24; cidr_bitlen_ipv6 = 120; number_per_cidr = 16; /* * sendq: the amount of data allowed in a client's send queue before * they are dropped. */ sendq = 100 kbytes; /* * recvq: the amount of data allowed in a client's receive queue before * they are dropped for flooding. Defaults to 2560 if the chosen * value isn't within the range of 512 to 8000. */ recvq = 2560 bytes; }; class { name = "opers"; ping_time = 90 seconds; number_per_ip = 10; max_number = 100; sendq = 100 kbytes; /* * min_idle: minimum idle time that is shown in /whois. */ min_idle = 3 hours; /* * max_idle: maximum idle time that is shown in /whois. */ max_idle = 8 hours; /* * flags: * * random_idle - a fake idle time is set randomly between * min_idle and max_idle * hide_idle_from_opers - the fake idle time will also be shown to operators */ flags = random_idle, hide_idle_from_opers; }; class { name = "server"; ping_time = 90 seconds; /* * connectfreq: only used in server classes. Specifies the delay * between autoconnecting to servers. */ connectfreq = 5 minutes; /* max number: the number of servers to autoconnect to. */ max_number = 1; /* sendq: servers need a higher sendq as they send more data. */ sendq = 2 megabytes; }; /* * motd {}: Allows the display of a different MOTD to a client * depending on its origin. Applies to local users only. */ motd { /* * mask: multiple mask entries are permitted. Mask can either be * a class name or a hostname. CIDR is supported. */ mask = "*.at"; mask = "*.de"; mask = "*.ch"; /* * file: path to the actual motd file. */ file = "etc/german.motd"; }; /* * listen {}: contains information about the ports ircd listens on */ listen { /* * port: the port to listen on. If no host is specified earlier * in the listen {} block, it will listen on all available IPs. * * Ports are separated by commas; a range may be specified using ".." */ /* port: listen on all available IP addresses, ports 6665 to 6669 */ port = 6665 .. 6669; /* * Listen on 192.168.0.1/6697 with SSL enabled and hidden from STATS P * unless you are an administrator. * * NOTE: The "flags" directive always has to come before "port". * * Currently available flags are: * * ssl - Port may only accept TLS/SSL connections * server - Only server connections are permitted * hidden - Port is hidden from /stats P, unless you're an admin */ flags = hidden, ssl; host = "192.168.0.1"; port = 6697; /* * host: set a specific IP address/host to listen on using the * subsequent port definitions. This may be IPv4 or IPv6. */ host = "1.2.3.4"; port = 7000, 7001; host = "3ffe:1234:a:b:c::d"; port = 7002; }; /* * auth {}: allow users to connect to the ircd */ auth { /* * user: the user@host allowed to connect. Multiple user * lines are permitted within each auth {} block. */ user = "*@172.16.0.0/12"; user = "*test@123D:B567:*"; /* password: an optional password that is required to use this block. */ password = "letmein"; /* * encrypted: controls whether the auth password above has been * encrypted. */ encrypted = yes; /* * spoof: fake the user's host to this. This is free-form, just do * everyone a favor and don't abuse it. ('=' prefix on /stats I) */ spoof = "I.still.hate.packets"; /* class: the class the user is placed in. */ class = "opers"; /* * need_password - don't allow users who haven't supplied the correct * password to connect using another auth {} block * ('&' prefix on /stats I if disabled) * need_ident - require the user to have identd to connect ('+' prefix on /stats I) * spoof_notice - enable spoofing notification to admins * exceed_limit - allow a user to exceed class limits ('>' prefix on /stats I) * kline_exempt - exempt this user from k/glines ('^' prefix on /stats I) * gline_exempt - exempt this user from glines ('_' prefix on /stats I) * resv_exempt - exempt this user from resvs ('$' prefix on /stats I) * no_tilde - remove ~ from a user with no ident ('-' prefix on /stats I) * can_flood - allow this user to exceed flood limits ('|' prefix on /stats I) * webirc - enables WEBIRC authentication for web-based clients such as Mibbit * ('<' prefix on /stats I) */ flags = need_password, spoof_notice, exceed_limit, kline_exempt, gline_exempt, resv_exempt, no_tilde, can_flood; }; auth { /* * redirect: the server and port to redirect a user to. A user does not * have to obey the redirection; the ircd just suggests an alternative * server for them. */ redirserv = "this.is.not.a.real.server"; redirport = 6667; user = "*.server"; /* class: a class is required even though it is not used. */ class = "users"; }; auth { user = "*@*"; class = "users"; flags = need_ident; }; /* * operator {}: defines ircd operators */ operator { /* name: the name of the oper */ name = "sheep"; /* * user: the user@host required for this operator. Multiple * user lines are supported. */ user = "*sheep@192.168.0.0/16"; user = "*@127.0.0.0/8"; /* * password: the password required to oper. By default this will * need to be encrypted by using the provided mkpasswd tool. * Several password hash algorithms are available depending * on your system's crypt() implementation. For example, a modern * glibc already has support for the SHA-256/512 and MD5 encryption * algorithms. */ password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4"; /* * encrypted: controls whether the oper password above has been * encrypted. */ encrypted = yes; /* * rsa_public_key_file: the public key for this oper when using Challenge. * A password should not be defined when this is used; see * doc/challenge.txt for more information. */ # rsa_public_key_file = "etc/oper.pub"; /* * ssl_certificate_fingerprint: enhances security by additionally checking * the oper's client certificate fingerprint against the specified * fingerprint below. * * Hint: your users can use the following command to obtain a SHA-256 hash * of their ssl certificate: * * openssl x509 -sha256 -noout -fingerprint -in cert.pem | sed -e 's/^.*=//;s/://g' */ # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; /* * ssl_connection_required: client must be connected over SSL/TLS * in order to be able to use this operator {} block. * Default is 'no' if nothing else is specified. */ ssl_connection_required = no; /* class: the class the oper joins when they successfully /oper or /challenge. */ class = "opers"; /* * umodes: the default usermodes opers get when they /oper or /challenge. * If defined, it will override oper_umodes settings in general {}. * Available usermodes: * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +D - deaf - Don't receive channel messages * +d - debug - See debugging notices * +e - external - See remote server connection and split notices * +F - farconnect - Remote client connection/quit notices * +f - full - See auth {} block full notices * +G - softcallerid - Server Side Ignore for users not on your channels * +g - callerid - Server Side Ignore (for privmsgs etc) * +H - hidden - Hides operator status to other users * +i - invisible - Not shown in NAMES or WHO unless you share a channel * +j - rej - See rejected client notices * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +R - nononreg - Only receive private messages from registered clients * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +y - spy - See LINKS, STATS, TRACE notices etc. * +z - operwall - See oper generated WALLOPS */ umodes = locops, servnotice, operwall, wallop; /* * privileges: controls the activities and commands an oper is * allowed to do on the server. All options default to 'no'. * Available options: * * module - allows MODULE * connect - allows local CONNECT | ('P' flag) * connect:remote - allows remote CONNECT | ('Q' flag) * squit - allows local SQUIT | ('R' flag) * squit:remote - allows remote SQUIT | ('S' flag) * kill - allows to KILL local clients | ('N' flag) * kill:remote - allows remote users to be /KILL'd | ('O' flag) * remoteban - allows remote KLINE/UNKLINE | ('B' flag) * dline - allows DLINE | * undline - allows UNDLINE | * kline - allows KLINE | ('K' flag) * unkline - allows UNKLINE | ('U' flag) * gline - allows GLINE | ('G' flag) * xline - allows XLINE | ('X' flag) * unxline - allows UNXLINE | * locops - allows LOCOPS | * globops - allows GLOBOPS | * wallops - allows WALLOPS | * operwall - allows OPERWALL | ('L' flag) * rehash - allows oper to REHASH config | ('H' flag) * die - allows DIE | ('D' flag) * restart - allows RESTART | * set - allows SET | * admin - gives administrator privileges | ('A' flag) */ flags = kill, kill:remote, connect, connect:remote, kline, unkline, xline, globops, restart, die, rehash, admin, operwall, module; }; /* * service {}: specifies a server which may act as a network service * * NOTE: it is very important that every server on the network * has the same service {} block. */ service { name = "service.someserver"; name = "stats.someserver"; }; /* * connect {}: define a server to connect to */ connect { /* name: the name of the server. */ name = "irc.uplink.com"; /* * host: the host or IP address to connect to. If a hostname is used it * must match the reverse DNS of the server. */ host = "192.168.0.1"; /* * vhost: the IP address to bind to when making outgoing connections to * servers. * serverinfo::vhost and serverinfo::vhost6 will be overridden * by this directive. */ vhost = "192.168.0.2"; /* * passwords: the passwords to send (OLD C:) and accept (OLD N:). * The remote server will have these passwords swapped. */ send_password = "password"; accept_password = "anotherpassword"; /* * encrypted: controls whether the accept_password above has been * encrypted. */ encrypted = no; /* port: the port to connect to this server on. */ port = 6666; /* * hub_mask: the mask of servers that this server may hub. Multiple * entries are permitted. */ hub_mask = "*"; /* * leaf_mask: the mask of servers this server may not hub. Multiple * entries are permitted. Useful for forbidding EU -> US -> EU routes. */ # leaf_mask = "*.uk"; /* class: the class this server is in. */ class = "server"; /* * ssl_cipher_list: * * List of ciphers that the server we are connecting to must support. * If the server is not capable of using any of the ciphers listed below, * the connection will simply be rejected. * Can be used to enforce stronger ciphers, even though this option * is not necessarily required to establish a SSL/TLS connection. * * Multiple ciphers are separated by colons. The order of preference * is from left to right. */ # ssl_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; /* * ssl_certificate_fingerprint: enhances security by additionally checking * the server's client certificate fingerprint against the specified * fingerprint below. */ # ssl_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; /* * autoconn - controls whether we autoconnect to this server or not, * dependent on class limits. By default, this is disabled. * ssl - Initiates a TLS/SSL connection. */ # flags = autoconn, ssl; }; connect { name = "ipv6.some.server"; host = "3ffd:dead:beef::1"; send_password = "password"; accept_password = "password"; port = 6666; /* * aftype: controls whether the connection uses "ipv4" or "ipv6". * Default is ipv4. */ aftype = ipv6; class = "server"; }; /* * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops * automatically */ cluster { /* * name: the server to share with; this can take wildcards * * NOTE: only local actions will be clustered, meaning that if * the server receives a shared kline/unkline/etc, it * will not be propagated to clustered servers. * * Remote servers are not necessarily required to accept * clustered lines, they need a shared {} block for *THIS* * server in order to accept them. */ name = "*.arpa"; /* * type: list of what to share; options are as follows: * dline - share dlines * undline - share undlines * kline - share klines * unkline - share unklines * xline - share xlines * unxline - share unxlines * resv - share resvs * unresv - share unresvs * locops - share locops * all - share all of the above (default) */ type = kline, unkline, locops, xline, resv; }; /* * shared {}: users that are allowed to remote kline * * NOTE: This can effectively be used for remote klines. * Please note that there is no password authentication * for users setting remote klines. You must also be * /oper'd in order to issue a remote kline. */ shared { /* * name: the server the user must be connected to in order to set klines. * If this is not specified, the user will be allowed to kline from all * servers. */ name = "irc2.some.server"; /* * user: the user@host mask that is allowed to set klines. If this is * not specified, all users on the server above will be allowed to set * a remote kline. */ user = "oper@my.host.is.spoofed"; /* * type: list of what to share, options are as follows: * dline - allow oper/server to dline * undline - allow oper/server to undline * kline - allow oper/server to kline * unkline - allow oper/server to unkline * xline - allow oper/server to xline * unxline - allow oper/server to unxline * resv - allow oper/server to resv * unresv - allow oper/server to unresv * locops - allow oper/server to locops - only used for servers that cluster * all - allow oper/server to do all of the above (default) */ type = kline, unkline, resv; }; /* * kill {}: users that are not allowed to connect * Oper issued klines will be added to the specified kline config */ kill { user = "bad@*.hacked.edu"; reason = "Obviously hacked account"; }; /* * deny {}: IP addresses that are not allowed to connect * (before DNS/ident lookup) * Oper issued dlines will be added to the specified dline config */ deny { ip = "10.0.1.0/24"; reason = "Reconnecting vhosted bots"; }; /* * exempt {}: IP addresses that are exempt from deny {} and Dlines */ exempt { ip = "192.168.0.0/16"; }; /* * resv {}: nicks and channels users may not use/join */ resv { mask = "clone*"; reason = "Clone bots"; }; resv { mask = "Global"; reason = "Reserved for services"; }; resv { mask = "ChanServ"; reason = "Reserved for services"; }; resv { mask = "NickServ"; reason = "Reserved for services"; }; resv { mask = "OperServ"; reason = "Reserved for services"; }; resv { mask = "MemoServ"; reason = "Reserved for services"; }; resv { mask = "BotServ"; reason = "Reserved for services"; }; resv { mask = "HelpServ"; reason = "Reserved for services"; }; resv { mask = "HostServ"; reason = "Reserved for services"; }; resv { mask = "StatServ"; reason = "Reserved for services"; }; resv { mask = "#*services*"; reason = "Reserved for services"; }; resv { /* * mask: masks starting with a '#' are automatically considered * as channel name masks. */ mask = "#helsinki"; reason = "Channel is reserved for Finnish inhabitants"; /* * exempt: can be either a ISO 3166 alpha-2 two letter country * code, or a nick!user@host mask. CIDR is supported. Exempt * entries can be stacked. */ exempt = "FI"; }; /* * gecos {}: Used for banning users based on their "realname". */ gecos { name = "*sex*"; reason = "Possible spambot"; }; gecos { name = "sub7server"; reason = "Trojan drone"; }; /* * channel {}: The channel block contains options pertaining to channels */ channel { /* * disable_fake_channels: this option, if set to 'yes', will * disallow clients from creating or joining channels that have one * of the following ASCII characters in their name: * * 2 | bold * 3 | mirc color * 15 | plain text * 22 | reverse * 29 | italic * 31 | underline * 160 | non-breaking space */ disable_fake_channels = yes; /* * knock_delay: The amount of time a user must wait between issuing * the knock command. */ knock_delay = 5 minutes; /* * knock_delay_channel: How often a knock to any specific channel * is permitted, regardless of the user sending the knock. */ knock_delay_channel = 1 minute; /* * max_chans_per_user: The maximum number of channels a user can * join/be on. */ max_chans_per_user = 25; /* * max_chans_per_oper: The maximum number of channels an oper can * join/be on. */ max_chans_per_oper = 50; /* max_bans: maximum number of +b/e/I modes in a channel */ max_bans = 100; /* * how many joins in how many seconds constitute a flood. Use 0 to * disable. +b opers will be notified (changeable via /set) */ join_flood_count = 16; join_flood_time = 8 seconds; /* * The ircd will now check splitmode (whether a server is split from * the network) every few seconds; this functionality is known as * splitcode and is influenced by the options below. * * Either split users or split servers can activate splitmode, but * both conditions must be met for the ircd to deactivate splitmode. * * You may force splitmode to be permanent by /quote set splitmode on */ /* * default_split_user_count: when the usercount is lower than this level, * consider ourselves split. This must be set for automatic splitmode. */ default_split_user_count = 0; /* * default_split_server_count: when the servercount is lower than this, * consider ourselves split. This must be set for automatic splitmode. */ default_split_server_count = 0; /* no_create_on_split: do not allow users to create channels on split. */ no_create_on_split = yes; /* no_join_on_split: do not allow users to join channels on a split. */ no_join_on_split = no; }; /* * serverhide {}: The serverhide block contains the options regarding * to server hiding. For more information regarding server hiding, * please see doc/serverhide.txt */ serverhide { /* * disable_remote_commands: disable users issuing commands * on remote servers. */ disable_remote_commands = no; /* * flatten_links: this option will show all servers in /links appear * as though they are linked to this current server. */ flatten_links = no; /* * links_delay: how often to update the links file when it is * flattened. */ links_delay = 5 minutes; /* * hidden: hide this server from a /links output on servers that * support it. This allows hub servers to be hidden etc. */ hidden = no; /* * hide_servers: hide remote servernames everywhere and instead use * hidden_name and network_desc. */ hide_servers = no; /* * hide_services: define this if you want to hide the location of * services servers that are specified in the service {} block. */ hide_services = no; /* * Use this as the servername users see if hide_servers = yes. */ hidden_name = "*.hidden.com"; /* * hide_server_ips: If this is disabled, opers will be unable to see * servers' IP addresses and will be shown a masked IP address; admins * will be shown the real IP address. * * If this is enabled, nobody can see a server's IP address. * *This is a kludge*: it has the side effect of hiding the IP addresses * everywhere, including logfiles. * * We recommend you leave this disabled, and just take care with who you * give administrator privileges to. */ hide_server_ips = no; }; /* * general {}: The general block contains many of the options that were once * compiled in options in config.h */ general { /* * cycle_on_host_change: sends a fake QUIT/JOIN combination * when services change the hostname of a specific client. */ cycle_on_host_change = yes; /* services_name: servername of nick/channel services. */ services_name = "service.someserver"; /* max_watch: maximum WATCH entries a client can have. */ max_watch = 30; /* max_accept: maximum allowed /accept's for +g usermode. */ max_accept = 30; /* gline_enable: enable glines (network-wide temporary klines). */ gline_enable = yes; /* * gline_duration: the amount of time a gline will remain on your * server before expiring. */ gline_duration = 1 day; /* * gline_request_duration: how long a pending G-line can be around. * 10 minutes should be plenty. */ gline_request_duration = 10 minutes; /* * gline_min_cidr: the minimum required length of a CIDR bitmask * for IPv4 based glines. */ gline_min_cidr = 16; /* * gline_min_cidr6: the minimum required length of a CIDR bitmask * for IPv6 based glines. */ gline_min_cidr6 = 48; /* * invisible_on_connect: whether to automatically set mode +i on * connecting users. */ invisible_on_connect = yes; /* * kill_chase_time_limit: KILL chasing is a feature whereby a KILL * issued for a user who has recently changed nickname will be applied * automatically to the new nick. kill_chase_time_limit is the maximum * time following a nickname change that this chasing will apply. */ kill_chase_time_limit = 30 seconds; /* * hide_spoof_ips: if disabled, opers will be allowed to see the real * IP address of spoofed users in /trace etc. If this is defined they * will be shown a masked IP. */ hide_spoof_ips = yes; /* * Ignore bogus timestamps from other servers. Yes, this will desync the * network, but it will allow chanops to resync with a valid non TS 0 * * This should be enabled network wide, or not at all. */ ignore_bogus_ts = no; /* * disable_auth: completely disable ident lookups; if you enable this, * be careful of what you set need_ident to in your auth {} blocks */ disable_auth = no; /* * tkline_expire_notices: enables or disables temporary kline/xline * expire notices. */ tkline_expire_notices = no; /* * default_floodcount: the default value of floodcount that is configurable * via /quote set floodcount. This is the number of lines a user * may send to any other user/channel in one second. */ default_floodcount = 10; /* * failed_oper_notice: send a notice to all opers on the server when * someone tries to OPER and uses the wrong password, host or ident. */ failed_oper_notice = yes; /* * dots_in_ident: the number of '.' characters permitted in an ident * reply before the user is rejected. */ dots_in_ident = 2; /* * min_nonwildcard: the minimum number of non-wildcard characters in * k/d/g lines placed via the server. K-lines hand-placed are exempt from * this limit. * Wildcard characters: '.', ':', '*', '?', '@', '!' */ min_nonwildcard = 4; /* * min_nonwildcard_simple: the minimum number of non-wildcard characters * in gecos bans. Wildcard characters: '*', '?' */ min_nonwildcard_simple = 3; /* anti_nick_flood: enable the nickflood control code. */ anti_nick_flood = yes; /* nick flood: the number of nick changes allowed in the specified period. */ max_nick_time = 20 seconds; max_nick_changes = 5; /* * anti_spam_exit_message_time: the minimum time a user must be connected * before custom quit messages are allowed. */ anti_spam_exit_message_time = 5 minutes; /* * ts delta: the time delta allowed between server clocks before * a warning is given, or before the link is dropped. All servers * should run ntpdate/rdate to keep clocks in sync */ ts_warn_delta = 30 seconds; ts_max_delta = 5 minutes; /* * warn_no_nline: warn opers about servers that try to connect but * for which we don't have a connect {} block. Twits with misconfigured * servers can become really annoying with this enabled. */ warn_no_nline = yes; /* * stats_e_disabled: set this to 'yes' to disable "STATS e" for both * operators and administrators. Doing so is a good idea in case * there are any exempted (exempt {}) server IPs you don't want to * see leaked. */ stats_e_disabled = no; /* stats_o_oper_only: make stats o (opers) oper only. */ stats_o_oper_only = yes; /* stats_P_oper_only: make stats P (ports) oper only. */ stats_P_oper_only = yes; /* stats_u_oper_only: make stats u (uptime) oper only. */ stats_u_oper_only = no; /* * stats_i_oper_only: make stats i (auth {}) oper only. Set to: * yes - show users no auth {} blocks, made oper only * masked - show users the first matching auth {} block * no - show users all auth {} blocks */ stats_i_oper_only = yes; /* * stats_k_oper_only: make stats k/K (klines) oper only. Set to: * yes - show users no auth {} blocks, made oper only * masked - show users the first matching auth {} block * no - show users all auth {} blocks */ stats_k_oper_only = yes; /* * caller_id_wait: time between notifying a +g user that somebody * is messaging them. */ caller_id_wait = 1 minute; /* * opers_bypass_callerid: allows operators to bypass +g and message * anyone who has it set (useful if you use services). */ opers_bypass_callerid = no; /* * pace_wait_simple: minimum time required between use of less * intensive commands * (ADMIN, HELP, LUSERS, VERSION, remote WHOIS) */ pace_wait_simple = 1 second; /* * pace_wait: minimum time required between use of more intensive commands * (AWAY, INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS) */ pace_wait = 10 seconds; /* * short_motd: send clients a notice telling them to read the MOTD * instead of forcing an MOTD to clients who may simply ignore it. */ short_motd = no; /* * ping_cookie: require clients to respond exactly to a PING command, * can help block certain types of drones and FTP PASV mode spoofing. */ ping_cookie = no; /* no_oper_flood: increase flood limits for opers. */ no_oper_flood = yes; /* * true_no_oper_flood: completely eliminate flood limits for opers * and for clients with 'can_flood' in their auth {} blocks. */ true_no_oper_flood = yes; /* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels. */ oper_pass_resv = yes; /* REMOVE ME. The following line checks that you have been reading. */ havent_read_conf = 1; /* * max_targets: the maximum number of targets in a single * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited. */ max_targets = 4; /* * usermodes configurable: a list of usermodes for the options below * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +D - deaf - Don't receive channel messages * +d - debug - See debugging notices * +e - external - See remote server connection and split notices * +F - farconnect - Remote client connection/quit notices * +f - full - See auth {} block full notices * +G - softcallerid - Server Side Ignore for users not on your channels * +g - callerid - Server Side Ignore (for privmsgs etc) * +H - hidden - Hides operator status to other users * +i - invisible - Not shown in NAMES or WHO unless you share a channel * +j - rej - See rejected client notices * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +R - nononreg - Only receive private messages from registered clients * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +y - spy - See LINKS, STATS, TRACE notices etc. * +z - operwall - See oper generated WALLOPS */ /* oper_only_umodes: usermodes only opers may set */ oper_only_umodes = bots, cconn, debug, full, hidden, skill, nchange, rej, spy, external, operwall, locops, unauth, farconnect; /* oper_umodes: default usermodes opers get when they /oper */ oper_umodes = bots, locops, servnotice, operwall, wallop; /* * throttle_time: the minimum amount of time required between * connections from the same IP address. exempt {} blocks are excluded * from this throttling. * Offers protection against flooders who reconnect quickly. * Set to 0 to disable. */ throttle_time = 2 seconds; }; modules { /* * path: other paths to search for modules specified below * and in "/module load". */ path = "lib/ircd-hybrid/modules"; path = "lib/ircd-hybrid/modules/autoload"; /* module: the name of a module to load on startup/rehash. */ # module = "some_module.la"; }; /* * log {}: contains information about logfiles. */ log { /* Do you want to enable logging to ircd.log? */ use_logging = yes; file { type = oper; name = "var/log/oper.log"; size = unlimited; }; file { type = user; name = "var/log/user.log"; size = 50 megabytes; }; file { type = kill; name = "var/log/kill.log"; size = 50 megabytes; }; file { type = kline; name = "var/log/kline.log"; size = 50 megabytes; }; file { type = dline; name = "var/log/dline.log"; size = 50 megabytes; }; file { type = gline; name = "var/log/gline.log"; size = 50 megabytes; }; file { type = xline; name = "var/log/xline.log"; size = 50 megabytes; }; file { type = resv; name = "var/log/resv.log"; size = 50 megabytes; }; file { type = debug; name = "var/log/debug.log"; size = 50 megabytes; }; };