/* * This is an example configuration file for ircd-hybrid * * Copyright (c) 1997-2020 ircd-hybrid development team * * $Id$ */ /* * ######################################################################## * IMPORTANT NOTE: * * auth {} blocks MUST be specified in order of precedence. The first one * that matches a user will be used. So place spoofs first, then specials, * then general access. * ######################################################################## * * Shell style (#), C++ style (//) and C style comments are supported. * * Files may be included by either: * .include "filename" * .include * * Times/durations are written as: * 12 hours 30 minutes 1 second * * Valid units of time: * year, month, week, day, hour, minute, second * * Valid units of size: * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte * * Sizes and times may be singular or plural. */ /* * serverinfo {}: contains information about the server */ serverinfo { /* * name: the name of this server. This cannot be changed at runtime. */ name = "server.example.net"; /* * sid: a server's unique ID. This is three characters long and must * be in the form [0-9][A-Z0-9][A-Z0-9]. The first character must be * a digit, followed by 2 alpha-numerical letters. * * NOTE: The letters must be capitalized. This cannot be changed at runtime. * * A sid is automatically generated at runtime, if you want to configure * a specific sid, uncomment the following line. */ # sid = "0HY"; /* * description: the description of the server. */ description = "ircd-hybrid test server"; /* * network_name, network_desc: the name and description of the network this * server is on. Shown in the 005 reply and used with serverhiding. */ network_name = "MyNet"; network_desc = "This is My Network"; /* * hub: allow this server to act as a hub and have multiple servers * connected to it. */ hub = no; /* * default_max_clients: the default maximum number of clients allowed * to connect. This can be changed from within IRC via /QUOTE SET MAX. */ default_max_clients = 512; /* * max_nick_length: only applies to local clients. Must be in the * range of 9 to 30. Default is 9 if nothing else is specified. */ max_nick_length = 9; /* * max_topic_length: only applies to topics set by local clients. * Must be in the range of 80 to 300. Default is 80 if nothing * else is specified. */ max_topic_length = 160; /* * rsa_private_key_file: the path to the file containing the RSA key. * * Once the RSA key is generated, it is highly recommended to lock down * its file permissions: * * chown . rsa.key * chmod 0600 rsa.key */ # rsa_private_key_file = "etc/rsa.key"; /* * tls_certificate_file: the path to the file containing our * TLS certificate for encrypted client connection. */ # tls_certificate_file = "etc/cert.pem"; /* * tls_dh_param_file: the path to the PEM encoded Diffie-Hellman * parameter file. DH parameters are required when using * ciphers with EDH (ephemeral Diffie-Hellman) key exchange. */ # tls_dh_param_file = "etc/dhparam.pem"; /* * tls_supported_groups: defines the curve to use for the * Elliptic Curve Diffie-Hellman (ECDH) algorithm. * If none is specified, OpenSSL does enable automatic curve selection. * * It is recommended to leave this directive commented out and have the * TLS library choose the optimal settings. * * This directive currently doesn't do anything with GnuTLS support. */ # tls_supported_groups = "X25519:P-256"; /* * tls_cipher_list: list of TLSv1.2 ciphers to support on _this_ server. * Can be used to enforce specific ciphers for incoming TLS * connections. If a client (which also includes incoming server * connections) is not capable of using any of the ciphers listed * here, the connection will simply be rejected. * * Multiple ciphers are separated by colons. The order of preference is * from left to right. * * It is recommended to leave this directive commented out and have the * TLS library choose the optimal settings. */ # tls_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; /* * tls_cipher_suites: list of TLSv1.3 cipher suites to support on _this_ server. * OpenSSL supports the following TLSv1.3 cipher suites: * * TLS_AES_256_GCM_SHA384 * TLS_CHACHA20_POLY1305_SHA256 * TLS_AES_128_GCM_SHA256 * TLS_AES_128_CCM_8_SHA256 * TLS_AES_128_CCM_SHA256 * * It is recommended to leave this directive commented out and have the * TLS library choose the optimal settings. * * This directive currently doesn't do anything if built with GnuTLS or LibreSSL. */ # tls_cipher_suites = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"; /* * tls_message_digest_algorithm: defines which cryptographic hash function * to use for generating fingerprint hashes of X.509 certificates. * Default is SHA-256 if nothing else is specified. */ # tls_message_digest_algorithm = "sha256"; }; /* * admin {}: contains administrative information about the server */ admin { name = "Smurf target"; description = "Main Server Administrator"; email = ""; }; /* * class {}: contains information about classes for users */ class { /* name: the name of the class. */ name = "users"; /* * ping_time: how often a client must reply to a PING from the * server before they are dropped. */ ping_time = 90 seconds; /* * number_per_ip_local: how many local users are allowed to connect * from a single IP address (optional) */ number_per_ip_local = 2; /* * number_per_ip_global: how many global users are allowed to connect * from a single IP address (optional) */ number_per_ip_global = 8; /* * max_number: the maximum number of users allowed in this class (optional) */ max_number = 100; /* * The following lines are optional and allow you to define * how many users can connect from one /NN subnet. */ cidr_bitlen_ipv4 = 24; cidr_bitlen_ipv6 = 120; number_per_cidr = 16; /* * sendq: the amount of data allowed in a client's send queue before * they are dropped. */ sendq = 100 kbytes; /* * recvq: the amount of data allowed in a client's receive queue before * they are dropped for flooding. Defaults to 2560 if the chosen value * isn't within the range of 512 to 8000. */ recvq = 2560 bytes; }; class { name = "opers"; ping_time = 90 seconds; number_per_ip_local = 10; max_number = 100; sendq = 100 kbytes; /* * max_channels: maximum number of channels users in this class can join. */ max_channels = 60; /* * min_idle: minimum idle time that is shown in WHOIS. */ min_idle = 3 hours; /* * max_idle: maximum idle time that is shown in WHOIS. */ max_idle = 8 hours; /* * flags: * * random_idle - a fake idle time is set randomly between * min_idle and max_idle * hide_idle_from_opers - the fake idle time will also be shown to operators */ flags = random_idle, hide_idle_from_opers; }; class { name = "server"; ping_time = 90 seconds; /* * connectfreq: only used in server classes. Specifies the delay * between autoconnecting to servers. */ connectfreq = 5 minutes; /* max number: the number of servers to autoconnect to. */ max_number = 1; /* sendq: servers need a higher sendq as they send more data. */ sendq = 2 megabytes; }; /* * motd {}: Allows the display of a different MOTD to a client * depending on its origin. Applies to local users only. */ motd { /* * mask: multiple mask entries are permitted. Mask can either be * a class name or a hostname. CIDR is supported. */ mask = "*.at"; mask = "*.de"; mask = "*.ch"; /* * file: path to the motd file. */ file = "etc/german.motd"; }; /* * listen {}: contains information about the ports ircd listens on */ listen { /* * port: the port to listen on. If no host is specified earlier in the * listen {} block, it will listen on all available IP addresses. * * Ports are separated by commas; a range may be specified using ".." */ /* port: listen on all available IP addresses, ports 6665 to 6669. */ port = 6665 .. 6669; /* * Listen on 192.0.2.2/6697 with TLS enabled and hidden from STATS P * unless you are an administrator. * * NOTE: The "flags" directive always has to come before "port". * * Currently available flags are: * * tls - Port may only accept TLS connections * server - Only server connections are permitted * hidden - Port is hidden from /stats P, unless you're an admin */ flags = hidden, tls; host = "192.0.2.2"; port = 6697; /* * host: set a specific IP address to listen on using the * subsequent port definitions. This may be IPv4 or IPv6. */ host = "192.0.2.3"; port = 7000, 7001; host = "2001:DB8::2"; port = 7002; }; /* * auth {}: allow users to connect to the ircd */ auth { /* * user: the user@host allowed to connect. Multiple user * lines are permitted within each auth {} block. */ user = "*@192.0.2.0/24"; user = "*test@2001:DB8:*"; /* password: an optional password that is required to use this block. */ password = "letmein"; /* * encrypted: indicates whether the auth password above has been * encrypted. Default is 'no' if nothing else is specified. */ encrypted = yes; /* * spoof: fake the user's host to this. This is free-form; just do * everyone a favor and don't abuse it. ('=' prefix on /stats I) */ spoof = "I.still.hate.packets"; /* class: the class the user is placed in. */ class = "opers"; /* * need_password - don't allow users who haven't supplied the correct | ('&' prefix on /stats I if disabled) * password to connect using another auth {} block * need_ident - require the user to have identd to connect | ('+' prefix on /stats I) * exceed_limit - allow a user to exceed class limits | ('>' prefix on /stats I) * kline_exempt - exempt this user from k-lines | ('^' prefix on /stats I) * xline_exempt - exempt this user from x-lines | ('!' prefix on /stats I) * resv_exempt - exempt this user from resvs | ('$' prefix on /stats I) * no_tilde - remove ~ from a user with no ident | ('-' prefix on /stats I) * can_flood - allow this user to exceed flood limits | ('|' prefix on /stats I) * webirc - enables WEBIRC authentication for web-based | ('<' prefix on /stats I) * clients such as Mibbit */ flags = need_password, exceed_limit, kline_exempt, xline_exempt, resv_exempt, can_flood; }; auth { /* * redirserv, redirport: the server and port to redirect a user to. * A user does not have to obey the redirection; the ircd just * suggests an alternative server for them. */ redirserv = "server2.example.net"; redirport = 6667; user = "*@*.ch"; /* class: a class is required even though it is not used. */ class = "users"; }; auth { user = "*@*"; class = "users"; flags = need_ident; }; /* * operator {}: defines ircd operators */ operator { /* name: the name of the operator */ name = "sheep"; /* * user: the user@host required for this operator. Multiple user * lines are permitted within each operator {} block. */ user = "*sheep@192.0.2.0/26"; user = "*@192.0.2.240/28"; /* * password: the password required to oper. By default this will need * to be encrypted using the provided mkpasswd tool. * The availability of various password hashing algorithms may vary * depending on the system's crypt(3) implementation. */ password = "$5$x5zof8qe.Yc7/bPp$5zIg1Le2Lsgd4CvOjaD20pr5PmcfD7ha/9b2.TaUyG4"; /* * encrypted: indicates whether the oper password above has been * encrypted. Default is 'yes' if nothing else is specified. */ encrypted = yes; /* * tls_certificate_fingerprint: enhances security by additionally checking * the oper's client certificate fingerprint against the specified * fingerprint below. */ # tls_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; /* * tls_connection_required: client must be connected over TLS in order to be able to * use this operator {} block. Default is 'no' if nothing else is specified. */ tls_connection_required = no; /* class: the class the oper joins when they successfully OPER. */ class = "opers"; /* * whois: allows overriding the default RPL_WHOISOPERATOR numeric * string shown in WHOIS. * This string is propagated to all servers on the network. */ # whois = "is a Smurf Target (IRC Operator)"; /* * umodes: the default user modes opers get when they successfully OPER. * If defined, it will override oper_umodes settings in general {}. * Available user modes: * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +D - deaf - Don't receive channel messages * +d - debug - See debugging notices * +e - external - See remote server connection and split notices * +F - farconnect - Remote client connection/quit notices * +f - full - See auth {} block full notices * +G - softcallerid - Server Side Ignore for users not on your channels * +g - callerid - Server Side Ignore (for privmsgs etc) * +H - hidden - Hides IRC operator status to other users * +i - invisible - Not shown in NAMES or WHO unless you share a channel * +j - rej - See rejected client notices * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +p - hidechans - Hides channel list in WHOIS * +q - hideidle - Hides idle and signon time in WHOIS * +R - nononreg - Only receive private messages from registered clients * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +X - expiration - See *LINE expiration notices * +y - spy - See LINKS, STATS, TRACE notices etc. */ umodes = locops, servnotice, wallop; /* * flags: controls the activities and commands an oper is * allowed to do on the server. All flags default to 'no'. * Available flags: * * admin - gives administrator privileges | ('A' flag) * close - allows CLOSE | ('B' flag) * connect - allows local CONNECT | ('C' flag) * connect:remote - allows remote CONNECT | ('D' flag) * die - allows DIE | ('E' flag) * dline - allows DLINE | ('F' flag) * globops - allows GLOBOPS | ('G' flag) * join:resv - allows to JOIN resv {} channels | ('H' flag) * kill - allows to KILL local clients | ('I' flag) * kill:remote - allows remote users to be /KILL'd | ('J' flag) * kline - allows KLINE | ('K' flag) * locops - allows LOCOPS | ('L' flag) * module - allows MODULE | ('M' flag) * nick:resv - allows to use NICK on resv {} nicks | ('N' flag) * opme - allows OPME | ('O' flag) * rehash - allows oper to REHASH config | ('P' flag) * rehash:remote - allows oper to remotely REHASH config | ('Q' flag) * remoteban - allows remote KLINE/UNKLINE | ('R' flag) * restart - allows RESTART | ('S' flag) * resv - allows RESV | ('T' flag) * set - allows SET | ('U' flag) * squit - allows local SQUIT | ('V' flag) * squit:remote - allows remote SQUIT | ('W' flag) * undline - allows UNDLINE | ('X' flag) * unkline - allows UNKLINE | ('Y' flag) * unresv - allows UNRESV | ('Z' flag) * unxline - allows UNXLINE | ('a' flag) * wallops - allows WALLOPS | ('b' flag) * xline - allows XLINE | ('c' flag) */ flags = admin, connect, connect:remote, die, globops, kill, kill:remote, kline, module, rehash, restart, set, unkline, unxline, xline; }; /* * connect {}: define a server to connect to */ connect { /* name: the name of the server. */ name = "uplink.example.net"; /* * host: the host or IP address to connect to. If a hostname is used, * it must match the reverse DNS of the server. */ host = "192.0.2.4"; /* port: the port to connect to this server on. */ port = 6666; /* * timeout: defines how long to wait until a connection is established. * Default is 30 seconds if this option is not specified. */ timeout = 10 seconds; /* * bind: the IP address to bind to when making outgoing connections to * servers. */ bind = "192.0.2.5"; /* * send_password, accept_password: the passwords to send and accept. * The remote server will have these passwords swapped. */ send_password = "password"; accept_password = "anotherpassword"; /* * encrypted: indicates whether the accept_password above has been * encrypted. */ encrypted = no; /* * hub_mask: the mask of servers that this server may hub. Multiple * entries are permitted. */ hub_mask = "*"; /* * leaf_mask: the mask of servers this server may not hub. Multiple * entries are permitted. Useful for forbidding EU -> US -> EU routes. */ # leaf_mask = "*.uk"; /* class: the class this server is in. */ class = "server"; /* * tls_cipher_list: list of ciphers that the server we are connecting to * must support. If the server is not capable of using any of the ciphers * listed below, the connection will simply be rejected. * Can be used to enforce stronger ciphers, even though this option * is not necessarily required to establish a TLS connection. * * Multiple ciphers are separated by colons. The order of preference * is from left to right. * * It is recommended to leave this directive commented out and have the * TLS library choose the optimal settings. */ # tls_cipher_list = "ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:AES256-SHA"; /* * tls_certificate_fingerprint: enhances security by additionally checking * the server's client certificate fingerprint against the specified * fingerprint below. */ # tls_certificate_fingerprint = "4C62287BA6776A89CD4F8FF10A62FFB35E79319F51AF6C62C674984974FCCB1D"; /* * autoconn - controls whether we autoconnect to this server or not, * dependent on class limits. By default, this is disabled. * tls - initiates a TLS connection. */ # flags = autoconn, tls; }; connect { name = "ipv6.example.net"; host = "2001:DB8::3"; port = 6666; send_password = "password"; accept_password = "password"; /* * aftype: controls whether the connection uses "ipv4" or "ipv6". * Default is ipv4. */ aftype = ipv6; class = "server"; }; /* * cluster {}: servers that share klines/unkline/xline/unxline/resv/unresv/locops * automatically */ cluster { /* * name: the server to share with; this can take wildcards * * NOTE: only local actions will be clustered, meaning that if * the server receives a shared kline/unkline/etc, it * will not be propagated to clustered servers. * * Remote servers are not necessarily required to accept * clustered lines, they need a shared {} block for *THIS* * server in order to accept them. */ name = "*.example.net"; /* * type: list of what to share; options are as follows: * dline - share dlines * undline - share undlines * kline - share klines * unkline - share unklines * xline - share xlines * unxline - share unxlines * resv - share resvs * unresv - share unresvs * locops - share locops * all - share all of the above (default) */ type = kline, unkline, locops, xline, resv; }; /* * shared {}: users that are allowed to remote kline * * NOTE: This can effectively be used for remote klines. * Please note that there is no password authentication * for users setting remote klines. You must also be * /oper'd in order to issue a remote kline. */ shared { /* * name: the server the user must be connected to in order to set klines. * If this is not specified, the user will be allowed to kline from all * servers. */ name = "irc2.example.net"; /* * user: the user@host mask that is allowed to set klines. If this is * not specified, all users on the server above will be allowed to set * a remote kline. */ user = "oper@my.host.is.spoofed"; /* * type: list of what to share, options are as follows: * dline - allow oper/server to dline * undline - allow oper/server to undline * kline - allow oper/server to kline * unkline - allow oper/server to unkline * xline - allow oper/server to xline * unxline - allow oper/server to unxline * rehash - allow oper/server to rehash * resv - allow oper/server to resv * unresv - allow oper/server to unresv * locops - allow oper/server to locops - only used for servers that cluster * all - allow oper/server to do all of the above (default) */ type = kline, unkline, resv; }; /* * kill {}: users that are not allowed to connect * Oper issued klines will be added to the specified kline database */ kill { user = "bad@*.example.net"; reason = "Obviously hacked account"; }; /* * deny {}: IP addresses that are not allowed to connect * (before DNS/ident lookup) * Oper issued dlines will be added to the specified dline database */ deny { ip = "192.0.2.0/28"; reason = "Reconnecting vhosted bots"; }; /* * exempt {}: IP addresses that are exempt from deny {} and Dlines */ exempt { ip = "192.0.2.240/28"; /* The 'ip' directives can be stacked */ ip = "10.0.0.0/8"; ip = "fc00::/7"; }; /* * resv {}: nicks and channels users may not use/join */ resv { mask = "clone*"; reason = "Clone bots"; }; resv { mask = "Global"; reason = "Reserved for services"; }; resv { mask = "ChanServ"; reason = "Reserved for services"; }; resv { mask = "NickServ"; reason = "Reserved for services"; }; resv { mask = "OperServ"; reason = "Reserved for services"; }; resv { mask = "MemoServ"; reason = "Reserved for services"; }; resv { mask = "BotServ"; reason = "Reserved for services"; }; resv { mask = "HelpServ"; reason = "Reserved for services"; }; resv { mask = "HostServ"; reason = "Reserved for services"; }; resv { mask = "StatServ"; reason = "Reserved for services"; }; resv { mask = "#*services*"; reason = "Reserved for services"; }; resv { /* * mask: masks starting with a '#' are automatically considered * as channel name masks. */ mask = "#helsinki"; reason = "Channel is reserved for Finnish inhabitants"; /* * exempt: nick!user@host mask. CIDR is supported. Exempt * entries can be stacked. */ exempt = "*@*.sexy"; }; /* * gecos {}: used for banning users based on their "realname". */ gecos { name = "*sex*"; reason = "Possible spambot"; }; gecos { name = "sub7server"; reason = "Trojan drone"; }; /* * service {}: specifies a server which may act as a network service * * NOTE: it is very important that every server on the network * has the same service {} block. */ service { /* name: the actual name of the service. Wildcards are not allowed. */ name = "service.example.net"; /* The 'name' directives can be stacked. */ name = "stats.example.net"; }; /* * pseudo {}: adds pseudo/custom commands also known as service aliases */ pseudo { /* command: the actual command/alias. */ command = "IDENTIFY"; /* prepend: optional text that can be prepended to the user's message. */ prepend = "IDENTIFY "; /* name: the service name, used for error messages. */ name = "NickServ"; /* target: the actual target where this message should be sent to. */ target = "NickServ@service.example.net"; }; pseudo { command = "CHANSERV"; name = "ChanServ"; target = "ChanServ@service.example.net"; }; pseudo { command = "CS"; name = "ChanServ"; target = "ChanServ@service.example.net"; }; pseudo { command = "NICKSERV"; name = "NickServ"; target = "NickServ@service.example.net"; }; pseudo { command = "NS"; name = "NickServ"; target = "NickServ@service.example.net"; }; pseudo { command = "MEMOSERV"; name = "MemoServ"; target = "MemoServ@service.example.net"; }; pseudo { command = "MS"; name = "MemoServ"; target = "MemoServ@service.example.net"; }; pseudo { command = "OPERSERV"; name = "OperServ"; target = "OperServ@service.example.net"; }; pseudo { command = "OS"; name = "OperServ"; target = "OperServ@service.example.net"; }; pseudo { command = "HOSTSERV"; name = "HostServ"; target = "HostServ@service.example.net"; }; pseudo { command = "HS"; name = "HostServ"; target = "HostServ@service.example.net"; }; pseudo { command = "BOTSERV"; name = "BotServ"; target = "BotServ@service.example.net"; }; pseudo { command = "BS"; name = "BotServ"; target = "BotServ@service.example.net"; }; /* * channel {}: the channel block contains options pertaining to channels */ channel { /* * enable_extbans: whether or not to enable extbans. This is set * to 'no' by default and should not be enabled before all servers * on the network have been updated to ircd-hybrid 8.2.29 or later. * * For a more detailed explanation of the extban feature, see help/extban. */ enable_extbans = no; /* * disable_fake_channels: this option, if set to 'yes', will * disallow clients from creating or joining channels that have one * of the following ASCII characters in their name: * * 2 | bold * 3 | mirc color * 15 | plain text * 22 | reverse * 29 | italic * 31 | underline * 160 | non-breaking space */ disable_fake_channels = yes; /* * invite_client_count, invite_client_time: how many INVITE commands * are permitted per client per invite_client_time. */ invite_client_count = 10; invite_client_time = 5 minutes; /* * invite_delay_channel: how often an INVITE to any specific channel * is permitted, regardless of the user sending the INVITE. */ invite_delay_channel = 5 seconds; /* * invite_expire_time: specifies the amount of time an INVITE will be * active until it expires. Set it to 0 if you don't want invites to * expire. Default is 30 minutes if nothing else is specified. */ invite_expire_time = 1 hour; /* * knock_client_count, knock_client_time: how many KNOCK commands * are permitted per client per knock_client_time. */ knock_client_count = 1; knock_client_time = 5 minutes; /* * knock_delay_channel: how often a KNOCK to any specific channel * is permitted, regardless of the user sending the KNOCK. */ knock_delay_channel = 1 minute; /* * max_channels: the maximum number of channels a user can join/be on. * This is a default value which can be overriden with class {} blocks. */ max_channels = 25; /* max_invites: the maximum number of channels a user can be invited to. */ max_invites = 20; /* max_bans: maximum number of +b/e/I modes in a channel. */ max_bans = 100; /* max_bans_large: maximum number of +b/e/I modes in a +L channel. */ max_bans_large = 500; /* * default_join_flood_count, default_join_flood_time: * how many joins in how many seconds constitute a flood. Use 0 to disable. * +b opers will be notified. These are only default values which can be * changed via "/QUOTE SET JFLOODCOUNT" and "/QUOTE SET JFLOODTIME". */ default_join_flood_count = 18; default_join_flood_time = 6 seconds; }; /* * serverhide {}: the serverhide block contains the options regarding * to server hiding. For more information regarding server hiding, * please see doc/serverhide.txt */ serverhide { /* * disable_remote_commands: disable users issuing commands * on remote servers. */ disable_remote_commands = no; /* * flatten_links: this option will show all servers in /links appear * as though they are linked to this current server. */ flatten_links = no; /* * flatten_links_delay: how often to update the links file when it is * flattened. */ flatten_links_delay = 5 minutes; /* * flatten_links_file: path to the flatten links cache file. */ flatten_links_file = "var/lib/links.txt"; /* * hidden: hide this server from a /links output on servers that * support it. This allows hub servers to be hidden etc. */ hidden = no; /* * hide_servers: hide remote servernames everywhere and instead use * hidden_name and network_desc. */ hide_servers = no; /* * hide_services: define this if you want to hide the location of * services servers that are specified in the service {} block. */ hide_services = no; /* * hidden_name: use this as the servername users see if hide_servers = yes. */ hidden_name = "*.example.net"; /* * hide_server_ips: if this is disabled, opers will be unable to see * servers' IP addresses and will be shown a masked IP address; admins * will be shown the real IP address. * * If this is enabled, nobody can see a server's IP address. * *This is a kludge*: it has the side effect of hiding the IP addresses * everywhere, including logfiles. * * We recommend you leave this disabled, and just take care with who you * give administrator privileges to. */ hide_server_ips = no; }; /* * general {}: the general block contains many of the options that were once * compiled in options in config.h */ general { /* * cycle_on_host_change: sends a fake QUIT/JOIN combination * when services change the hostname of a specific client. */ cycle_on_host_change = yes; /* max_watch: maximum WATCH entries a client can have. */ max_watch = 50; /* max_accept: maximum allowed /accept's for +g user mode. */ max_accept = 50; /* whowas_history_length: maximum length of the WHOWAS nick name history. */ whowas_history_length = 15000; /* * dline_min_cidr: the minimum required length of a CIDR bitmask * for IPv4 based D-lines. */ dline_min_cidr = 16; /* * dline_min_cidr6: the minimum required length of a CIDR bitmask * for IPv6 based D-lines. */ dline_min_cidr6 = 48; /* * kline_min_cidr: the minimum required length of a CIDR bitmask * for IPv4 based K-lines. */ kline_min_cidr = 16; /* * kline_min_cidr6: the minimum required length of a CIDR bitmask * for IPv6 based K-lines. */ kline_min_cidr6 = 48; /* * invisible_on_connect: whether to automatically set user mode +i * on connecting users. */ invisible_on_connect = yes; /* * kill_chase_time_limit: KILL chasing is a feature whereby a KILL * issued for a user who has recently changed nickname will be applied * automatically to the new nick. kill_chase_time_limit is the maximum * time following a nickname change that this chasing will apply. */ kill_chase_time_limit = 30 seconds; /* * disable_auth: completely disable ident lookups; if you enable this, * be careful of what you set need_ident to in your auth {} blocks. */ disable_auth = no; /* * default_floodcount: the default value of floodcount that is configurable * via /quote set floodcount. This is the number of lines a user may send * to any other user/channel per floodtime. Set to 0 to disable. */ default_floodcount = 10; /* * default_floodtime: the default value of floodtime that is configurable * via /quote set floodtime. */ default_floodtime = 1 second; /* * failed_oper_notice: send a notice to all opers on the server when * someone tries to OPER and uses the wrong password, host or ident. */ failed_oper_notice = yes; /* * dots_in_ident: the number of '.' characters permitted in an ident * reply before the user is rejected. */ dots_in_ident = 2; /* * min_nonwildcard: the minimum number of non-wildcard characters in * k/d lines placed via the server. K-lines hand-placed are exempt from * this limit. * Wildcard characters: '.', ':', '*', '?' */ min_nonwildcard = 4; /* * min_nonwildcard_simple: the minimum number of non-wildcard characters * in gecos bans. Wildcard characters: '*', '?' */ min_nonwildcard_simple = 3; /* anti_nick_flood: enable the nickflood control code. */ anti_nick_flood = yes; /* * max_nick_changes, max_nick_time: the number of nick changes allowed in * the specified period. */ max_nick_changes = 5; max_nick_time = 20 seconds; /* * away_count, away_time: how many AWAY commands are permitted per * client per away_time. */ away_count = 2; away_time = 10 seconds; /* * anti_spam_exit_message_time: the minimum time a user must be connected * before custom PART/QUIT messages are allowed. */ anti_spam_exit_message_time = 5 minutes; /* * ts_warn_delta, ts_max_delta: the time delta allowed between server * clocks before a warning is given, or before the link is dropped. * All servers should run ntpdate/rdate to keep clocks in sync. */ ts_warn_delta = 3 seconds; ts_max_delta = 15 seconds; /* * warn_no_connect_block: warn opers about servers that try to connect * but for which we don't have a connect {} block. Twits with * misconfigured servers can become really annoying with this enabled. */ warn_no_connect_block = yes; /* * stats_e_disabled: set this to 'yes' to disable "STATS e" for both * operators and administrators. Doing so is a good idea in case * there are any exempted (exempt {}) server IP addresses you don't * want to see leaked. */ stats_e_disabled = no; /* stats_m_oper_only: make /stats m/M (messages) oper only. */ stats_m_oper_only = yes; /* stats_o_oper_only: make stats o (opers) oper only. */ stats_o_oper_only = yes; /* stats_P_oper_only: make stats P (ports) oper only. */ stats_P_oper_only = yes; /* stats_u_oper_only: make stats u (uptime) oper only. */ stats_u_oper_only = no; /* stats_i_oper_only: make stats i (auth {}) oper only. */ stats_i_oper_only = yes; /* stats_k_oper_only: make stats k/K (klines) oper only. */ stats_k_oper_only = yes; /* * caller_id_wait: time between notifying a +g user that somebody * is messaging them. */ caller_id_wait = 1 minute; /* * opers_bypass_callerid: allows operators to bypass +g and message * anyone who has it set. */ opers_bypass_callerid = yes; /* * pace_wait_simple: minimum time required between use of less * intensive commands * (ADMIN, HELP, LUSERS, VERSION, remote WHOIS) */ pace_wait_simple = 1 second; /* * pace_wait: minimum time required between use of more intensive commands * (INFO, LINKS, MAP, MOTD, STATS, WHO, WHOWAS) */ pace_wait = 10 seconds; /* * short_motd: send clients a notice telling them to read the MOTD * instead of forcing an MOTD to clients who may simply ignore it. */ short_motd = no; /* * ping_cookie: require clients to respond exactly to a PING command, * can help block certain types of drones and FTP PASV mode spoofing. */ ping_cookie = no; /* no_oper_flood: increase flood limits for opers. */ no_oper_flood = yes; /* * max_targets: the maximum number of targets in a single * PRIVMSG/NOTICE. Set to 999 NOT 0 for unlimited. */ max_targets = 4; /* * user modes configurable: a list of user modes for the options below * * +b - bots - See bot and drone flooding notices * +c - cconn - Client connection/quit notices * +D - deaf - Don't receive channel messages * +d - debug - See debugging notices * +e - external - See remote server connection and split notices * +F - farconnect - Remote client connection/quit notices * +f - full - See auth {} block full notices * +G - softcallerid - Server Side Ignore for users not on your channels * +g - callerid - Server Side Ignore (for privmsgs etc) * +H - hidden - Hides IRC operator status to other users * +i - invisible - Not shown in NAMES or WHO unless you share a channel * +j - rej - See rejected client notices * +k - skill - See server generated KILL messages * +l - locops - See LOCOPS messages * +n - nchange - See client nick changes * +p - hidechans - Hides channel list in WHOIS * +q - hideidle - Hides idle and signon time in WHOIS * +R - nononreg - Only receive private messages from registered clients * +s - servnotice - See general server notices * +u - unauth - See unauthorized client notices * +w - wallop - See server generated WALLOPS * +X - expiration - See *LINE expiration notices * +y - spy - See LINKS, STATS, TRACE notices etc. */ /* oper_only_umodes: user modes only operators may set. */ oper_only_umodes = bots, cconn, debug, external, farconnect, full, hidden, locops, nchange, rej, skill, spy, unauth, expiration; /* oper_umodes: default user modes operators get when they successfully OPER. */ oper_umodes = bots, locops, servnotice, wallop; /* * throttle_count: the maximum number of connections from the same * IP address allowed in throttle_time duration. */ throttle_count = 1; /* * throttle_time: the minimum amount of time required between * connections from the same IP address. exempt {} blocks are * excluded from this throttling. * Offers protection against flooders who reconnect quickly. * Set to 0 to disable. */ throttle_time = 2 seconds; }; modules { /* * path: other paths to search for modules specified below * and in "/module load". */ path = "/usr/lib/ircd-hybrid/modules"; path = "/usr/lib/ircd-hybrid/modules/autoload"; /* module: the name of a module to load on startup/rehash. */ # module = "some_module.la"; }; /* * log {}: contains information about logfiles. */ log { /* Do you want to enable logging to ircd.log? */ use_logging = yes; file { type = oper; name = "/var/log/ircd/oper.log"; size = unlimited; }; file { type = user; name = "/var/log/ircd/user.log"; size = 50 megabytes; }; file { type = kill; name = "/var/log/ircd/kill.log"; size = 50 megabytes; }; file { type = kline; name = "/var/log/ircd/kline.log"; size = 50 megabytes; }; file { type = dline; name = "/var/log/ircd/dline.log"; size = 50 megabytes; }; file { type = xline; name = "/var/log/ircd/xline.log"; size = 50 megabytes; }; file { type = resv; name = "/var/log/ircd/resv.log"; size = 50 megabytes; }; file { type = debug; name = "/var/log/ircd/debug.log"; size = 50 megabytes; }; };