| blob | da1c2a7113b54cad0ce80bf4d7b41e216a6a3111 |
1 /* doc/reference.conf - charybdis Example configuration file
2 *
3 * Copyright (C) 2000-2002 Hybrid Development Team
4 * Copyright (C) 2002-2005 ircd-ratbox development team
5 * Copyright (C) 2005-2006 charybdis development team
6 *
7 * Written by ejb, wcampbel, db, leeh and others
8 *
9 * $Id: reference.conf 95 2006-09-24 23:53:51Z spb $
10 */
12 /* IMPORTANT NOTES:
13 *
14 * class {} blocks MUST be specified before anything that uses them. That
15 * means they must be defined before auth {} and before connect {}.
16 *
17 * auth {} blocks MUST be specified in order of precedence. The first one
18 * that matches a user will be used. So place spoofs first, then specials,
19 * then general access, then restricted.
20 *
21 * Both shell style (#) and C style comments are supported.
22 *
23 * Files may be included by either:
24 * .include "filename"
25 * .include <filename>
26 *
27 * Times/durations are written as:
28 * 12 hours 30 minutes 1 second
29 *
30 * Valid units of time:
31 * month, week, day, hour, minute, second
32 *
33 * Valid units of size:
34 * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
35 *
36 * Sizes and times may be singular or plural.
37 */
39 /* Extensions:
40 *
41 * Charybdis contains several extensions that are not enabled by default.
42 * To use them, uncomment the lines below.
43 *
44 * Restrict channel creation to logged in users -- createauthonly.so
45 * Account bans (+b $a[:mask]) -- extb_account.so
46 * Banned from another channel (+b $j:mask) -- extb_canjoin.so
47 * Other-channel bans (+b $c:mask) -- extb_channel.so
48 * Extended ban (+b $x:mask) -- extb_extgecos.so
49 * Oper bans (+b $o) -- extb_oper.so
50 * Realname (gecos) bans (+b $r:mask) -- extb_realname.so
51 * Server bans (+b $s:mask) -- extb_server.so
52 * Find channel forwards -- m_findforwards.so
53 * /identify support -- m_identify.so
54 * Far connection notices (snomask +F) -- sno_farconnect.so
55 * Remote k/d/g/x line active notices -- sno_globalkline.so
56 * Remote oper up notices -- sno_globaloper.so
57 */
58 #loadmodule "extensions/createauthonly.so";
59 #loadmodule "extensions/extb_account.so";
60 #loadmodule "extensions/extb_canjoin.so";
61 #loadmodule "extensions/extb_channel.so";
62 #loadmodule "extensions/extb_extgecos.so";
63 #loadmodule "extensions/extb_oper.so";
64 #loadmodule "extensions/extb_realname.so";
65 #loadmodule "extensions/extb_server.so";
66 #loadmodule "extensions/m_findforwards.so";
67 #loadmodule "extensions/m_identify.so";
68 #loadmodule "extensions/sno_farconnect.so";
69 #loadmodule "extensions/sno_globalkline.so";
70 #loadmodule "extensions/sno_globaloper.so";
72 /* serverinfo {}: Contains information about the server. (OLD M:) */
73 serverinfo {
74 /* name: the name of our server */
75 name = "hades.arpa";
77 /* use ts6: whether we want to use the TS6 protocol to other servers
78 * or not.
79 */
80 use_ts6 = yes;
82 /* sid: the unique server id of our server. This must be three
83 * characters long. The first character must be a digit [0-9], the
84 * remaining two chars may be letters [A-Z] or digits [0-9].
85 *
86 * This must be specified even if use_ts6 is set to no.
87 */
88 sid = "42X";
90 /* description: the description of our server. '[' and ']' may not
91 * be used here for compatibility with older servers.
92 */
93 description = "charybdis test server";
95 /* network info: the name and description of the network this server
96 * is on. Shown in the 005 reply and used with serverhiding.
97 */
98 network_name = "MyNet";
99 network_desc = "This is My Network";
101 /* hub: allow this server to act as a hub and have multiple servers
102 * connected to it.
103 */
104 hub = no;
106 /* vhost: the IP to bind to when we connect outward to ipv4 servers.
107 * This should be an ipv4 IP only.
108 */
109 #vhost = "192.169.0.1";
111 /* vhost6: the IP to bind to when we connect outward to ipv6 servers.
112 * This should be an ipv6 IP only.
113 */
114 #vhost6 = "3ffe:80e8:546::2";
115 };
117 /* admin {}: contains admin information about the server. (OLD A:) */
118 admin {
119 name = "Smurf target";
120 description = "Main Server Administrator";
121 email = "<syn@packets.r.us>";
122 };
124 /* log {}: contains information about logfiles. */
125 log {
126 /* logfiles: the logfiles to use for specific activity. if these
127 * paths are defined, then ircd will log to them, otherwise it wont.
128 *
129 * The confs are, in order:
130 * - userlog: user exits
131 * - fuserlog: failed user connections
132 * - operlog: /oper usage
133 * - foperlog: failed /oper usage
134 * - serverlog: server connects/disconnects
135 * - klinelog: klines, etc
136 * - killlog: kills
137 * - ioerrorlog: IO errors
138 */
139 fname_userlog = "logs/userlog";
140 #fname_fuserlog = "logs/fuserlog";
141 fname_operlog = "logs/operlog";
142 #fname_foperlog = "logs/foperlog";
143 fname_serverlog = "logs/serverlog";
144 #fname_klinelog = "logs/klinelog";
145 fname_killlog = "logs/killlog";
146 #fname_ioerrorlog = "logs/ioerror";
147 };
149 /* class {}: contain information about classes for users (OLD Y:) */
150 class "users" {
151 /* class name must go above */
153 /* ping time: how often a client must reply to a PING from the
154 * server before they are dropped.
155 */
156 ping_time = 2 minutes;
158 /* number per ident: the number of users per user@host networkwide
159 * allowed to connect. Unidented connections are classified as
160 * the same ident.
161 */
162 number_per_ident = 2;
164 /* number per ip: the number of local users per host allowed */
165 number_per_ip = 3;
167 /* number per ip global: the number of network wide connections
168 * per host allowed for a user, including connections to the
169 * local server.
170 */
171 number_per_ip_global = 5;
173 /* cidr_bitlen: Limits numbers of connections from a subnet size
174 * the following example makes the subnet /64 this is useful
175 * for IPv6 connections in particular
176 * Also note that the way charybdis is written if you have
177 * compiled support for IPv6, IPv4 cidr bitlens need to be modified
178 * Basically to get the approriate length add 96 to the IPv4 length
179 * For example for a /24 do 96+24 = 120
180 *
181 */
182 cidr_bitlen = 64;
184 /* number_per_cidr: Number of connections to allow from a subnet of the
185 * size given in cidr_bitlen. 4 seems to be a good default to me.
186 */
187 number_per_cidr = 4;
189 /* max number: the maximum number of users allowed in this class */
190 max_number = 100;
192 /* sendq: the amount of data allowed in a clients queue before
193 * they are dropped.
194 */
195 sendq = 100 kbytes;
196 };
198 class "restricted" {
199 ping_time = 1 minute 30 seconds;
200 number_per_ip = 1;
201 max_number = 100;
202 sendq = 60kb;
203 };
205 class "opers" {
206 ping_time = 5 minutes;
207 number_per_ip = 10;
208 max_number = 100;
209 sendq = 100kbytes;
210 };
212 class "server" {
213 ping_time = 5 minutes;
215 /* connectfreq: only used in server classes. specifies the delay
216 * between autoconnecting to servers.
217 */
218 connectfreq = 5 minutes;
220 /* max number: the amount of servers to autoconnect to */
221 max_number = 1;
223 /* sendq: servers need a higher sendq as they are sent more data */
224 sendq=2 megabytes;
225 };
227 /* listen {}: contain information about the ports ircd listens on (OLD P:) */
228 listen {
229 /* port: the specific port to listen on. if no host is specified
230 * before, it will listen on all available IPs.
231 *
232 * ports are seperated via a comma, a range may be specified using ".."
233 */
235 /* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
236 port = 5000, 6665 .. 6669;
238 /* host: set a specific IP/host the ports after the line will listen
239 * on. This may be ipv4 or ipv6.
240 */
241 host = "1.2.3.4";
242 port = 7000, 7001;
244 host = "3ffe:1234:a:b:c::d";
245 port = 7002;
246 };
248 /* auth {}: allow users to connect to the ircd (OLD I:) */
249 auth {
250 /* user: the user@host allowed to connect. multiple IPv4/IPv6 user
251 * lines are permitted per auth block.
252 */
253 user = "*@172.16.0.0/12";
254 user = "*test@123D:B567:*";
256 /* password: an optional password that is required to use this block.
257 * By default this is not encrypted, specify the flag "encrypted" in
258 * flags = ...; below if it is.
259 */
260 password = "letmein";
262 /* spoof: fake the users user@host to be be this. You may either
263 * specify a host or a user@host to spoof to. This is free-form,
264 * just do everyone a favour and dont abuse it. (OLD I: = flag)
265 */
266 spoof = "I.still.hate.packets";
268 /* Possible flags in auth:
269 *
270 * encrypted | password is encrypted with mkpasswd
271 * spoof_notice | give a notice when spoofing hosts
272 * exceed_limit (old > flag) | allow user to exceed class user limits
273 * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
274 * dnsbl_exempt | exempt this user from dnsbls
275 * spambot_exempt | exempt this user from spambot checks
276 * shide_exempt | exempt this user from serverhiding
277 * jupe_exempt | exempt this user from generating
278 * warnings joining juped channels
279 * resv_exempt | exempt this user from resvs
280 * flood_exempt | exempt this user from flood limits
281 * USE WITH CAUTION.
282 * no_tilde (old - flag) | don't prefix ~ to username if no ident
283 * need_ident (old + flag) | require ident for user in this class
284 * need_sasl | require SASL id for user in this class
285 */
286 flags = kline_exempt, exceed_limit;
288 /* class: the class the user is placed in */
289 class = "opers";
290 };
292 auth {
293 /* redirect: the server and port to redirect a user to. A user does
294 * not have to obey the redirection, the ircd just suggests to them
295 * an alternative server.
296 */
297 redirserv = "irc.fi";
298 redirport = 6667;
300 user = "*.fi";
302 /* class: a class is required even though it is not used */
303 class = "users";
304 };
306 auth {
307 user = "*@*";
308 class = "users";
310 flags = need_ident;
311 };
313 /* operator {}: defines ircd operators. (OLD O:)
314 * charybdis no longer supports local operators, privileges are
315 * controlled via flags.
316 */
317 operator "god" {
318 /* name: the name of the oper must go above */
320 /* user: the user@host required for this operator. CIDR *is*
321 * supported now. auth{} spoofs work here, other spoofs do not.
322 * multiple user="" lines are supported.
323 */
324 user = "*god@*";
325 user = "*@127.0.0.1";
327 /* password: the password required to oper. Unless ~encrypted is
328 * contained in flags = ...; this will need to be encrypted using
329 * mkpasswd, MD5 is supported
330 */
331 password = "etcnjl8juSU1E";
333 /* rsa key: the public key for this oper when using Challenge.
334 * A password should not be defined when this is used, see
335 * doc/challenge.txt for more information.
336 */
337 #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
339 /* umodes: the specific umodes this oper gets when they oper.
340 * If this is specified an oper will not be given oper_umodes
341 * These are described above oper_only_umodes in general {};
342 */
343 #umodes = servnotice, operwall, wallop;
345 /* allowed_snomask: server notice masks allowed to this oper.
346 * Note that if this includes any notice masks defined in a non-core
347 * module (for example +F in sno_farconnect.so), then the directive
348 * to load this module must occur *before* the operator block.
349 */
350 allowed_snomask = "+Fbcdfknrsuxy";
352 /* snomask: specific server notice mask on oper up.
353 * If this is specified an oper will not be given oper_snomask.
354 */
355 snomask = "+Zbfkrsuy";
357 /* privileges: controls the activities and commands an oper is
358 * allowed to do on the server. You may prefix an option with ~ to
359 * disable it, ie ~operwall
360 *
361 * Default flags are operwall, remoteban and encrypted.
362 *
363 * Available options:
364 *
365 * encrypted: the password above is encrypted [DEFAULT]
366 * kill: allows local and remote users to be /KILL'd
367 * remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
368 * kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
369 * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
370 * nick_changes: allows oper to see nickchanges (OLD 'N' flag)
371 * via usermode +n
372 * rehash: allows oper to REHASH config (OLD 'H' flag)
373 * die: allows DIE and RESTART (OLD 'D' flag)
374 * admin: gives admin privileges. admins
375 * may (un)load modules and see the
376 * real IPs of servers.
377 * hidden_admin: gives admin privileges except
378 * will not have the admin lines in
379 * stats p and whois.
380 * xline: allows use of /quote xline/unxline
381 * operwall: allows the oper to send operwalls [DEFAULT]
382 * auspex: allows the oper to see through +s channels etc.
383 * hidden_oper: hides the oper from /stats p (OLD UMODE +p)
384 * override: Grants implicit channel operator status
385 * in all channels. Use with care.
386 * immune: Allows use of umode +m to make the oper immune
387 * from /kick. Use with extreme caution.
388 * set_cmodes: Allows the oper to set operator-only channel modes,
389 * presently +L and +P.
390 * wallops: Allow use of /wallops.
391 * mass_notice: Allow sending notices and privmsgs to hostmasks as
392 * well as nicks.
393 */
394 flags = global_kill, routing, kline, unkline,
395 die, rehash, admin, xline, operwall,
396 set_cmodes, wallops, mass_notice;
397 };
399 /* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */
400 connect "irc.uplink.com" {
401 /* the name must go above */
403 /* host: the host or IP to connect to. If a hostname is used it
404 * must match the reverse dns of the server.
405 */
406 host = "192.168.0.1";
408 /* vhost: the host or IP to bind to for this connection. If this
409 * is not specified, the default vhost (in serverinfo {}) is used.
410 */
411 #vhost = "192.168.0.50";
413 /* passwords: the passwords we send (OLD C:) and accept (OLD N:).
414 * The remote server will have these passwords reversed.
415 */
416 send_password = "password";
417 accept_password = "anotherpassword";
419 /* port: the port to connect to this server on */
420 port = 6666;
422 /* hub mask: the mask of servers that this server may hub. Multiple
423 * entries are permitted
424 */
425 hub_mask = "*";
427 /* leaf mask: the mask of servers this server may not hub. Multiple
428 * entries are permitted. Useful for forbidding EU -> US -> EU routes.
429 */
430 #leaf_mask = "*.uk";
432 /* class: the class this server is in */
433 class = "server";
435 /* flags: controls special options for this server
436 * encrypted - marks the accept_password as being crypt()'d
437 * autoconn - automatically connect to this server
438 * compressed - compress traffic via ziplinks
439 * topicburst - burst topics between servers
440 */
441 flags = compressed, topicburst;
442 };
444 connect "ipv6.some.server" {
445 host = "3ffd:dead:beef::1";
446 send_password = "password";
447 accept_password = "password";
448 port = 6666;
450 /* aftype: controls whether the connection uses "ipv4" or "ipv6".
451 * Default is ipv4.
452 */
453 aftype = ipv6;
454 class = "server";
455 };
457 /* cluster {}; servers that we propagate things to automatically.
458 * NOTE: This does NOT grant them privileges to apply anything locally,
459 * you must add a seperate shared block for that. Clustering will
460 * only be done for actions by LOCAL opers, that arent directed
461 * remotely.
462 */
463 cluster {
464 /* name: the server to share with, this can be a wildcard and may be
465 * stacked.
466 */
467 /* flags: list of what to share, all the name lines above this (up
468 * until another flags entry) will receive these flags.
469 *
470 * kline - share perm klines
471 * tkline - share temp klines
472 * unkline - share unklines
473 * xline - share perm xlines
474 * txline - share temp xlines
475 * unxline - share unxlines
476 * resv - share perm resvs
477 * tresv - share temp resvs
478 * unresv - share unresvs
479 * all - share all of the above
480 */
482 /* share klines/unklines/xlines with *.lan */
483 name = "*.lan";
484 flags = kline, unkline, xline;
485 };
487 /* service{}: privileged servers (services). These servers have extra
488 * privileges such as setting login names on users and introducing clients
489 * with umode +S (unkickable, hide channels, etc). This does not allow them
490 * to set bans, you need a separate shared{} for that.
491 * Do not place normal servers here.
492 * There may be only one service{} block.
493 */
494 service {
495 /* name: the server name. These may be stacked. */
496 name = "services.int";
497 };
499 /* shared {}: users that are allowed to place remote bans on our server.
500 * NOTE: These are ordered top down. The first one the user@host and server
501 * matches will be used. Their access will then be decided on that
502 * block and will not fall back to another block that matches.
503 */
504 shared {
505 /* oper: the user@host and server the user must be on to set klines.
506 * The first field must be a user@host, the second field is an
507 * optional server. These may be stacked.
508 */
509 /* flags: list of what to allow them to place, all the oper lines
510 * above this (up until another flags entry) will receive these
511 * flags. This *must* be present.
512 *
513 * kline - allow setting perm/temp klines
514 * tkline - allow setting temp klines
515 * unkline - allow removing klines
516 * xline - allow setting perm/temp xlines
517 * txline - allow setting temp xlines
518 * unxline - allow removing xlines
519 * resv - allow setting perm/temp resvs
520 * tresv - allow setting temp resvs
521 * unresv - allow removing xlines
522 * all - allow oper/server to do all of above.
523 * rehash - allow rehashing
524 * none - disallow everything
525 */
527 /* allow flame@*.leeh.co.uk on server irc.ircd-ratbox.org and
528 * allow leeh@*.leeh.co.uk on server ircd.ircd-ratbox.org to kline
529 */
530 oper = "flame@*.leeh.co.uk", "irc.ircd-ratbox.org";
531 oper = "leeh@*.leeh.co.uk", "ircd.ircd-ratbox.org";
532 flags = kline;
534 /* you may forbid certain opers/servers from doing anything */
535 oper = "irc@vanity.oper", "*";
536 oper = "*@*", "irc.vanity.server";
537 oper = "irc@another.vanity.oper", "bigger.vanity.server";
538 flags = none;
540 /* or allow everyone to place temp klines */
541 oper = "*@*";
542 flags = tkline;
543 };
545 /* exempt {}: IPs that are exempt from Dlines. (OLD d:) */
546 exempt {
547 ip = "192.168.0.0/16";
549 /* these may be stacked */
550 ip = "127.0.0.1";
551 ip = "10.0.0.0/8";
552 };
554 /* The channel block contains options pertaining to channels */
555 channel {
556 /* invex: Enable/disable channel mode +I, a n!u@h list of masks
557 * that can join a +i channel without an invite.
558 */
559 use_invex = yes;
561 /* except: Enable/disable channel mode +e, a n!u@h list of masks
562 * that can join a channel through a ban (+b).
563 */
564 use_except = yes;
566 /* knock: Allows users to request an invite to a channel that
567 * is locked somehow (+ikl). If the channel is +p or you are banned
568 * the knock will not be sent.
569 */
570 use_knock = yes;
572 /* invite ops only: Restrict /invite to ops on channels, rather than
573 * allowing unopped users to invite people to a -i channel.
574 */
575 invite_ops_only = yes;
577 /* knock delay: The amount of time a user must wait between issuing
578 * the knock command.
579 */
580 knock_delay = 5 minutes;
582 /* knock channel delay: How often a knock to any specific channel
583 * is permitted, regardless of the user sending the knock.
584 */
585 knock_delay_channel = 1 minute;
587 /* max chans: The maximum number of channels a user can join/be on. */
588 max_chans_per_user = 15;
590 /* max bans: maximum number of +b/e/I/q modes in a channel */
591 max_bans = 25;
593 /* max bans: maximum number of +b/e/I/q modes in a +L channel */
594 max_bans_large = 500;
596 /* splitcode: split users, split servers and either no join on split
597 * or no create on split must be enabled for split checking.
598 * splitmode will be entered on either split users or split servers
599 * dropping below the limit.
600 *
601 * you may force splitmode to be permanent by /quote set splitmode on
602 */
604 /* split users: when the usercount is lower than this level, consider
605 * ourselves split. this must be set for automatic splitmode
606 */
607 default_split_user_count = 0;
609 /* split servers: when the amount of servers that have acknowledged
610 * theyve finished bursting is lower than this, consider ourselves
611 * split. this must be set for automatic splitmode
612 */
613 default_split_server_count = 0;
615 /* split: no create: disallow users creating channels on split */
616 no_create_on_split = no;
618 /* split: no join: disallow users joining channels at all on a split */
619 no_join_on_split = no;
621 /* burst topicwho: when bursting topics, also burst the topic setter */
622 burst_topicwho = yes;
624 /* kick on split riding: kick users riding splits to join +i or +k
625 * channels. more precisely, if a bursting server sends an SJOIN
626 * for a channel with a lower TS with either a +i mode or a +k
627 * mode with a different key, kick all local users.
628 *
629 * note: this does not take +r, +b, +e and +I into account.
630 *
631 * warning: if there are any TS5 servers on the network, this
632 * will cause ban desyncs if they send such an SJOIN and the
633 * splitriders added any bans (our side will lose them, the TS5
634 * side will accept them). we will send a notice to the channel
635 * if this happens. most services do not send such SJOINs but
636 * ratbox-services does.
637 */
638 kick_on_split_riding = no;
639 };
642 /* The serverhide block contains the options regarding serverhiding */
643 serverhide {
644 /* flatten links: this option will show all servers in /links appear
645 * that they are linked to this current server
646 */
647 flatten_links = no;
649 /* links delay: how often to update the links file when it is
650 * flattened.
651 */
652 links_delay = 5 minutes;
654 /* hidden: hide this server from a /links output on servers that
655 * support it. this allows hub servers to be hidden etc.
656 */
657 hidden = no;
659 /* disable hidden: prevent servers hiding themselves from a
660 * /links ouput.
661 */
662 disable_hidden = no;
663 };
665 /* These are the blacklist settings.
666 * You can have multiple combinations of host and rejection reasons.
667 * They are used in pairs of one host/rejection reason.
668 *
669 * These settings should be adequate for most networks, and are (presently)
670 * required for use on AthemeNet.
671 *
672 * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
673 * connections.
674 *
675 * Note: AHBL (the providers of the below BLs) request that they be
676 * contacted, via email, at admins@2mbit.com before using these BLs.
677 * See <http://www.ahbl.org/services.php> for more information.
678 */
679 #blacklist {
680 # host = "ircbl.ahbl.org";
681 # reject_reason = "You have a host listed in the ircbl.ahbl.org blacklist.";
682 #
683 # host = "tor.ahbl.org";
684 # reject_reason = "You are connecting from a TOR exit node.";
685 #};
687 /*
688 * Alias blocks allow you to define custom commands. (Old m_sshortcut.c)
689 * They send PRIVMSG to the given target. A real command takes
690 * precedence above an alias.
691 */
692 alias "NickServ" {
693 /* the name must go above */
695 /* target: the target nick (must be a network service) or
696 * user@server (cannot be this server, only opers can use
697 * user starting with "opers" reliably, interpreted on the target
698 * server only so you may need to use nick@server instead)
699 */
700 target = "NickServ";
701 };
703 alias "ChanServ" {
704 target = "ChanServ";
705 };
707 alias "OperServ" {
708 target = "OperServ";
709 };
711 alias "MemoServ" {
712 target = "MemoServ";
713 };
715 alias "NS" {
716 target = "NickServ";
717 };
719 alias "CS" {
720 target = "ChanServ";
721 };
723 alias "OS" {
724 target = "OperServ";
725 };
727 alias "MS" {
728 target = "MemoServ";
729 };
731 /* The general block contains many of the options that were once compiled
732 * in options in config.h. The general block is read at start time.
733 */
734 general {
735 /* hide error messages: defines whether error messages from
736 * servers are hidden or not. These can sometimes contain IPs and
737 * can have an adverse effect on server ip hiding. Set to:
738 * yes: hide from opers and admin
739 * opers: hide from opers only
740 * no: do not hide error messages
741 */
742 hide_error_messages = opers;
744 /* hide spoof ips: hide the real ips of auth{} spoofed users
745 * If disabled, local opers can see them.
746 * Dynamic spoofs (e.g. set by services) are unaffected by this;
747 * any oper (local and remote) can see the real ip.
748 * Warning: for whowas, this is checked when the client exits,
749 * not when the IP is shown.
750 */
751 hide_spoof_ips = yes;
753 /* default umodes: umodes to set upon connection
754 * If you have enabled the ip_cloaking extension, and you wish for
755 * incoming clients to be set +h upon connection, add +h to the umode
756 * string below.
757 */
758 default_umodes = "+i";
760 /* default operstring: defines the default oper response
761 * in /whois queries, eg "is an IRC Operator".
762 * After startup use /quote set operstring to change.
763 */
764 default_operstring = "is an IRC Operator";
766 /* default adminstring: defines the default admin response
767 * in /whois queries, eg "is a Server Administrator".
768 * After startup use /quote set adminstring to change.
769 */
770 default_adminstring = "is a Server Administrator";
772 /* servicestring: defines the response for opered services (+S)
773 * in /whois queries, eg "is a Network Service".
774 * This is updated on rehash.
775 */
776 servicestring = "is a Network Service";
778 /* disable fake channels: disable local users joining fake versions
779 * of channels, eg #foo^B^B. Disables bold, mirc colour, reverse,
780 * underline and hard space. (ASCII 2, 3, 22, 31, 160 respectively).
781 */
782 disable_fake_channels = no;
784 /* tkline_expire_notices: give a notice to opers when a tkline
785 * expires
786 */
787 tkline_expire_notices = no;
789 /* floodcount: the default value of floodcount that is configurable
790 * via /quote set floodcount. This is the amount of lines a user
791 * may send to any other user/channel in one second.
792 */
793 default_floodcount = 10;
795 /* failed oper notice: send a notice to all opers on the server when
796 * someone tries to OPER and uses the wrong password, host or ident.
797 */
798 failed_oper_notice = yes;
800 /* dots in ident: the amount of '.' characters permitted in an ident
801 * reply before the user is rejected.
802 */
803 dots_in_ident=2;
805 /* dot in ipv6: ircd-hybrid-6.0 and earlier will disallow hosts
806 * without a '.' in them. this will add one to the end. only needed
807 * for older servers.
808 */
809 dot_in_ip6_addr = no;
811 /* min nonwildcard: the minimum non wildcard characters in k/d/g lines
812 * placed via the server. klines hand placed are exempt from limits.
813 * wildcard chars: '.' '*' '?' '@'
814 */
815 min_nonwildcard = 4;
817 /* min nonwildcard simple: the minimum non wildcard characters in
818 * xlines/resvs placed via the server.
819 * wildcard chars: '*' '?'
820 */
821 min_nonwildcard_simple = 3;
823 /* max accept: maximum allowed /accept's for +g usermode */
824 max_accept = 20;
826 /* max monitor: the maximum amount of nicknames a client may have in
827 * their monitor (server-side notify) list.
828 */
829 max_monitor = 100;
831 /* nick flood: enable the nickflood control code */
832 anti_nick_flood = yes;
834 /* nick flood: the nick changes allowed in the specified period */
835 max_nick_time = 20 seconds;
836 max_nick_changes = 5;
838 /* anti spam time: the minimum time a user must be connected before
839 * custom quit messages are allowed.
840 */
841 anti_spam_exit_message_time = 5 minutes;
843 /* ts delta: the time delta allowed between server clocks before
844 * a warning is given, or before the link is dropped. all servers
845 * should run ntpdate/rdate to keep clocks in sync
846 */
847 ts_warn_delta = 30 seconds;
848 ts_max_delta = 5 minutes;
850 /* client exit: prepend a users quit message with "Client exit: " */
851 client_exit = yes;
853 /* collision fnc: change user's nick to their UID instead of
854 * killing them, if possible. This setting only applies to nick
855 * collisions detected on this server. Only enable this if
856 * all servers on the network allow remote nicks to start with
857 * a digit.
858 */
859 collision_fnc = yes;
861 /* global snotices: send out certain snotices (most +b, +f, +y,
862 * some +s) to other servers via ENCAP SNOTE. Received SNOTEs are
863 * displayed unconditionally.
864 */
865 global_snotices = yes;
867 /* dline reason: show the user the dline reason when they connect
868 * and are dlined.
869 */
870 dline_with_reason = yes;
872 /* kline delay: delay the checking of klines until a specified time.
873 * Useful if large kline lists are applied often to prevent the
874 * server eating CPU.
875 */
876 kline_delay = 0 seconds;
878 /* kline reason: show the user the reason why they are k/dlined
879 * on exit. may give away who set k/dline when set via tcm.
880 */
881 kline_with_reason = yes;
883 /* kline reason: make the users quit message on channels this
884 * reason instead of the oper's reason.
885 */
886 kline_reason = "Connection closed";
888 /* identify to services via server password
889 * if auth{} block had no password but the user specified a
890 * server password anyway, send a PRIVMSG to <identify_service>
891 * with as text <identify_command> <password>.
892 */
893 identify_service = "NickServ@services.int";
894 identify_command = "IDENTIFY";
896 /* non redundant klines: flag and ignore redundant klines */
897 non_redundant_klines = yes;
899 /* warn no nline: warn opers about servers that try to connect but
900 * we dont have a connect {} block for. Twits with misconfigured
901 * servers can get really annoying with this enabled.
902 */
903 warn_no_nline = yes;
905 /* stats e disabled: disable stats e. useful if server ips are
906 * exempted and you dont want them listing on irc.
907 */
908 stats_e_disabled = no;
910 /* stats c oper only: make stats c (connect {}) oper only */
911 stats_c_oper_only=no;
913 /* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */
914 stats_h_oper_only=no;
916 /* stats y oper only: make stats y (class {}) oper only */
917 stats_y_oper_only=no;
919 /* stats o oper only: make stats o (opers) oper only */
920 stats_o_oper_only=yes;
922 /* stats P oper only: make stats P (ports) oper only
923 * NOTE: users doing stats P will never be given the ips that the
924 * server listens on, simply the ports.
925 */
926 stats_P_oper_only=no;
928 /* stats i oper only: make stats i (auth {}) oper only. set to:
929 * yes: show users no auth blocks, made oper only.
930 * masked: show users first matching auth block
931 * no: show users all auth blocks.
932 */
933 stats_i_oper_only=masked;
935 /* stats k/K oper only: make stats k/K (klines) oper only. set to:
936 * yes: show users no auth blocks, made oper only
937 * masked: show users first matching auth block
938 * no: show users all auth blocks.
939 */
940 stats_k_oper_only=masked;
942 /* map oper only: make /map oper only */
943 map_oper_only = no;
945 /* caller id wait: time between notifying a +g user that somebody
946 * is messaging them.
947 */
948 caller_id_wait = 1 minute;
950 /* pace wait simple: time between use of less intensive commands
951 * (HELP, remote WHOIS, WHOWAS)
952 */
953 pace_wait_simple = 1 second;
955 /* pace wait: time between more intensive commands
956 * (ADMIN, INFO, LIST, LUSERS, MOTD, STATS, VERSION)
957 */
958 pace_wait = 10 seconds;
960 /* short motd: send clients a notice telling them to read the motd
961 * instead of forcing a motd to clients who may simply ignore it.
962 */
963 short_motd = no;
965 /* ping cookies: require clients to respond exactly to a ping command,
966 * can help block certain types of drones and FTP PASV mode spoofing.
967 */
968 ping_cookie = no;
970 /* connect timeout: sets how long we should wait for a connection
971 * request to succeed
972 */
973 connect_timeout = 30 seconds;
975 /* disable auth: disables identd checking */
976 disable_auth = no;
978 /* no oper flood: increase flood limits for opers. */
979 no_oper_flood = yes;
981 /* idletime: the maximum amount of time a user may idle before
982 * they are disconnected
983 */
984 idletime = 0;
986 /* REMOVE ME. The following line checks you've been reading. */
987 havent_read_conf = yes;
989 /* max targets: the maximum amount of targets in a single
990 * PRIVMSG/NOTICE. set to 999 NOT 0 for unlimited.
991 */
992 max_targets = 4;
994 /* client flood: maximum number of lines in a clients queue before
995 * they are dropped for flooding.
996 */
997 client_flood = 20;
999 /* use_whois_actually: send clients requesting a whois a numeric
1000 * giving the real IP of non-spoofed clients to prevent DNS abuse.
1001 */
1002 use_whois_actually = yes;
1004 /* usermodes configurable: a list of usermodes for the options below
1005 *
1006 * +g - callerid - Server Side Ignore
1007 * +D - deaf - Don't see channel messages
1008 * +i - invisible - Not shown in NAMES or WHO unless you share a
1009 * a channel
1010 * +Q - noforward - Unaffected by channel forwarding
1011 * +R - regonlymsg - No messages from unindentified
1012 * +s - servnotice - See server notices
1013 * +w - wallop - See oper and server generated WALLOPS
1014 * +z - operwall - See operwalls
1015 */
1017 /* oper only umodes: usermodes only opers may set */
1018 oper_only_umodes = operwall, servnotice;
1020 /* oper umodes: default usermodes opers get when they /oper */
1021 oper_umodes = servnotice, operwall, wallop;
1023 /* oper snomask: default snomask opers get when they /oper,
1024 * provided they have umode +s set */
1025 oper_snomask = "+s";
1027 /* servlink path: path to 'servlink' program used by ircd to handle
1028 * encrypted/compressed server <-> server links.
1029 *
1030 * only define if servlink is not in same directory as ircd itself.
1031 */
1032 #servlink_path = "/usr/local/ircd/bin/servlink";
1034 /* use egd: if your system does not have *random devices yet you
1035 * want to use OpenSSL and encrypted links, enable this. Beware -
1036 * EGD is *very* CPU intensive when gathering data for its pool
1037 */
1038 #use_egd = yes;
1040 /* egdpool path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
1041 * which automatically finds the path.
1042 */
1043 #egdpool_path = "/var/run/egd-pool";
1046 /* compression level: level of compression for compressed links between
1047 * servers.
1048 *
1049 * values are between: 1 (least compression, fastest)
1050 * and: 9 (most compression, slowest).
1051 */
1052 #compression_level = 6;
1054 /* burst_away: This enables bursting away messages to servers.
1055 * With this disabled, we will only propogate AWAY messages
1056 * as users send them, but never burst them. Be warned though
1057 * enabling this could increase the size of a burst significantly
1058 * for a large network, like EFnet.
1059 */
1060 burst_away = yes;
1062 /* nick delay: This locks nicks of split clients for the given time
1063 * or until a remote client uses the nick. This significantly
1064 * reduces nick collisions on short splits but it can be annoying.
1065 * To make things as fair as possible, this should be the same on
1066 * all servers. If you enable this, the suggested value is 15 minutes.
1067 */
1068 nick_delay = 0 seconds;
1070 /* reject time: the amount of rejections through klines/dlines etc
1071 * allowed in the given time before the rejection is cached and
1072 * a pseudo temp dline is placed
1073 */
1074 reject_ban_time = 1 minute;
1075 reject_after_count = 3;
1077 /* reject duration: the amount of time to cache the rejection */
1078 reject_duration = 5 minutes;
1079 };
1081 modules {
1082 /* module path: paths to search for modules specified below and
1083 * in /modload.
1084 */
1085 path = "/usr/local/ircd/modules";
1086 path = "/usr/local/ircd/modules/autoload";
1088 /* module: the name of a module to load on startup/rehash */
1089 #module = "some_module.so";
1090 };