Attachment 'ircd.conf'
Download# IRC - Internet Relay Chat, doc/example.conf # Copyright (C) 1992, Bill Wisner # # Modified by Rodder, Jon Lusky <lusky@blown.net>, # at one time, but he didn't credit his changes. # Updated Dec 19, 1997 Diane Bruce aka db/Dianora <db@db.net> # please also read example.conf.trillian, it covers # elements this example misses. # -db # Updated again July 17, 1998 -db # Updated 990102 to take out P: line connection limiting code # Updated again July 5, 1999 -db # Updated for dancer 2000/08/04 -- asuffield # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 1, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # # IRC example configuration file # # This file describes the information that should be present in your IRC # configuration and how to present it. # # M: set your server's name. Fields are, in order, host name (domain style), # optional bind address, a text name, and unused. # # NOTE: The "optional bind address" is an address used in binding to a # local address when we connect outbound. For example, if your server machine # is myhost.example.com (192.168.1.5) and you want IRCD to connect to others # from irc.example.com (192.168.1.250), you'd put 192.168.1.250 in the # "optional bind address" field. If left blank, UNIX will choose the primary # address of the interface closest to the destination. # # NOTE: As of hybrid-6, the port field no longer binds a port by default. # It is an inoperative and obsolete field. # M:localhost.: :dancer-services localhost: # # A: administrative information. This line should have three fields, which # may contain any arbitrary text. It is printed by the /ADMIN command. # A:Example location:My address:Inept server admin <dancer@localhost> # # Y: define connection class. A class must be defined in a Y: line before # it is used in a C, N, or I line. The fields are, in order, class number, # ping frequency in seconds, connect frequency in seconds, maximum # number of links (used for auto-connecting), and size of sendq. # For servers a sendq of at least 4mb is recommended if not more. # # N.B. Y lines must be defined before I lines and O lines, since # both I lines and O lines make reference to Y lines or classes. # # For clients, the connect frequency field is used to set the maximum # number of connects from same IP address. i.e. setting this field to '1' # will limit every I line using this Y, to one connection per IP address. # leaving it blank or 0, will disable any such checking. # # Class numbers must be positive to ensure future modification of ircd to # use -1 internally could not be complicated with it's use externally. # Y:1:90:0:20:100000 Y:2:90:300:10:4000000 # # .include lines, insert a file from DPATH directory into the conf # you could use this to insert a common file between several # ircd's if you wished. include files are handled after all the # other lines in the conf file are done. i.e. a .include is always # as if it was at the end of the conf file. # # This brings in the external O:lines file, if there is one .include "/etc/dancer-ircd/olines" # # I: authorize clients to connect to your server. You can use domains, # IP addresses, and asterisk wildcards. The second field can contain a # password that the client must use in order to be allowed to connect. # The optional fifth field may contain a connection class number. # #I:NOMATCH::*.alaska.edu::1 #I:NOMATCH:password:acad3.alaska.edu::1 # # If using IDENT, to activate it, you need to place a "user@" in the # host segment. # #I:*@acad3.alask.edu::*@acad3.alaska.edu::1 #I:root@acad.alask.edu::root@acad.alaska.edu::1 # # The above are bad examples of I-lines, what really happens is something # like this: # I:NOMATCH::*@*::1 ## This is a correct example in hybrid-6, the username ## is not used for an IP I line (this may be changed, its a simple change ## but EFnet is currently deprecating the use of non resolving client hosts) ## If the IP block has a resolving host name, it will be shown instead ## of the IP address. This just serves to allow on an entire block of ip's ## without needing to specify each individual hostname. ## Note, you must use an 'x' in the name field #I:128.250.0.0/16::x::1 # # You can also limit the number of connections from one host # to any value. This can be used to stop cloners # This is done using the normally unused confreq line in the Y line. # # i.e. # Allow 100 users in a "bad boy" class, but allow only ONE # user per IP to connect at a time. # #Y:3:90:1:100:100000 # # Remember to put your "bad boy" I line last in the file, so it # seen first and matches first before your standard I lines # # With hybrid ircd, max connections is taken from the class # not per I line. i.e. the 3 I lines following will always add # up to 100 or less, not 100 per I line. # #I:NOMATCH::*@*ppp*::3 #I:NOMATCH::*@*slip*::3 #I:NOMATCH::*@*ts*::3 # # a name pattern in the first field will never cause a match since it's only # ever matched against an IP# in the form a.b.c.d and a number in the third # field will never match since a hostname is always compared against this # field. The '@' needs to be in the IP# section for ident to be used. # ## additional prefix characters in I lines are defined ## ## from comstud ## ## 1) There are noticable differences in I: lines now. ## There are 4 special characters that you can stick in front ## of a hostname or ip# that do special things. ## These characers are: ## - This will never put a ~ for a user not running identd ## + This will force people matching this I: to require identd ## ! This means to only allow 1 connection per ip# in this I: ## $ (Not used in hybrid) ## ## Examples: ## ## a) I:x::!*@*ppp*::class will only allow X connections per ip# for people ## who have *ppp* in their hostname where X is given in the Y: line. ## If there is no ! and you have a limit in your Y: line, then it matches ## full user@host instead of just host. ## b) I:x::-*@*.cris.com::class will never show a ~, even though they may ## not be running identd. (This is equivilent to the old way of not ## specifying a @ in the I: line). ## Additionally since ircd-hybrid-6 ## B/E/F lines were removed and replaced with 3 other special characters ## in I lines ## ## ^ This will exempt a user from K/G lines, limited protection from D lines ## & User can run bots (old B line) ## > This user is exempt from I line/server side connection limits ## (old F line) ## _ This user is exempt from G lines ## ## A variant of amm's spoofing code was added ## = Spoof this users IP, normally only used for opers ## ## < This user is exempt from idle restrictions if IDLE_CHECK is defined ## ## Examples ## c) I:NOMATCH::^db@koruna.varner.com::3 ## This user is exempt from k/g lines ## d) I:NOMATCH::&jerdfelt@*mindspring.net::3 ## This user can run a bot, and is also "e lined" ## e) I:NOMATCH::>lusky@*vol.com::3 ## This user is immune from I line limits ## f) I:NOMATCH::^&>mpearce@*varner.com::3 ## This user can run a bot, is exempt ## from client connect limits. ## g) I:smurfers.are.lame::=dgalas@*somewhere.com::3 ## Show this user as being dgalas@smurfers.are.lame ## an IP can be used instead as long as the name field does not begin ## with an 'x' ## i.e. ## I:192.168.0.0/24::x::3 #this is an IP I line ## I:192.168.0.0::db@*somesite.com::3 #this is a spoofed IP # # O: authorize operators. Fields are, in order, host name the operator must # be logged in from (wildcards allowed), operator's password, operator's # nickname. ## ## O:lines are better described in the dancer-oper-guide than here ## The new format for dancer has the 4th field (port) as the allowed umodes, ## and the 6th field (after the connection class) as the default umodes to ## be set on OPER. # Examples: O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:admin:abcdDfFgGhHkKlLmMnNpPrRsSUvVwWxXyYzZ0123459*:1:acdDfFgGhHkKlRsSUvVWXyYzZ0123459 O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:luser::1: ## NOTE: These examples are from hybrid, and are not valid for dancer. # # The first example allows me to become an operator from any # machine in alaska.edu by typing /oper crunchy frog. # #O:*.alaska.edu:frog:crunchy # ## This example allow this oper, to global kill, do remote squit/connect ## unklines, glines, and use umode +n ## #O:db@*db.net:-encrypted password-:Dianora:ORUGN:3 # ## ## This example disables this opers use of global kill, unkline, and gline ## The oper can still do remote squits/connects ## #O:newbie@*some.net:-encrypted password-:newbie:oug:3 ## ## This example disables this opers use of global kill, unkline, ## gline and gline and remote squits/connects ## essentially the same permissions as a local oper, but with the "vanity" ## They can still local kill and kline for example. ## #O:vanity@*some.net:-encrypted password-:vanity:oug:3 ## ## you could make someone vantiy even more, by disabling their ## kill/kline privs... note they can still do full traces ## umode +c (watch connections) and do rehash ## But otherwise, this set of flags is not practical for ## a normal oper. ## #O:vanity@*some.net:-encrypted password-:vanity:nougk:3 # ## a monitor bot could be given the following privs ## k - no kline/kill ## g - make sure no GLINE ## o - no global kill (already taken care of by 'k' flag above) ## r - no remote routing/squits ## N - allow this monitor to use umode +n for nick changes ## ## Some admins do not like remote tcm kills/klines. If this ## tcm oper gets compromised, the best they can do is ## rehash/trace/umode +cn , i.e. no global kills or "fun" for the ## compromised o line. But its still quite usuable for monitoring ## clones and nick flooders. ## # #o:tcm@*varner.com:-encrypted password-:tcm:kgorN:3 # ## Of course, leaving out the flags entirely defaults to ## reasonable defaults, so if you don't want to worry about it, then don't. ## You can always add G later for example. # ## O : Global operator ## No explicit G or G-line flag, no N or allow umode +n flag ## #O:db@ircd.dianora.com:-encrypted password-:Dianora::3 # # o : local operator. #o:trainee@shell.box.com:password:MyNick::3 # ## ## The fifth field of an O line, is the new class this oper will join ## # C:, N: set up connections to other servers. # # C: specifies a server that your server may connect to. # N: allows a remote server to connect to your own. # # The two lines are usually given in pairs. # # These lines may contain a password in the second field. In fact, to # maintain proper security, *all* IRC server links must have passwords. # # If a C: line contains four fields (the fourth being a TCP port number) # IRC will actively try to connect to that server. You should have at least # one such line. # # If an N: line contains four fields, the fourth should contain a number that # specifies how many components of your own server's name to strip off the # front and be replaced with a *. This is done to implement hostmasking. # For example, to make hayes.ims.alaska.edu present itself to the world as # *.alaska.edu, I would use a 2 (to strip off the first two parts). If you # use this, be sure to tell the administrator of the servers you link to -- # they must add your hostmasked name to their configuration file or you will # be unable to connect. # # The host part of C/N lines MUST contain a valid hostname or IP address # The host part in the C:line MUST be identical to the host part in the N:line # The name part of the C/N lines MUST match the associated H/L line name # # The fifth field may contain a connection class number. # # The following two lines tell my server to try connecting to # byron.u.washington.edu. # C:127.0.0.1:P@ssw0rD:services. N:127.0.0.1:$1$CdjQLLLa$/Mq69SSgCK/wtyNo/eIuw/:services. #C:byron.u.washington.edu:crunchyfrog:byron.u.washington.edu:6667:2 #N:byron.u.washington.edu:crunchyfrog:byron.u.washington.edu:2:2 # # The following two lines allow a server to connect to my server, but my # server will not make any attempt to connect to it. Note that since the # server is local to me, I am not using hostmasking. # #C:kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2 #N:kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2 # # C and N lines may also use the "user@" combination in the same way as # the I-lines. # #C:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2 #N:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2 ## The password in the N:line is usually an MD5 hash, not cleartext ## It must match the password in the C:line on the remote server. ## For serious security, the two servers should have different passwords ## in their C lines, with each other's hash in their N lines. # # K: kill a user automatically upon connecting. This is used to deny # troublesome users access to your server. The fields are, in order, # hostname (wildcards are allowed), time of day, and username. ## Timed k-lines and R: lines are not recommended by the hybrid ## team. They might not even work. Timed-klines made more sense ## for university ircd's but nowadays with so many open irc servers ## around, it just seems pointless. ## -Dianora # The second example restricts access from acad3.alaska.edu from # 9:00am to noon, and 2:00pm to 5:00pm. This form is only supported if # TIMED_KLINES is defined. # #K:*.alaska.edu::FSSPR #K:acad3.alaska.edu:0900-1200,1400-1700:* # Note: it is preferable to place and remove K:lines from a running # ircd, with the KLINE and UNKLINE commands, which write to the kline.conf # file directly, in order to handle timestampts and distribution # across the network cleanly. # # R: restrict user access. This is an extended form of the K: line. # It looks for a match then runs an outside program that will determine # whether the person should be allowed on. The fields are hostname, # program, and username. A full pathname to the program should be used. # The output of the program should be a string of the form "Y <message>" # to allow the user, or "N <message>" to block them. In the first case # the message is ignored; in the latter, it is sent as an error message # to the user. R: lines are only functional if activated in config.h. # #R:kaja.gi.alaska.edu:/usr/local/lib/irc/does-eric-get-in:ejo # ## NOTE: L:lines are not really appropriate for centrally maintained ## networks. It is not recommended that you use them. # # L: leaf. This forces the server listed to act as a leaf. If such a # server allows any other servers to connect to it, its link is # dropped. If a port parameter is non-zero, it is used to control the # maximum depth that link will allow, where depth is the tree depth of # that branch. # #L:::kaja.gi.alaska.edu #L:::cm5.eng.umd.edu:1 # # A new extension to the L-line allows you to be selective # about which other servers you wish the connecting server to behave as # as a leaf towards. The following would not allow any server connecting # with a name that matches *.fi to introduce a server matching *.edu. # #L:*.edu::*.fi # # H: Hub. This is required to allow other servers which connect to you as # a hub and introduce other servers. # #H:*.au:*:*.au H:*::* # # P : port. The port line allows the server to listen on various ports for # connections. Fields in order: unused, # address to bind to, unused, port to listen on # # NOTE: As of hybrid-6, you MUST have at least one P: line defining a port # to listen on, or the server won't do much. # P::::6667 #P::209.42.128.252::31337 # # Listen on port 6665 on all available interfaces. Only allow connections from # net 128.32. This is checked before existance of other access is available. # 128.32.* == 128.32.0.0 where 0 is a wildcard. # Also listen to port 31337 on only 209.42.128.252. Allow connections from # anywhere. # # D : dump. Dumps all connect attempts from the matched IP # without any procesing. # # First arg is target IP and CIDR mask, second is a comment. # #D:208.148.84.3:bot host that changes domain names frequently #D:128.183.0/24:NASA users aren't supposed to be on IRC # # d : immunity to D dump # As in D line , First arg is targe IP and CIDR mask, second is a comment. # #d:199.0.154.0/24:Don't D line ais.net: # # # Q lines, not the old server Q lines, but Quarantine lines for # nicks. Only checked at NICK time, i.e. if added and hashed in # will not kill users who match this nick. # #Q:dcc-*:dcc bots not allowed on this server #Q:lamestbot:You have to be kidding me #Q:crush:In memory of Janet Pippin #Q:cwush:In memory of Janet Pippin #Q:callas:Only allowed from this host:callas@oper.irc.arpa.com # # if JUPE_CHANNEL is defined you can also jupe a channel locally # ## NOTE: JUPE_CHANNEL is not defined by default. This may change later ## when it can be arranged for a jupe to propagate across all servers ## more effectively. # # i.e. no one on your server can join this channel. # You need the backslash to escape the # in the channel # #Q:\#packet:I am tired of the packet fights for this channel # # X lines. # Used to match gecos fields and prohibit users or warn about users # who have matching strings in those fields from getting on the server. # # All X line matches are sent to opers in +r user mode # On an X line, a non 0 value for port exits that client # a 0 value, only warns on +r # # These three examples only warn #X:*www*:Possible spambot warning 1::0 #X:*http*:Possible spambot warning 2::0 #X:*sex*:Possible spambot warning 3::0 # # These two examples reject the client # use this to reject IPHONE users #X:* vc:IPHONE user::1 # This is a very probable spambot #X:*see me at*:This has GOT to be a spambot::1 #X:*hi baby*:This has GOT to be a spambot::1
Attached Files
To refer to attachments on a page, use attachment:filename, as shown below in the list of files. Do NOT use the URL of the [get] link, since this is subject to change and can break easily.You are not allowed to attach a file to this page.