# enable SSL support, please read the module section #
# of this configuration file. #
# #
+# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so #
+# modules, you must define this value to use ssl on #
+# that port. valid values are 'gnutls' or 'openssl' #
+# respectively. If the module is not loaded, this #
+# setting is ignored. #
+# #
+# transport - If you have m_spanningtree.so loaded, along with #
+# either of the SSL modules (m_ssl_gnutls or #
+# m_ssl_openssl) or m_ziplinks.so, then you may make #
+# use of this value. #
+# setting it to 'openssl' or 'gnutls' or 'zip' #
+# indicates that the port should accept connections #
+# using the given transport name. Transports are #
+# layers which sit on top of a socket and change the #
+# way data is sent and received, e.g. encryption, #
+# compression, and other such things. Because this #
+# may not be limited in use to just encryption, #
+# the 'ssl' value used for client ports does not #
+# exist for servers, and this value is used instead. #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# #
# Syntax is as follows: #
# #
-# <bind address="ip or host" port="port" type="clients"> #
-# <bind address="ip or host" port="port" type="servers"> #
+# <bind address="ip address" port="port" type="clients"> #
+# <bind address="ip address" port="port" type="servers"> #
# #
# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, #
# then you must specify your IPV6 clients in the following form: #
# default) then you do not need to prefix your addresses like this. #
# #
-<bind address="" port="6660-6669" type="clients">
+<bind address="" port="6000" type="clients">
+<bind address="" port="6660-6669" type="clients" ssl="gnutls">
+
+# When linking servers, the openssl and gnutls transports are largely
+# link-compatible and can be used alongside each other or either/or
+# on each end of the link without any significant issues.
+
<bind address="" port="7000,7001" type="servers">
+<bind address="1.2.3.4" port="7005" type="servers" transport="openssl">
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
# You should also include a flood="x" line which indicates #
# the number of lines a user may place into their buffer at once #
# before they are disconnected for excess flood. This feature can #
-# not be disabled, however it can be set to exremely high values, #
+# not be disabled, however it can be set to extremely high values, #
# rendering it effectively disabled. A recommended value is 10. #
# A counter is maintained for each user which is reset every #
# 'threshold' seconds and specifying this threshold value with #
# The optional recvq value is the maximum size which users in this #
# group may grow their receive queue to. This is recommended to be #
# kept pretty low compared to the sendq, as users will always #
-# recieve more than they send in normal circumstances. The default #
+# receive more than they send in normal circumstances. The default #
# if not specified is 4096. #
# #
# IMPORTANT NOTE, CALL THE CONFUSION POLICE! #
# what commands. Class names are case sensitive, #
# seperate multiple class names with spaces. #
# #
-# host - optional hostmask operators will recieve on oper-up. #
+# host - optional hostmask operators will receive on oper-up. #
# #
# Syntax is as follows: #
# #
# is not loaded, this configuration option has no #
# effect and will be ignored. #
# #
-# type - Sefines the kind of operator. This must match a type #
+# type - Defines the kind of operator. This must match a type #
# tag you defined above, and is case sensitive. #
# #
# Syntax is as follows: #
# autoconnect - Sets the server to autoconnect. Where x is the num. #
# (optional) of seconds between attempts. e.g. 300 = 5 minutes. #
# #
-# encryptionkey - Encryption key to be used for AES encryption, where #
-# supported. Links using the spanning tree protocol #
-# support AES. The encryption key must be EXACTLY 8, #
-# 16 or 32 characters in length for a 64, 128 or 256 #
-# bit key, respectively. #
+# transport - If defined, this is a transport name implemented by #
+# another module. Transports are layers on top of #
+# plaintext connections, which alter them in certain #
+# ways. Currently the three supported transports are #
+# 'openssl' and 'gnutls' which are types of SSL #
+# encryption, and 'zip' which is for compression. #
+# If you define a transport, both ends of the #
+# connection must use a compatible transport for the #
+# link to succeed. OpenSSL and GnuTLS are link- #
+# compatible with each other. #
# #
# hidden - When using m_spanningtree.so for linking. you may #
# set this to 'yes', and if you do, the IP address/ #
# information on how to load this module! If you do not load this #
# module, server links will NOT work! #
# #
+# Also, if you define any transports, you must load the modules for #
+# these transports BEFORE you load m_spanningtree, e.g. place them #
+# above it in the configuration file. Currently this means the three #
+# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on #
+# which you choose to use. #
+# #
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
autoconnect="300"
failover="hub.other.net"
timeout="15"
+ transport="gnutls"
sendpass="outgoing!password"
recvpass="incoming!password">
# new TS values in the timestamp. If you think this #
# is just pointless noise, define the value to 0. #
# #
+# ircumsgprefix - Use undernet style message prefix for channel #
+# NOTICE and PRIVMSG adding the prefix to the line #
+# of text sent out. Eg. NOTICE @#test :@ testing #
+# vs off: NOTICE @#test :testing #
+#
# notimesync - If this value is 'yes', 'true', or '1', time #
# synchronization is disabled on this server. This #
# means any servers you are linked to will not #
nouserdns="no"
syntaxhints="no"
cyclehosts="yes"
+ ircumsgprefix="no"
announcets="yes"
notimesync="no"
allowhalfop="yes">
#
#<module name="m_spanningtree.so">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MD5 Module - Allows other modules to generate MD5 hashes, usually for
+# cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as m_cloaking.so and m_opermd5.so may rely on
+# this module being loaded to function.
+#
+#<module name="m_md5.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# SHA256 Module - Allows other modules to generate SHA256 hashes,
+# usually for cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as m_opermd5.so may rely on this module being
+# loaded to function.
+#
+#<module name="m_sha256.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alias module: Allows you to define server-side command aliases
#<module name="m_alias.so">
# commands to services, however they are not limited to just this use.#
# An alias tag requires the following values to be defined in it: #
# #
-# text - The text to detect at the start of the line, #
-# must be at the start of the line to trigger the #
-# alias. Cant contain spaces, but case insensitive #
+# text - The text to detect as the actual command line, #
+# Cant contain spaces, but case insensitive. #
+# You may have multiple aliases with the same #
+# command name (text="" value), however the first #
+# found will be executed if its format value is #
+# matched, or it has no format value. Aliases are #
+# read from the top of the file to the bottom. #
+# #
+# format - If this is defined, the parameters of the alias #
+# must match this glob pattern. For example if you #
+# want the first parameter to start with a # for #
+# the alias to be executed, set format="#*" in the #
+# alias definition. Note that the :'s which are #
+# part of IRC formatted lines will be preserved #
+# for matching of this text. This value is #
+# optional. #
+# #
# replace - The text to replace 'text' with. Usually this #
# will be "PRIVMSG ServiceName :$2-" or similar. #
# You may use the variables $1 through $9 in the #
# commands with \n. If you wish to use the ACTUAL #
# characters \ and n together in a line, you must #
# use the sequence "\\n". #
+# #
# requires - If you provide a value for 'requires' this means #
# the given nickname MUST be online for the alias #
# to successfully trigger. If they are not, then #
# the user receives a 'no such nick' 401 numeric. #
+# #
# uline - Defining this value with 'yes', 'true' or '1' #
# will ensure that the user given in 'requires' #
# must also be on a u-lined server, as well as #
# online, but not on a u-lined server, then an #
# oper-alert is sent out as this is possibly signs #
# of a user trying to impersonate a service. #
+# #
# operonly - Defining this value, with a value of 'yes', '1' #
# or true will make the alias oper only. If a non- #
# oper attempts to use the alias, it will appear #
#<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
#<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
#<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
-#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $3" requires="NickServ" uline="yes">
+#
+# An example of using the format value to create an alias with two
+# different behaviours depending on the format of the parameters.
+#
+#<alias text="ID" format="#*" replace="PRIVMSG ChanServ :IDENTIFY $2 $3"
+# requires="ChanServ" uline="yes">
+#
+#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2"
+# requires="NickServ" uline="yes">
+#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alltime module: Shows time on all connected servers at once
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block CAPS module: Blocking all-CAPS messages with cmode +P
#<module name="m_blockcaps.so">
+# #
+#-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# percent - How many percent of text must be caps before text #
+# will be blocked. #
+# #
+# minlen - The minimum length a line must be for the block #
+# percent to have any effect. #
+# #
+#<blockcaps percent="95" minlen="5">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block colour module: Blocking colour-coded messages with cmode +c
#<module name="m_chgident.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Cloaking module: Adds usermode +x and cloaking support
+# Cloaking module: Adds usermode +x and cloaking support.
+# Relies on the module m_md5.so being loaded before m_cloaking.so in
+# the configuration file.
#<module name="m_cloaking.so">
#
#-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# Optional - If ypu specify the m_cloaking.so module as above, you #
+# Optional - If you specify the m_cloaking.so module as above, you #
# must define cloak keys, and optionally a cloak prefix as shown #
# below. When using cloaking, the cloak keys are MANDITORY and must #
# be included. However, if prefix is not included, it will default #
# to your networks name from the <server> tag. #
# #
-# <cloak key1="543241423" #
-# key2="5378410432" #
-# key3="1143242382" #
-# key4="9504324581" #
+# <cloak key1="0x2AF39F40" #
+# key2="0x78E10B32" #
+# key3="0x4F2D2E82" #
+# key4="0x043A4C81" #
# prefix="mynet"> #
# #
# Please note that the key values will accept any number, and should #
# be large numbers. Using small numbers such as "7" or "1924" will #
-# seriously weaken the security of your cloak. #
+# seriously weaken the security of your cloak. It is recommended you #
+# use hexdecimal numbers prefixed by "0x", as shown in this example, #
+# with each key eight hex digits long. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Conn-Lusers: Shows the LUSERS output on connect
#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Deaf module: adds support for ircu style usermode +d - deaf to
+# channel messages and channel notices.
+#<module name="m_deaf.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny Channels: Deny Channels from being used by users
#<module name="m_denychans.so">
# Devoice Module: Let users devoice themselves.
#<module name="m_devoice.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# DNS Blacklist Module: Provides support for looking up IPs on one or #
+# more blacklists. #
+#<module name="m_dnsbl.so"> #
+# #
+# For configuration options please see the wiki page for m_dnsbl at #
+# http://inspircd.org/wiki/DNS_Blacklist_Module #
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Filter module: Provides glob-based message filtering
#<module name="m_filter.so">
# Knock module: adds the /KNOCK command and +K channel mode
#<module name="m_knock.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that is #
+# used to temporarily close/open for new connections to the server. #
+# These commands require OPER status and that the LOCKSERV UNLOCKSERV #
+# are specified in a <class> tag that the oper is part of. This is so #
+# you can control who has access to this possible dangerous command. #
+# If your server is locked and you got disconnected, do a REHASH from #
+# shell to open up again.
+#<module name="m_lockserv.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Msg flood module: Adds message/notice flood protection (+f)
#<module name="m_messageflood.so">
# Oper channels mode: Adds the +O channel mode
#<module name="m_operchans.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper hash module: Allows hashed oper passwords
+# Relies on the module m_md5.so and/or m_sha256.so being loaded before
+# m_oper_hash.so in the configuration file.
+#<module name="m_oper_hash.so">
+#
+#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+#
+# To use this module, you must define a hash type for each oper's
+# password you want to hash. For example:
+#
+# <oper name="katsklaw"
+# host="ident@dialup15.isp.com"
+# hash="sha256"
+# password="a41d730937a53b79f788c0ab13e9e1d5"
+# type="NetAdmin">
+#
+# The types of hashing available vary depending on which hashing modules
+# you load, but usually if you load m_sha256.so and m_md5.so, both md5
+# and sha256 type hashing will be available (the most secure of which
+# is SHA256).
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper Join module: Forces opers to join a channel on oper-up
#<module name="m_operjoin.so">
# Specify the level as the 'level' parameter of the <type> tag
#<module name="m_operlevels.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper MD5 module: Allows MD5 hashed oper passwords
-#<module name="m_opermd5.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper SHA256 module: Allows SHA256 hashed oper passwords
-# This module is in src/modules/extra
-#<module name="m_opersha256.so">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper modes module: Allows you to specify modes to add/remove on oper
# Specify the modes as the 'modes' parameter of the <type> tag
# #
# m_ssl_gnutls.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/GnuTLS_SSL_Module #
+# #
+# NOTE: If you want to use this module to encrypt and sign your #
+# server to server traffic, you MUST load it before m_spanningtree in #
+# your configuration file! #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Info module: Allows users to retrieve information about other
# #
# m_ssl_openssl.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/OpenSSL_SSL_Module #
+# #
+# NOTE: If you want to use this module to encrypt and sign your #
+# server to server traffic, you MUST load it before m_spanningtree in #
+# your configuration file! #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Cert Oper module: Allows opers to oper up using the key fingerprint
# maintain notify lists.
#<module name="m_watch.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# ZipLinks module: Adds support for zlib deflate on server to server
+# connections. Both ends of the connection must load this module.
+#
+#<module name="m_ziplink.so">
+#
+# To use this module, you must enable it as a transport type in your
+# <link> tags or <bind> tags using the transport name 'zip'.
+# See the documentation of <link> and <bind>, respectively.
+#
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The ban tags define nick masks, host masks and ip ranges which are #
<exception host="*@ircop.host.com" reason="Opers hostname">
+#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This optional tag allows you to specify how wide a gline, eline, #
+# kline, zline or qline can be before it is forbidden from being #
+# set. By setting hostmasks="yes", you can allow all G, K, E lines, #
+# no matter how many users the ban would cover. This is not #
+# recommended! By setting ipmasks="yes", you can allow all Z lines, #
+# no matter how many users these cover too. Needless to say we #
+# don't recommend you do this, or, set nickmasks="yes", which will #
+# allow any qline. #
+# #
+# The trigger value indicates how wide any mask will be before it is #
+# prevented from being set. The default value is 95.5% if this tag is #
+# not defined in your configuration file, meaning that if your #
+# network has 1000 users, a gline matching over 955 of them will be #
+# prevented from being added. #
+# #
+# Please note that remote servers (and services) are exempt from #
+# these restrictions and expected to enforce their own policies #
+# locally! #
+# #
+
+<insane hostmasks="no" ipmasks="no" nickmasks="no" trigger="95.5">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# You should already know what to do here :) #