# #
# <server name="server.name" #
# description="Server Description" #
-# networkemail="Email address shown on g/k/z/q lines" #
# id="serverid" #
# network="MyNetwork"> #
# #
-# The server ID is optional, and if omitted or set to 0, is auto- #
-# matically calculated from the server name and description. This is #
-# similar in behaviour to the server id on ircu and charybdis ircds. #
+# The server name should be a syntactically valid hostname, with at #
+# least one '.', and does not need to resolve to an IP address. #
+# #
+# The description is freeform text. Remember you may put quotes in #
+# this field by escaping it using \". #
+# #
+# The network field indicates the network name given in on connect #
+# to clients. It is used by many clients such as mIRC to select a #
+# perform list, so it should be identical on all servers on a net #
+# and should not contain spaces. #
+# #
+# The server ID is optional, and if omitted automatically calculated #
+# from the server name and description. This is similar in #
+# in behaviour to the server id on ircu and charybdis ircds. #
# You should only need to set this manually if there is a collision #
# between two server ID's on the network. The server ID must be #
-# between 1 and 999, if it is not, it will be wrapped to this range. #
-# There is a range of server ID's which are suffixed by two letters #
-# rather than two numbers, e.g. 1AA, 2FF, 3ZZ, which are reserved #
-# for use by non-inspircd servers such as services and stats servers.#
+# three digits or letters long, of which the first digit must always #
+# be a number, and the other two letters may be any of 0-9 and A-Z. #
+# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, #
+# QFX and 5eR are not. Remember, in most cases you will not need to #
+# even set this value, it is calculated for you from your server #
+# name and description. Changing these will change your auto- #
+# generated ID. #
# #
<server name="penguin.omega.org.za"
description="Waddle World"
- id="0"
- network="Omega">
+ network="Omega">
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
# Enter the port and address bindings here. #
# #
-# bind address - specifies which address ports bind to. Leaving this #
+# bind address - Specifies which address ports bind to. Leaving this #
# field blank binds the port to all IP's available. #
# #
# port - The port number to bind to. You may specify a port #
# the entire range from being bound, just that one #
# port number. #
# #
-# type - can be 'clients' or 'servers'. The clients type is #
+# type - Can be 'clients' or 'servers'. The clients type is #
# a standard TCP based socket, the servers type is a #
# also a TCP based connection but of a different #
# format. SSL support is provided by modules, to #
# #
# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so #
# modules, you must define this value to use ssl on #
-# that port. valid values are 'gnutls' or 'openssl' #
+# that port. Valid values are 'gnutls' or 'openssl' #
# respectively. If the module is not loaded, this #
# setting is ignored. #
# #
# either one of the SSL modules (m_ssl_gnutls or #
# m_ssl_openssl) or m_ziplinks.so, then you may make #
# use of this value. #
-# setting it to 'openssl' or 'gnutls' or 'zip' #
+# Setting it to 'openssl' or 'gnutls' or 'zip' #
# indicates that the port should accept connections #
# using the given transport name. Transports are #
# layers which sit on top of a socket and change the #
# config file inspircd.conf, unless the filename starts with a forward#
# slash (/) in which case it is treated as an absolute path. #
# #
+# You may also include an executable file, in which case if you do so #
+# the output of the executable on the standard output will be added #
+# to your config at the point of the include tag. #
+# #
# Syntax is as follows: #
#<include file="file.conf"> #
+#<include executable="/path/to/executable parameters"> #
# #
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# password="blahblah" timeout="10" timeout="blah" #
# flood="5" threshold="8" pingfreq="120" sendq="99999" #
# revcq="696969" localmax="3" globalmax="3" #
-# port="6660" maxchans="50"> #
+# port="6660" maxchans="50" limit="999"> #
# #
# <connect name="blocked" deny="127.0.0.1" port="6667"> #
# #
# only incoming connections on the specified port will match. Port #
# tags may be used on connect allow and connect deny tags. #
# #
+# The limit value determines the maximum number of users which may #
+# be in this class. Combine this with CIDR masks for various ISP #
+# subnets to limit the number of users which may connect at any one #
+# time from a certain ISP. Omit this value to not limit the tag. #
+# #
<connect allow="196.12.*" password="secret" port="6667">
sendq="262144"
recvq="8192"
localmax="3"
- globalmax="3">
+ globalmax="3"
+ limit="5000">
<connect deny="69.254.*">
<connect deny="3ffe::0/32">
# #
# Syntax is as follows: #
# #
-# <class name="name" commands="oper commands"> #
+# <class name="name" commands="oper commands" #
+# usermodes="allowed oper only usermodes" #
+# chanmodes="allowed oper only channelmodes"> #
# #
+# The name value indicates a name for this class. #
+# The commands value indicates a list of one or more commands that #
+# are allowed by this class (see also 'READ THIS BIT' below). #
+# The usermodes and chanmodes values indicate lists of usermodes and #
+# channel modes this oper can execute. This only applies to modes #
+# that are marked oper-only such as usermode +Q and channelmode +O. #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# however it is provided for fast configuration (e.g. in test nets) #
# #
-<class name="Shutdown" commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD">
-<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256">
-<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE">
-<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES">
-<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT">
+<class name="Shutdown" commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD" usermodes="*" chanmodes="*">
+<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256" usermodes="*" chanmodes="*">
+<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE" usermodes="*" chanmodes="*">
+<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES" usermodes="*" chanmodes="*">
+<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*">
#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
# your server, as well as the commands they are allowed to use. #
# This works alongside with the classes specified above. #
# #
-# type name - a name for the combined class types. #
+# type name - A name for the combined class types. #
# a type name cannot contain spaces, however if you #
# put an _ symbol in the name, it will be translated #
# to a space when displayed in a WHOIS. #
# #
-# classes - specified above, used for flexibility for the #
+# classes - Specified above, used for flexibility for the #
# server admin to decide on which operators get #
# what commands. Class names are case sensitive, #
# separate multiple class names with spaces. #
# #
-# host - optional hostmask operators will receive on oper-up. #
+# host - Optional hostmask operators will receive on oper-up. #
# #
# Syntax is as follows: #
# #
# Opers are defined here. This is a very important section. #
# Remember to only make operators out of trust worthy people. #
# #
-# name - oper name, this is case sensitive, so it is best to #
+# name - Oper name, this is case sensitive, so it is best to #
# use lower-case. #
# #
-# password - password to oper-up, also case sensitive. #
+# password - Password to oper-up, also case sensitive. #
# encryption is supported via modules. You may load #
# modules for MD5 or SHA256 encryption, and if you do, #
# this value will be a hash value, otherwise put a #
# plaintext password in this value. #
# #
-# host - hosts of client allowed to oper-up. #
+# host - Hosts of client allowed to oper-up. #
# wildcards accepted, separate multiple hosts with a #
# space. You may also specify CIDR IP addresses. #
# #
-# fingerprint - when using the m_ssl_oper_cert.so module, you may #
+# fingerprint - When using the m_ssl_oper_cert.so module, you may #
# specify a key fingerprint here. This can be obtained #
# using the /fingerprint command whilst the module is #
# loaded, or from the notice given to you when you #
# is not loaded, this configuration option has no #
# effect and will be ignored. #
# #
-# type - defines the kind of operator. This must match a type #
+# type - Defines the kind of operator. This must match a type #
# tag you defined above, and is case sensitive. #
# #
# Syntax is as follows: #
# Defines which servers can link to this one, and which servers this #
# server may create outbound links to. #
# #
-# name - the name is the canonical name of the server, does #
+# name - The name is the canonical name of the server, does #
# not have to resolve - but it is expected to be set #
# in the remote servers connection info. #
# #
-# ipaddr - valid host or IP address for remote server. These #
+# ipaddr - Valid host or IP address for remote server. These #
# hosts are resolved on rehash, and cached, if you #
# specify a hostname; so if you find that your server #
# is still trying to connect to an old IP after you #
# have updated your DNS, try rehashing and then #
# attempting the connect again. #
# #
-# port - the TCP port for the remote server. #
+# port - The TCP port for the remote server. #
# #
-# sendpass - password to send to create an outbound connection #
+# sendpass - Password to send to create an outbound connection #
# to this server. #
# #
-# recvpass - password to receive to accept an inbound connection #
+# recvpass - Password to receive to accept an inbound connection #
# from this server. #
# #
-# autoconnect - sets the server to autoconnect. Where x is the num. #
+# autoconnect - Sets the server to autoconnect. Where x is the num. #
# (optional) of seconds between attempts. e.g. 300 = 5 minutes. #
# #
-# transport - if defined, this is a transport name implemented by #
+# transport - If defined, this is a transport name implemented by #
# another module. Transports are layers on top of #
# plaintext connections, which alter them in certain #
# ways. Currently the three supported transports are #
# link to succeed. OpenSSL and GnuTLS are link- #
# compatible with each other. #
# #
-# statshidden - when using m_spanningtree.so for linking. you may #
+# statshidden - When using m_spanningtree.so for linking. you may #
# set this to 'yes', and if you do, the IP address/ #
# hostname of this connection will NEVER be shown to #
# any opers on the network. In /stats c its address #
# UNLESS the connection fails (e.g. due to a bad #
# password or servername) #
# #
-# allowmask - when this is defined, it indicates a range of IP #
+# allowmask - When this is defined, it indicates a range of IP #
# addresses to allow for this link (You may use CIDR #
# or wildcard form for this address). #
# e.g. if your server is going to connect to you from #
# into this value. If it is not defined, then only #
# the ipaddr field of the server shall be allowed. #
# #
-# failover - if you define this option, it must be the name of a #
+# failover - If you define this option, it must be the name of a #
# different link tag in your configuration. This #
# option causes the ircd to attempt a connection to #
# the failover link in the event that the connection #
# apply to autoconnected servers as well as manually #
# connected ones. #
# #
-# timeout - if this is defined, then outbound connections will #
+# timeout - If this is defined, then outbound connections will #
# time out if they are not connected within this many #
# seconds. If this is not defined, the default of ten #
# seconds is used. #
# #
-# bind - if you specify this value, then when creating an #
+# bind - If you specify this value, then when creating an #
# outbound connection to the given server, the IP you #
# place here will be bound to. This is for multi- #
# homed servers which may have multiple IP addresses. #
# looking for the error 'Could not assign requested #
# address' in your log when connecting to servers. #
# #
-# hidden - if this is set to true, yes, or 1, then the server #
+# hidden - If this is set to true, yes, or 1, then the server #
# is completely hidden from non-opers. It does not #
# show in /links and it does not show in /map. Also, #
# any servers which are child servers of this one #
# example to hide a non-client hub, for which clients #
# do not have an IP address or resolvable hostname. #
# #
-# to u:line a server (give it extra privileges required for running #
+# To u:line a server (give it extra privileges required for running #
# services, Q, etc) you must include the <uline server> tag as shown #
# in the example below. You can have as many of these as you like. #
# #
# #
# ------------------------------------------------------------------- #
# #
-# NOTE: if you have built InspIRCd with IPv6 support, then both #
+# NOTE: If you have built InspIRCd with IPv6 support, then both #
# IPv6 and IPv4 addresses are allowed here, and also in the system #
# resolv.conf file. Remember that an IPv4 DNS server can still #
# resolve IPv6 addresses, and vice versa. #
#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
-# Settings to define which features are usable on your server. #
+# Settings to define which features are usable on your server. #
# #
# prefixquit - A prefix to be placed on the start of a client's #
# quit message #
# QUITS. If specified, overrides both prefixquit #
# and suffixquit options. #
# #
-# loglevel - specifies what detail of messages to log in the #
+# prefixpart - A prefix to be placed on the start of a client's #
+# part message #
+# #
+# suffixpart - A suffix to be placed on the end of a client's #
+# part message. #
+# #
+# fixedpart - A fixed part message to display for all client #
+# parts. If specified, overrides both prefixpart #
+# and suffixpart options. #
+# #
+# loglevel - Specifies what detail of messages to log in the #
# log file. You may select from debug, verbose, #
# default, sparse and none. #
# #
-# allowhalfop - allows the +h channel mode #
+# allowhalfop - Allows the +h channel mode #
# #
# noservices - If noservices is true, yes, or 1, then the first #
# user into a channel gets founder status. This is #
# only useful on networks running the m_chanprotect #
# module without services. #
# #
-# qaprefixes - If qaprefixes is true, yes, or 1, then users #
-# with +q or +a will get the ~ or & prefixes #
-# used in unreal. This is only useful on networks #
-# running the m_chanprotect module #
+# qprefix - qprefix is used by the chanprotect module to give #
+# a visible prefix to users set +q (founder) in chan #
+# It should be set to something sensible like ~ or ! #
+# If not set, no prefix is applied to users with +q #
+# #
+# aprefix - aprefix is the same as qprefix, except it is for #
+# giving users with mode +a (protected) a prefix #
# #
# deprotectself - If this value is set to yes, true, or 1, then any #
# user with +q or +a may remove the +q or +a from #
# especially in the case of bots, and it is #
# recommended that this option is enabled. #
# #
-# netbuffersize - size of the buffer used to receive data from #
+# netbuffersize - Size of the buffer used to receive data from #
# clients. The ircd may only read() this amount #
# of text in one go at any time. (OPTIONAL) #
# #
# hint will be given (using the RPL_TEXT numeric) #
# as well as the standard ERR_NEEDMOREPARAMS. #
# #
-# announcets - If this value is defined to yes, true or 1, then #
-# a channel's timestamp is updated, the users on #
+# announcets - If this value is defined to yes, true, or 1, then #
+# a channels' timestamp is updated, the users on #
# the channel will be informed of the change via #
# a server notice to the channel with the old and #
# new TS values in the timestamp. If you think this #
# #
<options prefixquit="Quit: "
- loglevel="default"
+ prefixpart="\""
+ suffixpart="\""
netbuffersize="10240"
maxwho="128"
noservices="no"
- qaprefixes="no"
+ qprefix=""
+ aprefix=""
deprotectself="no"
deprotectothers="no"
somaxconn="128"
moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help."
exemptchanops="">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#- TIME SYNC OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#
-# Time synchronisation options for m_spanningtree linking. #
-# #
-# Because IRC is very time and clock dependent, InspIRCd provides its #
-# own methods for synchronisation of time between servers as shown #
-# in the example below, for servers that don't have ntpd running. #
-# #
-# enable - If this value is 'yes', 'true', or '1', time #
-# synchronisation is enabled on this server. This #
-# means any servers you are linked to will #
-# automatically synchronise time, however you should #
-# use ntpd instead where possible, NOT this option. #
-# #
-# master - If this value is set to yes, then this server will #
-# act as the authoritative time source for the whole #
-# network. All other servers will respect its time #
-# without question, and match their times to it. #
-# only one server should have the master value set #
-# to 'yes'. #
-# #
-<timesync enable="no" master="no">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Logging
+# -------
+#
+# Logging is covered with the <log> tag, which you may use to change
+# the behaviour of the logging of the IRCd.
+#
+# In InspIRCd as of 1.2, logging is pluggable and very extensible.
+# Different files can log the same thing, different 'types' of log can
+# go to different places, and modules can even extend the log tag
+# to do what they want.
+#
+# An example log tag would be:
+# <log method="file" type="OPER" level="default" target="opers.log">
+# which would log all information on /oper (failed and successful) to
+# a file called opers.log.
+#
+# There are many different types which may be used, and modules may
+# generate their own. A list of useful types:
+# - USERS - information relating to user connection and disconnection
+# - CHANNELS - information relating to joining and parting of channels.
+# XXX someone doc more on this
+#
+# You may also log *everything* by using a type of *, and subtract things out
+# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
+#
+# Channel Logging
+# ---------------
+#
+# I'm aware this would probably better belong in the modules section, but this
+# is heavily interrelated to logging, and as such will be documented here.
+#
+# m_chanlog is one of the modules which can alter logging to it's own thing.
+# An example of this may be:
+#
+#<module name="m_chanlog.so">
+#<log method="channel" type="OPER USERS CHANNELS" level="default" target="#services">
+#
+# The following log tag is highly default and uncustomised. It is recommended you
+# sort out your own log tags. This is just here so you get some output.
+<log method="file" type="* -USERINPUT -USEROUTPUT -m_spanningtree" level="default" target="ircd.log">
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# usually for cryptographic uses and security.
#
# IMPORTANT:
-# Other modules such as m_opermd5.so may rely on this module being
-# loaded to function.
+# Other modules such as m_password_hash.so may rely on this module being
+# loaded to function. Certain modules such as m_spanningtree.so will
+# function without this module but when it is loaded their features will
+# be enhanced (for example the addition of HMAC authentication).
#
#<module name="m_sha256.so">
#
# Auditorium settings:
#
-#<auditorium showops="no">
+#<auditorium showops="no" operoverride="no">
#
-# Setting this value to yes makes m_auditorium behave like unrealircd
-# +u channel mode, e.g. ops see users joining, parting, etc, and users
-# joining the channel see the ops. Without this flag, the mode acts
-# like ircnet's +a (anonymous channels), showing only the user in the
-# names list, and not even showing the ops in the list, or showing the
-# ops that the user has joined.
+# showops:
+# Setting this value to yes makes m_auditorium behave like unrealircd
+# +u channel mode, e.g. ops see users joining, parting, etc, and users
+# joining the channel see the ops. Without this flag, the mode acts
+# like ircnet's +a (anonymous channels), showing only the user in the
+# names list, and not even showing the ops in the list, or showing the
+# ops that the user has joined.
+# operoverride:
+# Setting this value to yes makes m_auditorium affect the userlist for
+# regular users only. Opers will view all users in the channel normally.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ban except module: Adds support for channel ban exceptions (+e)
#<blockamsg delay="3" action="killopers">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Block CAPS module: Blocking all-CAPS messages with cmode +P
+# Block CAPS module: Blocking all-CAPS messages with cmode +B
#<module name="m_blockcaps.so">
# #
#-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# Botmode module: Adds the user mode +B
#<module name="m_botmode.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CallerID module: Adds usermode +g which activates hybrid-style
+# callerid (== block all private messages unless you /accept first)
+#<module name="m_callerid.so">
+#
+#-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# maxaccepts - Maximum number of entires a user can add to his #
+# /accept list. Default is 16 entries. #
+# operoverride - Can opers (note: ALL opers) ignore callerid mode? #
+# Default is no. #
+# tracknick - Preserve /accept entries when a user changes nick? #
+# If no (the default), the user is removed from #
+# everyone's accept list if he changes nickname. #
+# cooldown - Amount of time (in seconds) that must pass since #
+# the last notification sent to a user before he can #
+# be sent another. Default is 60 (1 minute). #
+#<callerid maxaccepts="16"
+# operoverride="no"
+# tracknick="no"
+# cooldown="60"
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CBAN module: Lets you disallow channels from being used at runtime.
#<module name="m_cban.so">
# channel messages and channel notices.
#<module name="m_deaf.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Delay join module: Adds the channel mode +D which delays all JOIN
+# messages from users until they speak. If they quit or part before
+# speaking, their quit or part message will not be shown to the channel
+# which helps cut down noise on large channels in a more friendly way
+# than the auditorium mode. Only channel ops may set the +D mode.
+#<module name="m_delayjoin.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny Channels: Deny Channels from being used by users
#<module name="m_denychans.so">
# If you have the m_denychans.so module loaded, you need to specify #
# the channels to deny: #
# #
-# name - The channel name to deny. #
+# name - The channel name to deny. (glob masks are ok) #
# #
# allowopers - If operators are allowed to override the deny. #
# #
# reason - Reason given for the deny. #
# #
-#<badchan name="#gods" allowopers="yes" reason="Tortoises!">
+# redirect - Redirect the user to a different channel #
+# #
+#<badchan name="#gods*" allowopers="yes" reason="Tortoises!"> #
+#<badchan name="#heaven" redirect="#hell" reason="Nice try!"> #
+# #
+# Redirects will not work if the target channel is set +L. #
+# #
+# Additionally, you may specify channels which are allowed, even if #
+# a badchan tag specifies it would be denied: #
+#<goodchan name="#godsleeps"> #
+# Glob masks are accepted here also.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Devoice Module: Let users devoice themselves.
# Foobar module: does nothing - historical relic
#<module name="m_foobar.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# GeoIP module: Allows the server admin to ban users by country code.
+#<module name="m_geoip.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-# GEOIP CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# <geoip banunknown="false"> #
+# #
+# Set this value to true or yes to block unknown IP ranges which are #
+# not in the database (usually LAN addresses, localhost, etc) #
+# #
+# <geoban country="TR" reason="This country not permitted"> #
+# #
+# Use one or more of these tags to ban countries by country code. #
+# The country code must be in capitals and should be an ISO country #
+# code such as TR, GB, or US. #
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Globops module: gives /GLOBOPS and usermode +g
#<module name="m_globops.so">
# Knock module: adds the /KNOCK command and +K channel mode
#<module name="m_knock.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# LDAP authentication module: Adds the ability to authenticate users #
+# via LDAP. This is an extra module which must be enabled explicitly #
+# by symlinking it from modules/extra, and requires the OpenLDAP libs #
+# #
+#<module name="m_ldapauth.so"> #
+# #
+# Configuration: #
+# #
+# <ldapauth baserdn="ou=People,dc=brainbox,dc=cc" #
+# attribute="uid" #
+# server="ldap://brainwave.brainbox.cc" #
+# allowpattern="Guest*" #
+# killreason="Access denied" #
+# searchscope="subtree" #
+# binddn="cn=Manager,dc=brainbox,dc=cc" #
+# bindauth="mysecretpass" #
+# verbose="yes"> #
+# #
+# The baserdn indicates the base DN to search in for users. Usually #
+# this is 'ou=People,dc=yourdomain,dc=yourtld'. #
+# #
+# The attribute value indicates the attribute which is used to locate #
+# a user account by name. On POSIX systems this is usually 'uid'. #
+# #
+# The server parameter indicates the LDAP server to connect to. The #
+# ldap:// style scheme before the hostname proper is MANDITORY. #
+# #
+# The allowpattern value allows you to specify a wildcard mask which #
+# will always be allowed to connect regardless of if they have an #
+# account, for example guest users. #
+# #
+# Killreason indicates the QUIT reason to give to users if they fail #
+# to authenticate. #
+# #
+# The searchscope value indicates the subtree to search under. On our #
+# test system this is 'subtree'. Your mileage may vary. #
+# #
+# Setting the verbose value causes an oper notice to be sent out for #
+# every failed authentication to the server, with an error string. #
+# #
+# The binddn and bindauth indicate the DN to bind to for searching, #
+# and the password for the distinguished name. Some LDAP servers will #
+# allow anonymous searching in which case these two values do not #
+# need defining, otherwise they should be set similar to the examples #
+# above. #
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that is #
# used to temporarily close/open for new connections to the server. #
# Msg flood module: Adds message/notice flood protection (+f)
#<module name="m_messageflood.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MsSQL module: Allows other SQL modules to access MS SQL Server
+# through a unified API. You must copy the source for this module
+# from the directory src/modules/extra, plus the file m_sqlv2.h
+#<module name="m_mssql.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_mssql.so is more complex than described here, see wiki for more #
+# info http://www.inspircd.org/wiki/SQLServer_Service_Provider_Module #
+#
+#<database name="db" username="user" password="pass" hostname="localhost" id="db1">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MySQL module: Allows other SQL modules to access MySQL databases
# through a unified API. You must copy the source for this module
# This is supported by mIRC, x-chat, klient, and maybe more.
#<module name="m_namesx.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Nickban: Implements extended ban n:, which stops anyone matching
+# a mask like +b n:nick!user@host from changing their nick on channel.
+#<module name="m_nickban.so">
+#
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Nickchange flood protection module: Allows up to X nick changes in Y seconds.
# Provides channel mode +F.
# Oper channels mode: Adds the +O channel mode
#<module name="m_operchans.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper hash module: Allows hashed oper passwords
-# Relies on the module m_md5.so and/or m_sha256.so being loaded before
-# m_oper_hash.so in the configuration file.
-#<module name="m_oper_hash.so">
-#
-#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
-#
-# To use this module, you must define a hash type for each oper's
-# password you want to hash. For example:
-#
-# <oper name="Brain"
-# host="ident@dialup15.isp.com"
-# hash="sha256"
-# password="a41d730937a53b79f788c0ab13e9e1d5"
-# type="NetAdmin">
-#
-# The types of hashing available vary depending on which hashing modules
-# you load, but usually if you load m_sha256.so and m_md5.so, both md5
-# and sha256 type hashing will be available (the most secure of which
-# is SHA256).
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper Join module: Forces opers to join a channel on oper-up
#<module name="m_operjoin.so">
#
#-#-#-#-#-#-#-#-#-#-# OPERJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
-# If you are using the m_operjoin.so module, specify the channel here #
+# If you are using the m_operjoin.so module, specify options here: #
+# #
+# channel - The channel name to join, can also be a comma #
+# seperated list eg. "#channel1,#channel2". #
+# #
+# override - Lets the oper join walking thru any modes that #
+# might be set, even bans. Use "yes" or "no". #
# #
-#<operjoin channel="#channel">
+#<operjoin channel="#channel" override="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper MOTD module: Provides support for seperate message of the day
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper modes module: Allows you to specify modes to add/remove on oper
# Specify the modes as the 'modes' parameter of the <type> tag
+# and/or as the 'modes' parameter of the <oper> tag.
#<module name="m_opermodes.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper password hash module: Allows hashed oper passwords
+# Relies on the module m_md5.so and/or m_sha256.so being loaded before
+# m_password_hash.so in the configuration file.
+#<module name="m_password_hash.so">
+#
+#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+#
+# To use this module, you must define a hash type for each oper's
+# password you want to hash. For example:
+#
+# <oper name="Brain"
+# host="ident@dialup15.isp.com"
+# hash="sha256"
+# password="a41d730937a53b79f788c0ab13e9e1d5"
+# type="NetAdmin">
+#
+# The types of hashing available vary depending on which hashing modules
+# you load, but usually if you load m_sha256.so and m_md5.so, both md5
+# and sha256 type hashing will be available (the most secure of which
+# is SHA256).
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Permanent Channels module: Channels with the permanent channels mode
+# will remain open even after everyone else has left the channel, and
+# therefore keep things like modes, ban lists and topic. Permanent
+# channels -may- need support from your Services package to function
+# properly with them.
+#<module name="m_permchannels.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# PostgreSQL module: Allows other SQL modules to access PgSQL databases
# through a unified API. You must copy the source for this module
#
#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database" ssl="no">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Quietban: Implements extended ban q:, which stops anyone matching
+# a mask like +b q:nick!user@host from speaking on channel.
+#<module name="m_quietban.so">
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Quitban: Provides per-IP connection throttling. Any IP that disconnects
+# too many times (configurable) in an hour is zlined for a (configurable)
+# duration, and their count resets to 0.
+#
+# NOTE: This module may change name/behaviour later in 1.2. Please make sure
+# you read release announcements!
+#
+#<quitban threshold="10" duration="10m">
+# This allows for 10 quits in an hour with a 10 minute ban if that is exceeded.
+#
+#<module name="m_quitban.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Random Quote module: provides a random quote on connect.
# NOTE: Some of these may mimic fatal errors and confuse users and
# Restrict message module: Allows users to only message opers
#<module name="m_restrictmsg.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Ban users through regular expression patterns
+#<module name="m_rline.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# If you wish to re-check a user when they change nickname (can be
+# useful under some situations, but *can* also use CPU with more users
+# on a server) then set the following configuration value:
+#<rline matchonnickchange="yes">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Provide /LIST throttling (to prevent flooding) and /LIST safety to
# prevent excess flood when the list is large.
#
# Sets the maximum number of entries on a users silence list.
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Extended SILENCE module: Adds support for /SILENCE with additional
-# features to silence based on invites, channel messages, etc.
-#<module name="m_silence_ext.so">
-#
-# The configuration tags for this module are identical to those of
-# m_silence, shown above.
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQLite3 module: Allows other SQL modules to access SQLite3 #
# databases through a unified API. You must link the source for this #
#-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
# dbid - Database ID to use (see m_sql) #
+# hash - Hashing provider to use for password hashing #
# #
# See also: http://www.inspircd.org/wiki/SQL_Oper_Storage_Module #
# #
-#<sqloper dbid="1">
+#<sqloper dbid="1" hash="md5">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be #
#
# Sets the maximum number of entries on a user's watch list.
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules)
+# in a file "xline.db" which can be re-loaded on restart. This is useful
+# for two reasons: it keeps bans so users may not evade them, and on
+# bigger networks, server connections will take less time as there will
+# be a lot less bans to apply - as most of them will already be there.
+#<module name="m_xline_db.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# XMLSocket module: Adds support for connections using the shockwave
# flash XMLSocket. Note that this does not work if the client you are