# #
# Enter the port and address bindings here. #
# #
-# bind address - specifies which the address which ports bind #
-# port - opens an unused port #
+# bind address - specifies which the address which ports bind. #
+# may be a hostname or an IP address. Resolution of #
+# hostnames may block for up to one second per IP #
+# as port binding occurs before the socket engine is #
+# initialized and therefore nonblocking DNS is not #
+# available at this point until startup is complete. #
+# port - The port number to bind to #
# type - can be 'clients' or 'servers'. The clients type is #
# a standard tcp based socket, the servers type is a #
# also a TCP based connection but of a different #
# #
# Syntax is as follows: #
# #
-# <bind address="ip number" port="port" type="clients"> #
-# <bind address="ip number" port="port" type="servers"> #
+# <bind address="ip or host" port="port" type="clients"> #
+# <bind address="ip or host" port="port" type="servers"> #
+# #
+# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, #
+# then you must specify your IPV6 clients in the following form: #
+# ::ffff:1.2.3.4, where 1.2.3.4 is the IPV4 address to bind the #
+# port on. If InspIRCd is built for IPV4 connections (this is the #
+# default) then you do not need to prefix your addresses like this. #
# #
<bind address="" port="6660" type="clients">
# <connect allow="ip mask" timeout="blah" flood="5"> #
# <connect allow="ip mask" threshold="8" pingfreq="120"> #
# <connect allow="ip mask" sendq="99999" revcq="696969"> #
-# <connect allow="ip mask" maxlocal="3" maxglobal="3"> #
+# <connect allow="ip mask" localmax="3" globalmax="3"> #
# <connect deny="ip mask"> #
# #
+# IP masks may be specified in CIDR format for IPV4 and IPV6. #
+# #
# You may optionally include timeout="x" on any allow line, which #
# specifies the amount of time given before an unknown connection #
# is closed if USER/NICK/PASS are not given. This value is in secs #
<connect allow="*" timeout="60" flood="10" threshold="60" pingfreq="120" sendq="262144" recvq="4096" localmax="3" globalmax="3">
<connect deny="69.254.*">
+<connect deny="3ffe::0/32">
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# This works alongside with the classes specified above. #
# #
# type name - a name for the combined class types #
+# a type name cannot contain spaces, however if you #
+# put an _ symbol in the name, it will be translated #
+# to a space when displayed in a WHOIS. #
# #
# classes - specified above, used for flexibility for the #
# server admin to decide on which operators get #
# #
# host - host of client allowed to oper-up. #
# wildcards accepted, seperate multiple hosts with space #
+# You may also specify CIDR ip addresses. #
# #
# type - specified above, defines the kind of operator #
# #
<oper name="katsklaw"
password="s3cret"
- host="ident@dialup15.isp.com *@localhost *@server.com"
+ host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
type="NetAdmin">
# UNLESS the connection fails (e.g. due to a bad #
# password or servername) #
# #
+# allowmask - When this is defined, it indicates a range of IP #
+# addresses to allow for this link (in CIDR form). #
+# e.g. if your server is going to connect to you from #
+# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 #
+# into this value. If it is not defined, then only #
+# the ipaddr field of the server shall be allowed. #
+# #
# to u:line a server (give it extra privilages required for running #
# services, Q, etc) you must include the <uline server> tag as shown #
# in the example below. You can have as many of these as you like. #
# that server to operoverride modes. This should only be used for #
# services and protected oper servers! #
# #
-# IMPORTANT NOTE: When specifying the ip address and/or host, the #
-# server software will prioritize RESOLVED hostnames above ip #
-# addresses, so for example if your target server resolves to a.b.com #
-# you MUST put a.b.com into your link block, and NOT the IP address #
-# of a.b.com. The system uses reverse resolution. #
+# NOTE: If you have built InspIRCd with IPV6 support, and you want #
+# to link to an IPV4 server, you must specify the IP address in the #
+# form '::ffff:1.2.3.4' where 1.2.3.4 is the IP address of the target #
+# server. If you have built InspIRCd for IPV4 (this is the default) #
+# you should not prefix your IP addresses in this fashion. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
port="7000"
+ allowmask="69.58.44.0/24"
autoconnect="300"
sendpass="outgoing!password"
recvpass="incoming!password">
<link name="services.antarctic.com"
ipaddr="localhost"
port="7000"
+ allowmask="127.0.0.0/8"
sendpass="penguins"
recvpass="polarbears">
# resolving even though the DNS server appears to be up! Most ISP and #
# hosting provider DNS servers support recursive lookups. #
# #
+# NOTE: If you have built InspIRCd with IPV6 support, and you want #
+# to use an IPV4 nameserver, you must specify the IP address in the #
+# form '::ffff:1.2.3.4' where 1.2.3.4 is the IP address of the target #
+# server. If you have built InspIRCd for IPV4 (this is the default) #
+# you should not prefix your IP addresses in this fashion. #
+# #
+# IF YOUR RESOLV.CONF CONTAINS ONLY IPV4 ADDRESSES, AND YOU ARE USING #
+# IPV6, YOU MUST DEFINE THE <DNS SERVER> TAG, AND USE THE ::FFFF #
+# PREFIX NOTATION. IF YOU DO NOT, HOSTS WILL *NOT* RESOLVE. #
+# #
<dns server="127.0.0.1" timeout="5">
+# An example of using IPV4 nameservers over IPV6
+#<dns server="::ffff:127.0.0.1" timeout="5">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Define the path to the PID file here. The PID file can be used to #
# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
# so for example disabling NICK will not cripple your network. #
# #
-# <disabled commands="TOPIC MODE"> #
-# #
+
+#<disabled commands="TOPIC MODE">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# loglevel - specifies what detail of messages to log in the #
# log file. You may select from debug, verbose, #
# default, sparse and none. #
+# #
# allowhalfop - allows the +h channel mode #
# #
# noservices - If noservices is true, yes, or 1, then the first #
# oper-only independent of if they are in a module #
# or the core. #
# #
+# operspywhois - If this is set then when an IRC operator uses #
+# /WHOIS on a user they will see all channels, even #
+# ones if channels are secret (+s), private (+p) or #
+# if the target user is invisible +i. #
+# #
# customversion - If you specify this configuration item, and it is #
# not set to an empty value, then when a user does #
# a /VERSION command on the ircd, this string will #
# temporarily copied before loading. If not defined, #
# defaults to /tmp. #
# #
+# nouserdns - If set to 'yes', 'true' or '1', no user dns #
+# lookups will be performed for connecting users. #
+# this can save a lot of resources on very busy irc #
+# servers. #
+# #
+# syntaxhints - If et to 'yes', 'true' or '1', when a user does #
+# not give enough parameters for a command, a syntax #
+# hint will be given (using the RPL_TEXT numeric) #
+# as well as the standard ERR_NEEDMOREPARAMS. #
+# #
<options prefixquit="Quit: "
loglevel="default"
somaxconn="128"
softlimit="128"
operonlystats="oclgkz"
+ operspywhois="no"
customversion=""
maxtargets="20"
- hidesplits="no"
- hidebans="no"
- hidewhois=""
- flatlinks="no"
- hideulines="no"
+ hidesplits="no"
+ hidebans="no"
+ hidewhois=""
+ flatlinks="no"
+ hideulines="no"
+ nouserdns="no"
+ syntaxhints="no"
allowhalfop="yes">
#<alias text="NS" replace="PRIVMSG NickServ" requires="NickServ" uline="yes">
#<alias text="CS" replace="PRIVMSG ChanServ" requires="ChanServ" uline="yes">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Antibear security module: Prevents 'bear.txt' based trojans from
+# connecting to your network by sending them a numeric they can't handle.
+#<module name="m_antibear.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Antibottler module: Labels bottler leech bots
#<module name="m_antibottler.so">
#
#<waitpong sendsnotice="yes" killonbadreply="yes">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Connection throttle module. Configuration:
+#<module name="m_connflood.so">
+#
+#-#-#-#-#-#-#-#-#-#-#- CONTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# seconds, maxconns - Amount of connections per <seconds>.
+# timeout - Time to wait after the throttle was activated
+# before deactivating it. Be aware that the time
+# is seconds + timeout.
+# quitmsg - The message that users get if they attempt to
+# connect while the throttle is active.
+# bootwait - Amount of time to wait before enforcing the
+# throttling when the server just booted.
+#
+#<connflood seconds="30" maxconns="3" timeout="30"
+# quitmsg="Throttled" bootwait="10">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny Channels: Deny Channels from being used by users
#<module name="m_denychans.so">
#<hostchange mask="*r00t@*" action="suffix">
#<hostchange mask="a@b.com" action="set" value="blah.blah.blah">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# httpd module: Provides http server support for InspIRCd
+#<module name="m_httpd.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HTTPD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+#
+# Optional - If you choose to use the m_httpd.so module, then you must
+# specify the port number and other details of your http server:
+#
+#<http ip="192.168.1.10" host="brainwave" port="32006"
+# index="/home/brain/inspircd/http/index.html">
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# http stats module: Provides basic stats pages over HTTP
+# Required m_httpd.so
+#<module name="m_http_stats.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HTTPD STATS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+#
+# No extra configuration yet.
+#
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ident: Provides RFC 1413 ident lookup support
#<module name="m_ident.so">
# Msg flood module: Adds message/notice flood protection (+f)
#<module name="m_messageflood.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MySQL module: Allows other SQL modules to access MySQL databases
+# through a unified API. You must copy the source for this module
+# from the directory src/modules/extra, plus the file m_sqlv2.h
+#<module name="m_mysql.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_mysql.so is more complex than described here, see the wiki for #
+# more: http://www.inspircd.org/wiki/SQL_Service_Provider_Module #
+#
+#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database2">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Nicklock module: Let opers change a user's nick and then stop that
# user from changing their nick again. /NICKLOCK and /NICKUNLOCK
#
#<opermotd file="/path/to/oper.motd">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper WHO module: Provides a more revealing /WHO to opers
-#<module name="m_operwho.so">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Override module: Adds support for oper override
#<module name="m_override.so">
# m_park.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/User_Parking_Module #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# PostgreSQL module: Allows other SQL modules to access PgSQL databases
+# through a unified API. You must copy the source for this module
+# from the directory src/modules/extra, plus the file m_sqlv2.h
+#<module name="m_pgsql.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_pgsql.so is more complex than described here, see the wiki for #
+# more: http://www.inspircd.org/wiki/SQL_Service_Provider_Module #
+#
+#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database" ssl="no">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Random Quote module: provides a random quote on connect
#<module name="m_randquote.so">
# SAQUIT module: Adds the oper /SAQUIT command (abusable!!!)
#<module name="m_saquit.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
+# Secure list module: Prevent /LIST in the first minute of connection,
+# crippling most spambots and trojan spreader bots.
+#<module name="m_securelist.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Set Idle module: Adds a command for opers to change their
# idle time (mainly a toy)
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Services support module: Adds several usermodes such as +R and +M
+# this module implements the 'identified' state via user mode +r, which
+# is similar to the DALnet and dreamforge systems.
#<module name="m_services.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Services support module: Adds several usermodes such as +R and +M
+# this module implements the 'identified' state via account names (AC)
+# and is similar in operation to the way asuka and ircu handle services.
+# it cannot be used at the same time as m_services, above.
+#<module name="m_services_account.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Sethost module: Adds the /SETHOST command
#<module name="m_sethost.so">
# does not do anything useful without a working SSL module (see below)
#<module name="m_sslmodes.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Dummy ssl module: If you have other servers on your network which
+# have SSL, but your server does not have ssl enabled, you should load
+# this module, which will handle SSL metadata (e.g. the "Is using ssl"
+# field in the WHOIS information).
+#<module name="m_ssl_dummy.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# GnuTLS ssl module: Adds support for client-server SSL using GnuTLS,
# if enabled. You must copy the source for this module from the directory
# SILENCE module: Adds support for /SILENCE
#<module name="m_silence.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SQL module: Allows other SQL modules to access SQL databases
-# through a unified API. You must copy the source for this module
-# from the directory src/modules/extra
-#<module name="m_sql.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
-# #
-# m_sql.so is more complex than described here, see the wiki for more:#
-# http://www.inspircd.org/wiki/SQL_Service_Provider_Module #
-#
-#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="1">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL authentication module: Allows IRCd connections to be tied into
# a database table (for example a forum). You must copy the source for
# Timed bans module: Adds timed bans and the /TBAN command
#<module name="m_timedbans.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Test line module: Adds the /TLINE command, used to test how many
+# users a /GLINE or /ZLINE etc would match.
+#<module name="m_tline.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Uninvite module: Adds the /UNINVITE command which lets users remove
# pending invites from channels without waiting for the user to join.
# badip lines ban an ip range (same as a zline) #
# #
# ipmask - The ip range to ban (wildcards possible) #
+# CIDR is supported in the IP mask. #
# reason - Reason to display when disconnected #
# #
# badnick lines ban a nick mask (same as a qline) #
# badhost lines ban a user@host mask (same as a kline) #
# #
# host - ident@hostname (wildcards possible) #
+# If you specify an IP, CIDR is supported. #
# reason - Reason to display on disconnection #
# #
# exception lines define a hostmask that is excempt from [kzg]lines #
# #
# host - ident@hostname (wildcards possible) #
+# If you specify an IP, CIDR is supported. #
# reason - Reason, shown only in /stats e #
# #
<badhost host="*@hundredz.n.hundredz.o.1337.kiddies.com" reason="Too many 1337 kiddiots">
<badhost host="*@localhost" reason="No irc from localhost!">
+<badhost host="*@172.32.0.0/16" reason="This subnet is bad.">
<exception host="*@ircop.host.com" reason="Opers hostname">
projects / user / henk / code / inspircd.git / blobdiff