# #
# Enter the port and address bindings here. #
# #
-# bind address - specifies which the address which ports bind #
-# port - opens an unused port #
+# bind address - specifies which the address which ports bind. #
+# may be a hostname or an IP address. Resolution of #
+# hostnames may block for up to one second per IP #
+# as port binding occurs before the socket engine is #
+# initialized and therefore nonblocking DNS is not #
+# available at this point until startup is complete. #
+# port - The port number to bind to #
# type - can be 'clients' or 'servers'. The clients type is #
# a standard tcp based socket, the servers type is a #
# also a TCP based connection but of a different #
# #
# Syntax is as follows: #
# #
-# <bind address="ip number" port="port" type="clients"> #
-# <bind address="ip number" port="port" type="servers"> #
+# <bind address="ip or host" port="port" type="clients"> #
+# <bind address="ip or host" port="port" type="servers"> #
+# #
+# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, #
+# then you must specify your IPV6 clients in the following form: #
+# ::ffff:1.2.3.4, where 1.2.3.4 is the IPV4 address to bind the #
+# port on. If InspIRCd is built for IPV4 connections (this is the #
+# default) then you do not need to prefix your addresses like this. #
# #
<bind address="" port="6660" type="clients">
# <connect allow="ip mask" timeout="blah" flood="5"> #
# <connect allow="ip mask" threshold="8" pingfreq="120"> #
# <connect allow="ip mask" sendq="99999" revcq="696969"> #
-# <connect allow="ip mask" maxlocal="3" maxglobal="3"> #
+# <connect allow="ip mask" localmax="3" globalmax="3"> #
# <connect deny="ip mask"> #
# #
+# IP masks may be specified in CIDR format for IPV4 and IPV6. #
+# #
# You may optionally include timeout="x" on any allow line, which #
# specifies the amount of time given before an unknown connection #
# is closed if USER/NICK/PASS are not given. This value is in secs #
<connect allow="*" timeout="60" flood="10" threshold="60" pingfreq="120" sendq="262144" recvq="4096" localmax="3" globalmax="3">
<connect deny="69.254.*">
+<connect deny="3ffe::0/32">
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# This works alongside with the classes specified above. #
# #
# type name - a name for the combined class types #
+# a type name cannot contain spaces, however if you #
+# put an _ symbol in the name, it will be translated #
+# to a space when displayed in a WHOIS. #
# #
# classes - specified above, used for flexibility for the #
# server admin to decide on which operators get #
# #
# host - host of client allowed to oper-up. #
# wildcards accepted, seperate multiple hosts with space #
+# You may also specify CIDR ip addresses. #
# #
# type - specified above, defines the kind of operator #
# #
<oper name="katsklaw"
password="s3cret"
- host="ident@dialup15.isp.com *@localhost *@server.com"
+ host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
type="NetAdmin">
# UNLESS the connection fails (e.g. due to a bad #
# password or servername) #
# #
+# allowmask - When this is defined, it indicates a range of IP #
+# addresses to allow for this link (in CIDR form). #
+# e.g. if your server is going to connect to you from #
+# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 #
+# into this value. If it is not defined, then only #
+# the ipaddr field of the server shall be allowed. #
+# #
# to u:line a server (give it extra privilages required for running #
# services, Q, etc) you must include the <uline server> tag as shown #
# in the example below. You can have as many of these as you like. #
# that server to operoverride modes. This should only be used for #
# services and protected oper servers! #
# #
-# IMPORTANT NOTE: When specifying the ip address and/or host, the #
-# server software will prioritize RESOLVED hostnames above ip #
-# addresses, so for example if your target server resolves to a.b.com #
-# you MUST put a.b.com into your link block, and NOT the IP address #
-# of a.b.com. The system uses reverse resolution. #
+# NOTE: If you have built InspIRCd with IPV6 support, and you want #
+# to link to an IPV4 server, you must specify the IP address in the #
+# form '::ffff:1.2.3.4' where 1.2.3.4 is the IP address of the target #
+# server. If you have built InspIRCd for IPV4 (this is the default) #
+# you should not prefix your IP addresses in this fashion. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
port="7000"
+ allowmask="69.58.44.0/24"
autoconnect="300"
sendpass="outgoing!password"
recvpass="incoming!password">
<link name="services.antarctic.com"
ipaddr="localhost"
port="7000"
+ allowmask="127.0.0.0/8"
sendpass="penguins"
recvpass="polarbears">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
-# Define your DNS server address here. InspIRCd has its own resolver #
-# and you must define this otherwise nobody's host will resolve. The #
-# timeout value is in seconds. #
+# Define your DNS server address here. InspIRCd has its own resolver. #
+# If you do not define this value, the first dns server from your #
+# /etc/resolv.conf file is read. If no entries are found in this file #
+# or the file cannot be opened, the default value '127.0.0.1' is used #
+# instead. The timeout value is in seconds. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# resolving even though the DNS server appears to be up! Most ISP and #
# hosting provider DNS servers support recursive lookups. #
# #
+# NOTE: If you have built InspIRCd with IPV6 support, and you want #
+# to use an IPV4 nameserver, you must specify the IP address in the #
+# form '::ffff:1.2.3.4' where 1.2.3.4 is the IP address of the target #
+# server. If you have built InspIRCd for IPV4 (this is the default) #
+# you should not prefix your IP addresses in this fashion. #
+# #
+# IF YOUR RESOLV.CONF CONTAINS ONLY IPV4 ADDRESSES, AND YOU ARE USING #
+# IPV6, YOU MUST DEFINE THE <DNS SERVER> TAG, AND USE THE ::FFFF #
+# PREFIX NOTATION. IF YOU DO NOT, HOSTS WILL *NOT* RESOLVE. #
+# #
<dns server="127.0.0.1" timeout="5">
+# An example of using IPV4 nameservers over IPV6
+#<dns server="::ffff:127.0.0.1" timeout="5">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Define the path to the PID file here. The PID file can be used to #
# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
# so for example disabling NICK will not cripple your network. #
# #
-# <disabled commands="TOPIC MODE"> #
-# #
+
+#<disabled commands="TOPIC MODE">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# loglevel - specifies what detail of messages to log in the #
# log file. You may select from debug, verbose, #
# default, sparse and none. #
+# #
# allowhalfop - allows the +h channel mode #
# #
# noservices - If noservices is true, yes, or 1, then the first #
# oper-only independent of if they are in a module #
# or the core. #
# #
+# operspywhois - If this is set then when an IRC operator uses #
+# /WHOIS on a user they will see all channels, even #
+# ones if channels are secret (+s), private (+p) or #
+# if the target user is invisible +i. #
+# #
# customversion - If you specify this configuration item, and it is #
# not set to an empty value, then when a user does #
# a /VERSION command on the ircd, this string will #
# instead of the server names in the quit message, #
# identical to the way IRCu displays them. #
# #
+# hidebans - When set to 'yes', will hide gline, kline, zline #
+# and qline quit messages from non-opers. For #
+# example, user A who is not an oper will just see #
+# (G-Lined) while user B who is an oper will see the #
+# text (G-Lined: Reason here) instead. #
+# #
# hidewhois - When defined with a non-empty value, the given #
# text will be used in place of the user's server #
# in WHOIS, when a user is WHOISed by a non-oper. #
# temporarily copied before loading. If not defined, #
# defaults to /tmp. #
# #
+# nouserdns - If set to 'yes', 'true' or '1', no user dns #
+# lookups will be performed for connecting users. #
+# this can save a lot of resources on very busy irc #
+# servers. #
+# #
+# syntaxhints - If et to 'yes', 'true' or '1', when a user does #
+# not give enough parameters for a command, a syntax #
+# hint will be given (using the RPL_TEXT numeric) #
+# as well as the standard ERR_NEEDMOREPARAMS. #
+# #
<options prefixquit="Quit: "
loglevel="default"
somaxconn="128"
softlimit="128"
operonlystats="oclgkz"
+ operspywhois="no"
customversion=""
maxtargets="20"
- hidesplits="no"
- hidewhois=""
- flatlinks="no"
- hideulines="no"
+ hidesplits="no"
+ hidebans="no"
+ hidewhois=""
+ flatlinks="no"
+ hideulines="no"
+ nouserdns="no"
+ syntaxhints="no"
allowhalfop="yes">
# #
# text - The text to detect at the start of the line, #
# must be at the start of the line to trigger the #
-# alias. May contain spaces, but case insensitive. #
+# alias. Cant contain spaces, but case insensitive #
# replace - The text to replace 'text' with. Usually this #
# will be "PRIVMSG ServiceName" or similar. #
# requires - If you provide a value for 'requires' this means #
#<alias text="NS" replace="PRIVMSG NickServ" requires="NickServ" uline="yes">
#<alias text="CS" replace="PRIVMSG ChanServ" requires="ChanServ" uline="yes">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Antibear security module: Prevents 'bear.txt' based trojans from
+# connecting to your network by sending them a numeric they can't handle.
+#<module name="m_antibear.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Antibottler module: Labels bottler leech bots
#<module name="m_antibottler.so">
#
#<blockamsg delay="3" action="killopers">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Block CAPS module: Blocking all-CAPS messages with cmode +P
+#<module name="m_blockcaps.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block colour module: Blocking colour-coded messages with cmode +c
#<module name="m_blockcolor.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Cloaking module: Adds usermode +x and cloaking support
#<module name="m_cloaking.so">
+#
+#-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Optional - If ypu specify the m_cloaking.so module as above, you #
+# must define cloak keys, and optionally a cloak prefix as shown #
+# below. When using cloaking, the cloak keys are MANDITORY and must #
+# be included. However, if prefix is not included, it will default #
+# to your networks name from the <server> tag. #
+# #
+# <cloak key1="-543241423" #
+# key2="5378410432" #
+# key3="1143242382" #
+# key4="9504324581" #
+# prefix="mynet"> #
+# #
+# Please note that the key values will accept any number, positive #
+# or negative, and should be large numbers. Using small numbers such #
+# as "7" or "1924" will seriously weaken the security of your cloak. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Conn-Lusers: Shows the LUSERS output on connect
#
#<waitpong sendsnotice="yes" killonbadreply="yes">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Connection throttle module. Configuration:
+#<module name="m_connflood.so">
+#
+#-#-#-#-#-#-#-#-#-#-#- CONTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# seconds, maxconns - Amount of connections per <seconds>.
+# timeout - Time to wait after the throttle was activated
+# before deactivating it. Be aware that the time
+# is seconds + timeout.
+# quitmsg - The message that users get if they attempt to
+# connect while the throttle is active.
+# bootwait - Amount of time to wait before enforcing the
+# throttling when the server just booted.
+#
+#<connflood seconds="30" maxconns="3" timeout="30"
+# quitmsg="Throttled" bootwait="10">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny Channels: Deny Channels from being used by users
#<module name="m_denychans.so">
#<hostchange mask="*r00t@*" action="suffix">
#<hostchange mask="a@b.com" action="set" value="blah.blah.blah">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# httpd module: Provides http server support for InspIRCd
+#<module name="m_httpd.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HTTPD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+#
+# Optional - If you choose to use the m_httpd.so module, then you must
+# specify the port number and other details of your http server:
+#
+#<http ip="192.168.1.10" host="brainwave" port="32006"
+# index="/home/brain/inspircd/http/index.html">
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# http stats module: Provides basic stats pages over HTTP
+# Required m_httpd.so
+#<module name="m_http_stats.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HTTPD STATS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+#
+# No extra configuration yet.
+#
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ident: Provides RFC 1413 ident lookup support
#<module name="m_ident.so">
# Msg flood module: Adds message/notice flood protection (+f)
#<module name="m_messageflood.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MySQL module: Allows other SQL modules to access MySQL databases
+# through a unified API. You must copy the source for this module
+# from the directory src/modules/extra, plus the file m_sqlv2.h
+#<module name="m_mysql.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_mysql.so is more complex than described here, see the wiki for #
+# more: http://www.inspircd.org/wiki/SQL_Service_Provider_Module #
+#
+#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database2">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Nicklock module: Let opers change a user's nick and then stop that
# user from changing their nick again. /NICKLOCK and /NICKUNLOCK
# m_park.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/User_Parking_Module #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# PostgreSQL module: Allows other SQL modules to access PgSQL databases
+# through a unified API. You must copy the source for this module
+# from the directory src/modules/extra, plus the file m_sqlv2.h
+#<module name="m_pgsql.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_pgsql.so is more complex than described here, see the wiki for #
+# more: http://www.inspircd.org/wiki/SQL_Service_Provider_Module #
+#
+#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database" ssl="no">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Random Quote module: provides a random quote on connect
#<module name="m_randquote.so">
# Restrict message module: Allows users to only message opers
#<module name="m_restrictmsg.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Provide /LIST throttling (to prevent flooding) and /LIST safety to
+# prevent excess flood when the list is large.
+#<module name="m_safelist.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAJOIN module: Adds the /SAJOIN command
#<module name="m_sajoin.so">
# SAQUIT module: Adds the oper /SAQUIT command (abusable!!!)
#<module name="m_saquit.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
+# Secure list module: Prevent /LIST in the first minute of connection,
+# crippling most spambots and trojan spreader bots.
+#<module name="m_securelist.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Set Idle module: Adds a command for opers to change their
# idle time (mainly a toy)
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Services support module: Adds several usermodes such as +R and +M
+# this module implements the 'identified' state via user mode +r, which
+# is similar to the DALnet and dreamforge systems.
#<module name="m_services.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Services support module: Adds several usermodes such as +R and +M
+# this module implements the 'identified' state via account names (AC)
+# and is similar in operation to the way asuka and ircu handle services.
+# it cannot be used at the same time as m_services, above.
+#<module name="m_services_account.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Sethost module: Adds the /SETHOST command
#<module name="m_sethost.so">
# does not do anything useful without a working SSL module (see below)
#<module name="m_sslmodes.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Dummy ssl module: If you have other servers on your network which
+# have SSL, but your server does not have ssl enabled, you should load
+# this module, which will handle SSL metadata (e.g. the "Is using ssl"
+# field in the WHOIS information).
+#<module name="m_ssl_dummy.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# GnuTLS ssl module: Adds support for client-server SSL using GnuTLS,
# if enabled. You must copy the source for this module from the directory
# SILENCE module: Adds support for /SILENCE
#<module name="m_silence.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SQL module: Allows other SQL modules to access SQL databases
-# through a unified API. You must copy the source for this module
-# from the directory src/modules/extra
-#<module name="m_sql.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
-# #
-# m_sql.so is more complex than described here, see the wiki for more:#
-# http://www.inspircd.org/wiki/SQL_Service_Provider_Module #
-#
-#<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="1">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL authentication module: Allows IRCd connections to be tied into
# a database table (for example a forum). You must copy the source for
# Timed bans module: Adds timed bans and the /TBAN command
#<module name="m_timedbans.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Test line module: Adds the /TLINE command, used to test how many
+# users a /GLINE or /ZLINE etc would match.
+#<module name="m_tline.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Uninvite module: Adds the /UNINVITE command which lets users remove
# pending invites from channels without waiting for the user to join.
# badip lines ban an ip range (same as a zline) #
# #
# ipmask - The ip range to ban (wildcards possible) #
+# CIDR is supported in the IP mask. #
# reason - Reason to display when disconnected #
# #
# badnick lines ban a nick mask (same as a qline) #
# badhost lines ban a user@host mask (same as a kline) #
# #
# host - ident@hostname (wildcards possible) #
+# If you specify an IP, CIDR is supported. #
# reason - Reason to display on disconnection #
# #
# exception lines define a hostmask that is excempt from [kzg]lines #
# #
# host - ident@hostname (wildcards possible) #
+# If you specify an IP, CIDR is supported. #
# reason - Reason, shown only in /stats e #
# #
<badhost host="*@hundredz.n.hundredz.o.1337.kiddies.com" reason="Too many 1337 kiddiots">
<badhost host="*@localhost" reason="No irc from localhost!">
+<badhost host="*@172.32.0.0/16" reason="This subnet is bad.">
<exception host="*@ircop.host.com" reason="Opers hostname">