X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=docs%2Finspircd.conf.example;h=b4c49332d1096e3f48fff1bc8831c20a19ab187d;hb=d5207987511ac58cb8e7496128b8811c93c5180e;hp=7cfecc4e31d8763ce8096605f1e5d5f11353c223;hpb=7162e5b2ea2c2b477655fbd7cbd538d6adeba591;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example index 7cfecc4e3..b4c49332d 100644 --- a/docs/inspircd.conf.example +++ b/docs/inspircd.conf.example @@ -803,93 +803,11 @@ # especially in the case of bots, and it is # # recommended that this option is enabled. # # # -# netbuffersize - Size of the buffer used to receive data from # -# clients. The ircd may only read() this amount # -# of text in one go at any time. (OPTIONAL) # -# # -# maxwho - The maximum number of results returned by a /WHO # -# query. This is to prevent /WHO being used as a # -# spam vector or means of flooding an ircd. The # -# default is 128, it is not recommended to raise it # -# above 1024. Values up to 65535 are permitted. If # -# this value is omitted, any size WHO is allowed by # -# anyone. # -# # -# somaxconn - The maximum number of sockets that may be waiting # -# in the accept queue. This usually allows the ircd # -# to soak up more connections in a shorter space of # -# time when increased but please be aware there is a # -# system defined maximum value to this, the same way # -# there is a system defined maximum number of file # -# descriptors. Some systems may only allow this to # -# be up to 5 (ugh) while others such as FreeBSD will # -# default to a much nicer 128. # -# # # moduledir - This optional value indicates a runtime change of # # the location where modules are to be found. This # # does not add a supplementary directory. There can # # only be one module path. # # # -# softlimit - This optional feature allows a defined softlimit. # -# if defined sets a soft maxconnections value, has # -# to be less than the ./configure maxclients # -# # -# userstats - The userstats field is optional and specifies # -# which stats characters in /STATS may be requested # -# by non-operators. Stats characters in this field # -# are case sensitive and are allowed to users # -# independent of if they are in a module or the core # -# # -# operspywhois - If this is set then when an IRC operator uses # -# /WHOIS on a user they will see all channels, even # -# ones if channels are secret (+s), private (+p) or # -# if the target user is invisible +i. # -# # -# customversion - If you specify this configuration item, and it is # -# not set to an empty value, then when a user does # -# a /VERSION command on the ircd, this string will # -# be displayed as the second portion of the output, # -# replacing the system 'uname', compile flags and # -# socket engine/dns engine names. You may use this # -# to enhance security, or simply for vanity. # -# # -# maxtargets - The maxtargets field is optional, and if not # -# defined, defaults to 20. It indicates the maximum # -# number of targets which may be given to commands # -# such as PRIVMSG, KICK etc. # -# # -# hidesplits - When set to 'yes', will hide split server names # -# from non-opers. Non-opers will see '*.net *.split' # -# instead of the server names in the quit message, # -# identical to the way IRCu displays them. # -# # -# hidebans - When set to 'yes', will hide gline, kline, zline # -# and qline quit messages from non-opers. For # -# example, user A who is not an oper will just see # -# (G-Lined) while user B who is an oper will see the # -# text (G-Lined: Reason here) instead. # -# # -# hidewhois - When defined with a non-empty value, the given # -# text will be used in place of the user's server # -# in WHOIS, when a user is WHOISed by a non-oper. # -# For example, most nets will want to set this to # -# something like '*.netname.net' to conceal the # -# actual server the user is on. # -# # -# flatlinks - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, /MAP and /LINKS # -# will be flattened when shown to a non-opers. # -# # -# hideulines - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, then U-lined # -# servers will be hidden in /LINKS and /MAP for non # -# opers. Please be aware that this will also hide # -# any leaf servers of a U-lined server, e.g. jupes. # -# # -# nouserdns - If set to yes, true or 1, no user DNS lookups # -# will be performed for connecting users. This can # -# save a lot of resources on very busy IRC servers. # -# # # syntaxhints - If set to yes, true or 1, when a user does not # # give enough parameters for a command, a syntax # # hint will be given (using the RPL_TEXT numeric) # @@ -911,49 +829,6 @@ # nick!user@host is shown for who set a TOPIC last. # # if set to no, then only the nickname is shown. # # # -# announceinvites # -# - If this option is set, then invites are announced # -# to the channel when a user invites another user. # -# If you consider this to be unnecessary noise, # -# set this to 'none'. To announce to all ops, set # -# this to 'ops' and to announce to all users set the # -# value to 'all'. # -# # -# The value 'dynamic' varies between 'ops' and 'all' # -# settings depending on if the channel is +i or not. # -# When the channel is +i, messages go only to ops, # -# and when the channel is not +i, messages go to # -# everyone. In short, the messages will go to every # -# user who has power of INVITE on the channel. This # -# is the recommended setting. # -# # -# disablehmac - If you are linking your InspIRCd to older versions # -# then you can specify this option and set it to # -# yes. 1.1.6 and above support HMAC and challenge- # -# response for password authentication. These can # -# greatly enhance security of your server to server # -# connections when you are not using SSL (as is the # -# case with a lot of larger networks). Linking to # -# older versions of InspIRCd should not *usually* be # -# a problem, but if you have problems with HMAC # -# authentication, this option can be used to turn it # -# off. # -# # -# hidemodes - If this option is enabled, then the listmodes # -# given (e.g. +eI), will be hidden from users below # -# halfop. This is not recommended to be set on mode # -# +b, as it may break some features in popular # -# clients such as mIRC. # -# # -# quietbursts - When synching or splitting from the network, a # -# server can generate a lot of connect and quit # -# snotices to the +C and +Q snomasks. Setting this # -# value to yes squelches those messages, which can # -# make them more useful for opers, however it will # -# degrade their use by certain third party programs # -# such as BOPM which rely on them to scan users when # -# a split heals in certain configurations. # -# # # serverpingfreq- This value, when set, allows you to change the # # frequency of server to server PING messages. This # # can help if you are having certain network issues. # @@ -985,41 +860,176 @@ suffixquit="" prefixpart="\"" suffixpart="\"" - netbuffersize="10240" - maxwho="128" noservices="no" qprefix="~" aprefix="&" deprotectself="no" deprotectothers="no" - somaxconn="128" - softlimit="12800" - userstats="Pu" - operspywhois="no" - customversion="" - maxtargets="20" - hidesplits="no" - hidebans="no" - hidewhois="" - flatlinks="no" - hideulines="no" - nouserdns="no" syntaxhints="no" cyclehosts="yes" ircumsgprefix="no" announcets="yes" - disablehmac="no" hostintopic="yes" - hidemodes="eI" - quietbursts="yes" pingwarning="15" serverpingfreq="60" allowhalfop="yes" defaultmodes="nt" - announceinvites="dynamic" moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." exemptchanops=""> + +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# +# # +# maxwho - The maximum number of results returned by a /WHO # +# query. This is to prevent /WHO being used as a # +# spam vector or means of flooding an ircd. The # +# default is 128, it is not recommended to raise it # +# above 1024. Values up to 65535 are permitted. If # +# this value is omitted, any size WHO is allowed by # +# anyone. # +# # +# somaxconn - The maximum number of sockets that may be waiting # +# in the accept queue. This usually allows the ircd # +# to soak up more connections in a shorter space of # +# time when increased but please be aware there is a # +# system defined maximum value to this, the same way # +# there is a system defined maximum number of file # +# descriptors. Some systems may only allow this to # +# be up to 5 (ugh) while others such as FreeBSD will # +# default to a much nicer 128. # +# # +# softlimit - This optional feature allows a defined softlimit. # +# if defined sets a soft maxconnections value, has # +# to be less than the ./configure maxclients # +# # +# nouserdns - If set to yes, true or 1, no user DNS lookups # +# will be performed for connecting users. This can # +# save a lot of resources on very busy IRC servers. # +# # +# quietbursts - When synching or splitting from the network, a # +# server can generate a lot of connect and quit # +# snotices to the +C and +Q snomasks. Setting this # +# value to yes squelches those messages, which can # +# make them more useful for opers, however it will # +# degrade their use by certain third party programs # +# such as BOPM which rely on them to scan users when # +# a split heals in certain configurations. # +# # +# netbuffersize - Size of the buffer used to receive data from # +# clients. The ircd may only read() this amount # +# of text in one go at any time. (OPTIONAL) # +# # + + + +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# announceinvites # +# - If this option is set, then invites are announced # +# to the channel when a user invites another user. # +# If you consider this to be unnecessary noise, # +# set this to 'none'. To announce to all ops, set # +# this to 'ops' and to announce to all users set the # +# value to 'all'. # +# # +# The value 'dynamic' varies between 'ops' and 'all' # +# settings depending on if the channel is +i or not. # +# When the channel is +i, messages go only to ops, # +# and when the channel is not +i, messages go to # +# everyone. In short, the messages will go to every # +# user who has power of INVITE on the channel. This # +# is the recommended setting. # +# # +# disablehmac - If you are linking your InspIRCd to older versions # +# then you can specify this option and set it to # +# yes. 1.1.6 and above support HMAC and challenge- # +# response for password authentication. These can # +# greatly enhance security of your server to server # +# connections when you are not using SSL (as is the # +# case with a lot of larger networks). Linking to # +# older versions of InspIRCd should not *usually* be # +# a problem, but if you have problems with HMAC # +# authentication, this option can be used to turn it # +# off. # +# # +# hidemodes - If this option is enabled, then the listmodes # +# given (e.g. +eI), will be hidden from users below # +# halfop. This is not recommended to be set on mode # +# +b, as it may break some features in popular # +# clients such as mIRC. # +# # +# hidesplits - When set to 'yes', will hide split server names # +# from non-opers. Non-opers will see '*.net *.split' # +# instead of the server names in the quit message, # +# identical to the way IRCu displays them. # +# # +# hidebans - When set to 'yes', will hide gline, kline, zline # +# and qline quit messages from non-opers. For # +# example, user A who is not an oper will just see # +# (G-Lined) while user B who is an oper will see the # +# text (G-Lined: Reason here) instead. # +# # +# hidewhois - When defined with a non-empty value, the given # +# text will be used in place of the user's server # +# in WHOIS, when a user is WHOISed by a non-oper. # +# For example, most nets will want to set this to # +# something like '*.netname.net' to conceal the # +# actual server the user is on. # +# # +# flatlinks - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, /MAP and /LINKS # +# will be flattened when shown to a non-opers. # +# # +# hideulines - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, then U-lined # +# servers will be hidden in /LINKS and /MAP for non # +# opers. Please be aware that this will also hide # +# any leaf servers of a U-lined server, e.g. jupes. # +# # +# userstats - The userstats field is optional and specifies # +# which stats characters in /STATS may be requested # +# by non-operators. Stats characters in this field # +# are case sensitive and are allowed to users # +# independent of if they are in a module or the core # +# # +# operspywhois - If this is set then when an IRC operator uses # +# /WHOIS on a user they will see all channels, even # +# ones if channels are secret (+s), private (+p) or # +# if the target user is invisible +i. # +# # +# customversion - If you specify this configuration item, and it is # +# not set to an empty value, then when a user does # +# a /VERSION command on the ircd, this string will # +# be displayed as the second portion of the output, # +# replacing the system 'uname', compile flags and # +# socket engine/dns engine names. You may use this # +# to enhance security, or simply for vanity. # +# # +# maxtargets - The maxtargets field is optional, and if not # +# defined, defaults to 20. It indicates the maximum # +# number of targets which may be given to commands # +# such as PRIVMSG, KICK etc. # +# # + + + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Logging # ------- @@ -1539,6 +1549,19 @@ # Channel cycle module. Server side /hop, with +ilk etc bypass. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Connectban: Provides per-IP connection throttling. Any IP that disconnects +# too many times (configurable) in an hour is zlined for a (configurable) +# duration, and their count resets to 0. +# +# NOTE: This module may change name/behaviour later in 1.2. Please make sure +# you read release announcements! +# +# +# This allows for 10 quits in an hour with a 10 minute ban if that is exceeded. +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Connection throttle module. Configuration: # @@ -1749,6 +1772,26 @@ # HTTP server. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# http ACL module: Provides access control lists for m_httpd dependent +# modules. Use this module to restrict pages by IP address and by +# password. +# +# +# +#-#-#-#-#-#-#-#-#-#-#-#- HTTPD ACL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# +# Restrict access to the m_httpd_stats module to all but the local +# network and when the correct password is specified: +# +# +# +# Deny all connections to all but the main index page: +# +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # http stats module: Provides basic stats pages over HTTP # Requires m_httpd.so to be loaded for it to function. @@ -2034,19 +2077,6 @@ # # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Quitban: Provides per-IP connection throttling. Any IP that disconnects -# too many times (configurable) in an hour is zlined for a (configurable) -# duration, and their count resets to 0. -# -# NOTE: This module may change name/behaviour later in 1.2. Please make sure -# you read release announcements! -# -# -# This allows for 10 quits in an hour with a 10 minute ban if that is exceeded. -# -# - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Random Quote module: provides a random quote on connect. # NOTE: Some of these may mimic fatal errors and confuse users and