X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=conf%2Finspircd.conf.example;h=4ded58e6ebaed3b45c52f11d808ee30e6ddbcc77;hb=19916fcab237519d6b3d74f89ac7ee5e16bf7d10;hp=ac48be1ee6db277afc30d5805f9a599c5c9077f5;hpb=e587b9efef09ca2cbb8873dd8cb2941ad74bda42;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example index ac48be1ee..4ded58e6e 100644 --- a/conf/inspircd.conf.example +++ b/conf/inspircd.conf.example @@ -1,32 +1,80 @@ ######################################################################## -# # -# --------------------------- # -# InspIRCd Configuration File # -# --------------------------- # -# # +# # +# ___ ___ ____ ____ _ # +# |_ _|_ __ ___ _ __|_ _| _ \ / ___|__| | # +# | || '_ \/ __| '_ \| || |_) | | / _` | # +# | || | | \__ \ |_) | || _ <| |__| (_| | # +# |___|_| |_|___/ .__/___|_| \_\\____\__,_| # +# |_| # +# ____ __ _ _ _ # +# / ___|___ _ __ / _(_) __ _ _ _ _ __ __ _| |_(_) ___ _ __ # +# | | / _ \| '_ \| |_| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ # +# | |__| (_) | | | | _| | (_| | |_| | | | (_| | |_| | (_) | | | | # +# \____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| # +# |___/ # +# # ##################################||#################################### - #||# + #||# ##################################||#################################### -# # +# # # This is an example of the config file for InspIRCd. # # Change the options to suit your network # -# # -# Last updated on : 06/06/2005 # -# Written by : CC (cc@backchat.co.za) # -# Updated by : katsklaw (katsklaw@gmail.com) # +# # +# $Id$ # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# Lines prefixed with READ THIS BIT, as shown above, are IMPORTANT # +# lines, and you REALLY SHOULD READ THEM. Yes, THIS MEANS YOU. Even # +# if you've configured InspIRCd before, these probably indicate # +# something new or different to this version and you SHOULD READ IT. # +# # +######################################################################## +# # +# Unalphabeticalise the modules list at your own risk # +# # ######################################################################## - #-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#- -# # +# # # Here is where you enter the information about your server. # -# # -# Syntax is as follows: # -# # -# # +# # +# Syntax is as follows: # +# # +# # +# # +# The server name should be a syntactically valid hostname, with at # +# least one '.', and does not need to resolve to an IP address. # +# # +# The description is freeform text. Remember you may put quotes in # +# this field by escaping it using \". # +# # +# The network field indicates the network name given in on connect # +# to clients. It is used by many clients such as mIRC to select a # +# perform list, so it should be identical on all servers on a net # +# and should not contain spaces. # +# # +# The server ID is optional, and if omitted automatically calculated # +# from the server name and description. This is similar in # +# in behaviour to the server id on ircu and charybdis ircds. # +# You should only need to set this manually if there is a collision # +# between two server ID's on the network. The server ID must be # +# three digits or letters long, of which the first digit must always # +# be a number, and the other two letters may be any of 0-9 and A-Z. # +# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # +# QFX and 5eR are not. Remember, in most cases you will not need to # +# even set this value, it is calculated for you from your server # +# name and description. Changing these will change your auto- # +# generated ID. # +# # # -# # +# # +# Describes the Server Administrator's real name (optionally), # +# nick, and email address. # +# # +# Syntax is as follows: # +# # +# # - + #-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- -# # -# Enter the port and address bindings here. # -# # -# bind address - specifies which the address which ports bind # -# port - opens an unused port # -# type - can be 'clients' or 'servers'. The clients type is # -# a standard tcp based socket, the servers type is a # +# # +# Enter the port and address bindings here. # +# # +# bind address - Specifies which address ports bind to. Leaving this # +# field blank binds the port to all IP's available. # +# # +# port - The port number to bind to. You may specify a port # +# range here, e.g. "6667-6669,7000,7001". If you do # +# this, the server will count each port within your # +# range as a separate binding, making the above # +# example equivalent to five separate bind tags. # +# A failure on one port in the range does not prevent # +# the entire range from being bound, just that one # +# port number. # +# # +# type - Can be 'clients' or 'servers'. The clients type is # +# a standard TCP based socket, the servers type is a # # also a TCP based connection but of a different # -# format. # -# default - if the port type is 'servers' then this can be # -# specified. If set to 'yes', it indicates that this # -# port is the default route for all /connect commands.# -# if you do not bind your default route to an # -# external ip, or all ip's, you may have connection # -# problems. # -# # +# format. SSL support is provided by modules, to # +# enable SSL support, please read the module section # +# of this configuration file. # +# # +# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so # +# modules, you must define this value to use ssl on # +# that port. Valid values are 'gnutls' or 'openssl' # +# respectively. If the module is not loaded, this # +# setting is ignored. # +# # +# transport - If you have m_spanningtree.so loaded, along with # +# either one of the SSL modules (m_ssl_gnutls or # +# m_ssl_openssl) or m_ziplinks.so, then you may make # +# use of this value. # +# Setting it to 'openssl' or 'gnutls' or 'zip' # +# indicates that the port should accept connections # +# using the given transport name. Transports are # +# layers which sit on top of a socket and change the # +# way data is sent and received, e.g. encryption, # +# compression, and other such things. Because this # +# may not be limited in use to just encryption, # +# the 'ssl' value used for client ports does not # +# exist for servers, and this value is used instead. # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# If you want to link servers to InspIRCd you must load the # +# m_spanningtree.so module! Please see the modules list below for # +# information on how to load this module! If you do not load this # +# module, server ports will NOT be bound! # +# # # Leaving address empty binds to all available interfaces # -# # +# # # Syntax is as follows: # # # -# # -# # -# # -# # +# # +# # +# # +# If InspIRCd is built for IPv6, and you wish to accept IPv4 clients, # +# then you can specify IPv4 ip addresses here to bind. You may also # +# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPv4 # +# address to bind the port, but as of InspIRCd 1.1.1, this is not # +# required. # +# # +# ------------------------------------------------------------------- # +# # +# PLEASE NOTE: If you have build InspIRCd as an IPv6 server, and you # +# specify an empty bind address, the binding will be bound to ALL THE # +# IPv6 IP ADDRESSES, and not the IPv4 addresses. If you are using an # +# IPv6 enabled InspIRCd and want to bind to multiple IPv4 addresses # +# in this way, you must specify them by hand. If you have built the # +# server for IPv4 connections only, then specifying an empty bind # +# address binds the port to all IPv4 IP addresses, as expected. # +# # + + + - - - +# When linking servers, the openssl and gnutls transports are largely +# link-compatible and can be used alongside each other or either/or +# on each end of the link without any significant issues. + + + #-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- # # # You can configure the passwords here which you wish to use for # -# the die and restart commands. Only trusted ircops who will # +# the die and restart commands. Only trusted IRCop's who will # # need this ability should know the die and restart password. # # # # Syntax is as follows: # # # +# pause="secs before dying"> # # # - + #-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -105,134 +210,287 @@ # config file inspircd.conf, unless the filename starts with a forward# # slash (/) in which case it is treated as an absolute path. # # # +# You may also include an executable file, in which case if you do so # +# the output of the executable on the standard output will be added # +# to your config at the point of the include tag. # +# # # Syntax is as follows: # -# # +# # +# # # # -#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # +#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # # This is where you can configure which connections are allowed # -# and denied access onto your server. # -# The password is optional. # -# You may have as many of these as you require. # -# To allow/deny all connections use a * # -# # -# Syntax is as follows: # -# # -# # -# # -# # -# # -# # -# # +# and denied access onto your server. The password is optional. # +# You may have as many of these as you require. To allow/deny all # +# connections, use a '*' or 0.0.0.0/0. # +# # +# Syntax is as follows: # +# # +# # +# # +# # +# # +# # +# # +# IP masks may be specified in CIDR format or wildcard format, # +# for IPv4 and IPv6. You *cannot* use hostnames in the allow or # +# deny field, as the state is applied before the user's DNS has # +# been resolved. # +# # +# You can optionally name your connect allow/deny tags. If you do # +# this, you may reference this connect tag as the parent of another # +# connect tag with the option as shown above. If # +# you do this, any options not explicitly specified in the tag will # +# be copied from the parent. # +# # +# If the value maxchans is included, this overrides all other max # +# channels related settings, including the separate oper maximum. # +# You may set this to any (sane) value you wish and it applies to # +# all users within this connect tag. # # # # You may optionally include timeout="x" on any allow line, which # # specifies the amount of time given before an unknown connection # -# is closed if USER/NICK/PASS are not given. This value is in secs # -# # -# You may also optionally include a flood="x" line which indicates # +# is closed if USER/NICK/PASS are not given. This value is in secs. # +# # +# You may optionally limit the number of clients that are matched # +# by a single tag by specifying the maximum in the limit # +# parameter. If set to 0, there is no limit, which is the default. # +# # +# You should also include a flood="x" line which indicates # # the number of lines a user may place into their buffer at once # -# before they are disconnected for excess flood. The default is to # -# DISABLE this feature. A recommended value is 10. A counter is # -# maintained for each user which is reset every 'threshold' seconds # -# and specifying this threshold value with threshold="X" indicates # -# how often the counter is reset. For example, with flood="5" and # -# threshold="8", the user may not send more than 5 lines in 8 secs. # +# before they are disconnected for excess flood. This feature can # +# not be disabled, however it can be set to extremely high values, # +# rendering it effectively disabled. A recommended value is 10. # +# A counter is maintained for each user which is reset every # +# 'threshold' seconds and specifying this threshold value with # +# threshold="X" indicates how often the counter is reset. For # +# example, with flood="5" and threshold="8", the user may not send # +# more than 5 lines in 8 secs. # # # # You may optionally specify the sendq size and ping frequency of # # each connect:allow line using the pingfreq="X" and sendq="X" # # settings as shown in the full example below. # # The ping frequency is specified in seconds, and the sendq size # # in bytes. It is recommended, although not enforced, that you # -# should never set your sendq size to less than 8k. Send Queues are # +# should never set your sendq size to less than 8K. Send Queues are # # dynamically allocated and can grow as needed up to the maximum # # size specified. # # # # The optional recvq value is the maximum size which users in this # # group may grow their receive queue to. This is recommended to be # # kept pretty low compared to the sendq, as users will always # -# recieve more than they send in normal circumstances. The default # +# receive more than they send in normal circumstances. The default # # if not specified is 4096. # # # -# IMPORTANT NOTE, CALL THE CONFUSION POLICE! # # The sendq is the data waiting to be sent TO THE USER. # # The recvq is the data being received FROM THE USER. # # The names sendq and recvq are from the SERVER'S PERSPECTIVE not # # that of the user... Just to clear up any confusion or complaints # # that these are backwards :p # # # +# The localmax and globalmax values can be used to enforce local # +# and global session limits on connections. The session limits are # +# counted against all users, but applied only to users within the # +# class. For example, if you had a class 'A' which has a session # +# limit of 3, and a class 'B' which has a session limit of 5, and # +# somehow, two users managed to get into class B which also match # +# class A, there is only one connection left for this IP now in A, # +# but if they can connect again to B, there are three. You get the # +# idea (i hope). # +# # +# NOTE NOTE NOTE NOTE NOTE NOTE! # +# The maximum limits by default apply to individual IP addresses # +# This *MAY* be changed by modifying the block, in order # +# to detect cloning across an ISP. # +# # +# The optional port value determines which port the connect tag is # +# handling. If left out the connect tag covers all bound ports else # +# only incoming connections on the specified port will match. Port # +# tags may be used on connect allow and connect deny tags. # +# # +# The limit value determines the maximum number of users which may # +# be in this class. Combine this with CIDR masks for various ISP # +# subnets to limit the number of users which may connect at any one # +# time from a certain ISP. Omit this value to not limit the tag. # +# # - - + + + + +#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# CIDR configuration allows detection of clones and applying of # +# throttle limits across a CIDR range. (A CIDR range is a group of # +# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # +# represented as 192.168.1.0/24). This means that abuse across an ISP # +# is detected and curtailed much easier. # +# # +# ipv4clone: # +# This specifies how many bits of an IP address should be checked # +# against cloning in the tags, for example, if # +# tags specified a limit of 2 (low!), and three users attempted to # +# connect in the IP range 192.168.1.0-192.168.1.255, and ipv4clone # +# was set to '24', the third connection would be disconnected. # +# # +# Valid values are 0-32, but you *don't* want 0. # +# # +# ipv6clone works in the same way, except for ipv6 addresses. Valid # +# range is 0-128, but you *don't* want anything too small. # +# # +# Setting these to their maximum value (32, 128) will result in # +# no actual CIDR checking being done, and clone checking will only be # +# done across individual IPs. This is the default behaviour. # + + #-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- -# # -# Classes are a group of commands which are grouped together # -# and given a unique name. They used to define which commands # +# # +# Classes are a group of commands which are grouped together and # +# given a unique name. They're used to define which commands # # are available to certain types of Operators. # -# # -# Syntax is as follow: # -# # -# # +# # +# Syntax is as follows: # +# # +# # +# # +# The name value indicates a name for this class. # +# The commands value indicates a list of one or more commands that # +# are allowed by this class (see also 'READ THIS BIT' below). # +# The usermodes and chanmodes values indicate lists of usermodes and # +# channel modes this oper can execute. This only applies to modes # +# that are marked oper-only such as usermode +Q and channelmode +O. # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# You are not forced to give these classes the names given below. # +# You can create your own named classes, if you want, in fact that # +# is the whole idea of this system! # +# # +# Note: It is possible to make a class which covers all available # +# commands. To do this, specify commands="*". This is not really # +# recommended, as it negates the whole purpose of the class system, # +# however it is provided for fast configuration (e.g. in test nets) # +# # - - - - - + + + + + #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# -# # +# # # This is where you specify which types of operators you have on # # your server, as well as the commands they are allowed to use. # -# This works alongside with the classes specified above. # -# # -# type name - a name for the combined class types # -# classes - specified above, used for flexibility for the # +# This works alongside with the classes specified above. # +# # +# type name - A name for the combined class types. # +# a type name cannot contain spaces, however if you # +# put an _ symbol in the name, it will be translated # +# to a space when displayed in a WHOIS. # +# # +# classes - Specified above, used for flexibility for the # # server admin to decide on which operators get # -# what commands # -# host - hostmask operators will recieve on oper-up. # -#(optional) # +# what commands. Class names are case sensitive, # +# separate multiple class names with spaces. # +# # +# host - Optional hostmask operators will receive on oper-up. # +# # +# Syntax is as follows: # +# # +# # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# You are not forced to give these types the names given below. # +# You can create your own named types, if you want, in fact that # +# is the whole idea of this system! # # # -# Syntax is as follows: # -# # -# # - #-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# -# # +# # # Opers are defined here. This is a very important section. # -# Remember to only make operators out of truthworthy people. # -# # -# name - oper name, best to use lower-case # -# password - password to oper-up, # -# encryption not supported by inspircd. However, there # -# are modules that allow for oper password encryption. # -# # -# host - host of client allowed to oper-up, more hostmasks # -# seperated by spaces, wildcards accepted # -# type - specified above, defines the kind of operator # -# # +# Remember to only make operators out of trust worthy people. # +# # +# name - Oper name, this is case sensitive, so it is best to # +# use lower-case. # +# # +# password - Password to oper-up, also case sensitive. # +# encryption is supported via modules. You may load # +# modules for MD5 or SHA256 encryption, and if you do, # +# this value will be a hash value, otherwise put a # +# plaintext password in this value. # +# # +# host - Hosts of client allowed to oper-up. # +# wildcards accepted, separate multiple hosts with a # +# space. You may also specify CIDR IP addresses. # +# # +# fingerprint - When using the m_ssl_oper_cert.so module, you may # +# specify a key fingerprint here. This can be obtained # +# using the /fingerprint command whilst the module is # +# loaded, or from the notice given to you when you # +# connect to the ircd using a client certificate, # +# and will lock this oper block to only the user who # +# has that specific key/certificate pair. # +# this enhances security a great deal, however it # +# requires that opers use clients which can send ssl # +# client certificates, if this is configured for that # +# oper. Note that if the m_ssl_oper.so module is not # +# loaded, and/or one of m_ssl_openssl or m_ssl_gnutls # +# is not loaded, this configuration option has no # +# effect and will be ignored. # +# # +# type - Defines the kind of operator. This must match a type # +# tag you defined above, and is case sensitive. # +# # # Syntax is as follows: # -# # -# # +# # +# # - + #-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-# @@ -240,19 +498,106 @@ # Defines which servers can link to this one, and which servers this # # server may create outbound links to. # # # -# name - The name is the canocial name of the server, it does # -# not have to resolve - but it is expected to be sent # -# in the remote servers connection info. # -# ipaddr - Valid host or ip address for remote server. * # -# port - Valid listening UDP port for remote server. # -# sendpass - Password to send to create an outbound connection to # -# this server. # -# recvpass - Password to receive to accept an inbound connection # -# from this server. # -# autoconnect - Sets the server to autoconnect. Where x is the number # -# (optional) of seconds between attempts. 300 = 5 minutes # -# # -# to u:line a server (give it extra privilages required for running # +# name - The name is the canonical name of the server, does # +# not have to resolve - but it is expected to be set # +# in the remote servers connection info. # +# # +# ipaddr - Valid host or IP address for remote server. These # +# hosts are resolved on rehash, and cached, if you # +# specify a hostname; so if you find that your server # +# is still trying to connect to an old IP after you # +# have updated your DNS, try rehashing and then # +# attempting the connect again. # +# # +# port - The TCP port for the remote server. # +# # +# sendpass - Password to send to create an outbound connection # +# to this server. # +# # +# recvpass - Password to receive to accept an inbound connection # +# from this server. # +# # +# autoconnect - Sets the server to autoconnect. Where x is the num. # +# (optional) of seconds between attempts. e.g. 300 = 5 minutes. # +# # +# transport - If defined, this is a transport name implemented by # +# another module. Transports are layers on top of # +# plaintext connections, which alter them in certain # +# ways. Currently the three supported transports are # +# 'openssl' and 'gnutls' which are types of SSL # +# encryption, and 'zip' which is for compression. # +# If you define a transport, both ends of the # +# connection must use a compatible transport for the # +# link to succeed. OpenSSL and GnuTLS are link- # +# compatible with each other. # +# # +# statshidden - When using m_spanningtree.so for linking. you may # +# set this to 'yes', and if you do, the IP address/ # +# hostname of this connection will NEVER be shown to # +# any opers on the network. In /stats c its address # +# will show as *@, and during CONNECT and # +# inbound connections, it's IP will show as # +# UNLESS the connection fails (e.g. due to a bad # +# password or servername) # +# # +# allowmask - When this is defined, it indicates a range of IP # +# addresses to allow for this link (You may use CIDR # +# or wildcard form for this address). # +# e.g. if your server is going to connect to you from # +# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 # +# into this value. If it is not defined, then only # +# the ipaddr field of the server shall be allowed. # +# # +# failover - If you define this option, it must be the name of a # +# different link tag in your configuration. This # +# option causes the ircd to attempt a connection to # +# the failover link in the event that the connection # +# to this server fails. For example, you could define # +# two hub uplinks to a leaf server, and set an # +# american server to autoconnect, with a european # +# hub as its failover. In this situation, your ircd # +# will only try the link to the european hub if the # +# american hub is unreachable. NOTE that for the # +# intents and purposes of this option, an unreachable # +# server is one which DOES NOT ANSWER THE CONNECTION. # +# If the server answers the connection with accept(), # +# EVEN IF THE CREDENTIALS ARE INVALID, the failover # +# link will not be tried! Failover settings will also # +# apply to autoconnected servers as well as manually # +# connected ones. # +# # +# timeout - If this is defined, then outbound connections will # +# time out if they are not connected within this many # +# seconds. If this is not defined, the default of ten # +# seconds is used. # +# # +# bind - If you specify this value, then when creating an # +# outbound connection to the given server, the IP you # +# place here will be bound to. This is for multi- # +# homed servers which may have multiple IP addresses. # +# if you do not define this value, the first IP that # +# is not empty or localhost from your tags # +# will be bound to. This is usually acceptable, # +# however if your server has multiple network cards # +# then you may have to manually specify the bind # +# value instead of leaving it to automatic binding. # +# you can usually tell if you need to set this by # +# looking for the error 'Could not assign requested # +# address' in your log when connecting to servers. # +# # +# hidden - If this is set to true, yes, or 1, then the server # +# is completely hidden from non-opers. It does not # +# show in /links and it does not show in /map. Also, # +# any servers which are child servers of this one # +# in the network will *also* be hidden. Use with # +# care! You can use this to 'mask off' sections of # +# the network so that users only see a small portion # +# of a much larger net. It should NOT be relied upon # +# as a security tool, unless it is being used for # +# example to hide a non-client hub, for which clients # +# do not have an IP address or resolvable hostname. # +# # +# To u:line a server (give it extra privileges required for running # # services, Q, etc) you must include the tag as shown # # in the example below. You can have as many of these as you like. # # # @@ -260,61 +605,147 @@ # that server to operoverride modes. This should only be used for # # services and protected oper servers! # # # -# IMPORTANT NOTE: When specifying the ip address and/or host, the # -# server software will prioritize RESOLVED hostnames above ip # -# addresses, so for example if your target server resolves to a.b.com # -# you MUST put a.b.com into your link block, and NOT the IP address # -# of a.b.com. The system uses reverse resolution. # +# ------------------------------------------------------------------- # +# # +# NOTE: If you have built your server as an IPv6 server, then when a # +# DNS lookup of a server's host occurs, AAAA records (IPv6) are # +# prioritised over A records (IPv4). Therefore, if the server you are # +# connecting to has both an IPv6 IP address and an IPv4 IP address in # +# its DNS entry, the IPv6 address will *always* be selected. To # +# change this behaviour simply specify the IPv4 IP address rather # +# than the hostname of the server. # +# # +# ------------------------------------------------------------------- # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# If you want to link servers to InspIRCd you must load the # +# m_spanningtree.so module! Please see the modules list below for # +# information on how to load this module! If you do not load this # +# module, server links will NOT work! # +# # +# Also, if you define any transports, you must load the modules for # +# these transports BEFORE you load m_spanningtree, e.g. place them # +# above it in the configuration file. Currently this means the three # +# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on # +# which you choose to use. # # # + ipaddr="penguin.box.com" + port="7000" + allowmask="69.58.44.0/24" + autoconnect="300" + failover="hub.other.net" + timeout="15" + transport="gnutls" + bind="1.2.3.4" + statshidden="no" + hidden="no" + sendpass="outgoing!password" + recvpass="incoming!password"> + ipaddr="localhost" + port="7000" + allowmask="127.0.0.0/8" + sendpass="penguins" + recvpass="polarbears"> + - +#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# This tag defines a ulined server. A U-Lined server has special # +# permissions, and should be used with caution. Services servers are # +# usually u-lined in this manner. # +# # +# The 'silent' value, if set to yes, indicates that this server should# +# not generate quit and connect notices, which can cut down on noise # +# to opers on the network. # +# # + #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# -# # +# # # These options let you define the path to your motd and rules # -# files. # -# # +# files. If these are relative paths, they are relative to the # +# configuration directory. # +# # + + + +#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional configuration tag lets you define the maximum number # +# of channels that both opers and users may be on at any one time. # +# The default is 20 for users and 60 for opers if this tag is not # +# defined. Remote users are not restricted in any manner. # +# # - + #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Define your DNS server address here. InspIRCd has its own resolver # -# and you must define this otherwise nobody's host will resolve. The # -# timeout value is in seconds. # +# Define your DNS server address here. InspIRCd has its own resolver. # +# If you do not define this value, then InspIRCd will attempt to # +# determine your DNS server from your operating system. On POSIX # +# platforms, InspIRCd will read /etc/resolv.conf, and populate this # +# value with the first DNS server address found. On Windows platforms # +# InspIRCd will check the registry, and use the DNS server of the # +# first active network interface, if one exists. # +# If a DNS server cannot be determined from these checks, the default # +# value '127.0.0.1' is used instead. The timeout value is in seconds. # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# When choosing a server, be sure to choose one which will do a # +# RECURSIVE LOOKUP. InspIRCd's resolver does not currently do these # +# recursive lookups itself, to save time and resources. The DNS # +# server recommended by the InspIRCd team is bind, available from the # +# ISC website. If your DNS server does not do a recursive lookup, you # +# will be able to notice this by the fact that none of your users are # +# resolving even though the DNS server appears to be up! Most ISP and # +# hosting provider DNS servers support recursive lookups. # +# # +# ------------------------------------------------------------------- # +# # +# NOTE: If you have built InspIRCd with IPv6 support, then both # +# IPv6 and IPv4 addresses are allowed here, and also in the system # +# resolv.conf file. Remember that an IPv4 DNS server can still # +# resolve IPv6 addresses, and vice versa. # # # +# An example of using an IPv6 nameserver +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Define the path to the PID file here. The PID file can be used to # # rehash the ircd from the shell or to terminate the ircd from the # -# shell using shell scripts, perl scripts etc, and to monitor the # -# ircd's state via cron jobs. # +# shell using shell scripts, perl scripts, etc... and to monitor the # +# ircd's state via cron jobs. If this is a relative path, it will be # +# relative to the configuration directory, and if it is not defined, # +# the default of 'inspircd.pid' is used. # # # - +# #-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Use these tags to customise the ban limits on a per channel basis. # -# the tags are read from top to bottom, and any tag found which # +# The tags are read from top to bottom, and any tag found which # # matches the channels name applies the banlimit to that channel. # # It is advisable to put an entry with the channel as '*' at the # # bottom of the list. If none are specified or no maxbans tag is # @@ -333,8 +764,8 @@ # 'registered' (e.g. after the initial USER/NICK/PASS on connection) # # so for example disabling NICK will not cripple your network. # # # -# # -# # + +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -347,26 +778,148 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Settings to define which features are useable on your server. # -# # -# prefixquit - a prefix for a client's quit message # -# loglevel - specifies what detail of messages to log in the # -# log file. You may select from debug, verbose, # -# default, sparse and none. # -# allowhalfop - allows the +h channel mode # +# # +# Settings to define which features are usable on your server. # +# # +# prefixquit - A prefix to be placed on the start of a client's # +# quit message # +# # +# suffixquit - A suffix to be placed on the end of a client's # +# quit message. # +# # +# fixedquit - A fixed quit message to display for all client # +# QUITS. If specified, overrides both prefixquit # +# and suffixquit options. # +# # +# prefixpart - A prefix to be placed on the start of a client's # +# part message # +# # +# suffixpart - A suffix to be placed on the end of a client's # +# part message. # +# # +# fixedpart - A fixed part message to display for all client # +# parts. If specified, overrides both prefixpart # +# and suffixpart options. # +# # +# allowhalfop - Allows the +h channel mode # +# # # noservices - If noservices is true, yes, or 1, then the first # # user into a channel gets founder status. This is # # only useful on networks running the m_chanprotect # # module without services. # -# netbuffersize - size of the buffer used to receive data from # -# clients. The ircd may only read() this amount # -# of text in one go at any time. (OPTIONAL) # +# # +# qprefix - qprefix is used by the chanprotect module to give # +# a visible prefix to users set +q (founder) in chan # +# It should be set to something sensible like ~ or ! # +# If not set, no prefix is applied to users with +q # +# # +# aprefix - aprefix is the same as qprefix, except it is for # +# giving users with mode +a (protected) a prefix # +# # +# deprotectself - If this value is set to yes, true, or 1, then any # +# user with +q or +a may remove the +q or +a from # +# themselves. The default setting is to not enable # +# this feature, which stops even the founder taking # +# away their founder status without using services. # +# # +# deprotectothers-If this value is set to yes, true, or 1, then any # +# user with +q or +a may remove the +q or +a from # +# other users. The default setting is to not enable # +# this feature, so that only +q may remove +a, and # +# nothing but services may remove +q. # +# # +# cyclehosts - If this is set to true, yes or 1, then when a # +# user's hostname changes, they will appear to quit # +# and then rejoin with their new host. This prevents # +# clients from being confused by host changes, # +# especially in the case of bots, and it is # +# recommended that this option is enabled. # +# # +# moduledir - This optional value indicates a runtime change of # +# the location where modules are to be found. This # +# does not add a supplementary directory. There can # +# only be one module path. # +# # +# syntaxhints - If set to yes, true or 1, when a user does not # +# give enough parameters for a command, a syntax # +# hint will be given (using the RPL_TEXT numeric) # +# as well as the standard ERR_NEEDMOREPARAMS. # +# # +# announcets - If this value is defined to yes, true, or 1, then # +# a channels' timestamp is updated, the users on # +# the channel will be informed of the change via # +# a server notice to the channel with the old and # +# new TS values in the timestamp. If you think this # +# is just pointless noise, define the value to 0. # +# # +# ircumsgprefix - Use undernet style message prefix for channel # +# NOTICE and PRIVMSG adding the prefix to the line # +# of text sent out. Eg. NOTICE @#test :@ testing # +# vs. the off setting: NOTICE @#test :testing # +# # +# hostintopic - If this is set to yes (the default) then the full # +# nick!user@host is shown for who set a TOPIC last. # +# if set to no, then only the nickname is shown. # +# # +# serverpingfreq- This value, when set, allows you to change the # +# frequency of server to server PING messages. This # +# can help if you are having certain network issues. # +# # +# pingwarning - This should be set to a number between 1 and 59 if # +# defined, and if it is defined will cause the server# +# to send out a warning via snomask +l if a server # +# does not answer to PING after this many seconds. # +# This can be useful for finding servers which are # +# at risk of pinging out due to network issues. # +# # +# exemptchanops - This option allows channel operators to be exempted# +# from certain channel modes. # +# Supported modes are +SfFgNc. Defaults to off. # +# # +# defaultmodes - The default modes to be given to each channel on # +# creation. Defaults to 'nt'. There should be no + # +# or - symbols in this sequence, if you add them # +# they will be ignored. You may add parameters for # +# modes which take them. # +# # +# moronbanner - The NOTICE to show to users who are glined, zlined # +# klined or qlined when they are disconnected. This # +# is totally freeform, you may place any text here # +# you wish. # +# # + + + + +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# +# # # maxwho - The maximum number of results returned by a /WHO # # query. This is to prevent /WHO being used as a # # spam vector or means of flooding an ircd. The # # default is 128, it is not recommended to raise it # -# above 1024. Values up to 65535 are permitted. # +# above 1024. Values up to 65535 are permitted. If # +# this value is omitted, any size WHO is allowed by # +# anyone. # +# # # somaxconn - The maximum number of sockets that may be waiting # # in the accept queue. This usually allows the ircd # # to soak up more connections in a shorter space of # @@ -376,288 +929,258 @@ # descriptors. Some systems may only allow this to # # be up to 5 (ugh) while others such as FreeBSD will # # default to a much nicer 128. # -# moduledir - This optional value indicates a runtime change of # -# the location where modules are to be found. This # -# does not add a supplementary directory. There can # -# only be one module path. # +# # # softlimit - This optional feature allows a defined softlimit. # # if defined sets a soft maxconnections value, has # # to be less than the ./configure maxclients # # # - - - - - -#-#-#-#-#-#-#-#-#-#-#-#-#- MODULE OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# +# nouserdns - If set to yes, true or 1, no user DNS lookups # +# will be performed for connecting users. This can # +# save a lot of resources on very busy IRC servers. # # # -# These tags define which modules will be loaded on startup by your # -# server. Add modules without any paths. When you make your ircd # -# using the 'make' command, all compiled modules will be moved into # -# the folder you specified when you ran ./configure. The module tag # -# automatically looks for modules in this location. # -# If you attempt to load a module outside of this location, either # -# in the config, or via /LOADMODULE, you will receive an error. # +# quietbursts - When synching or splitting from the network, a # +# server can generate a lot of connect and quit # +# snotices to the +C and +Q snomasks. Setting this # +# value to yes squelches those messages, which can # +# make them more useful for opers, however it will # +# degrade their use by certain third party programs # +# such as BOPM which rely on them to scan users when # +# a split heals in certain configurations. # # # -# By default, ALL modules are commented out. You must uncomment them # -# or add lines to your config to load modules. Please refer to # -# http://www.inspircd.org/wiki/Modules_List for a list of modules and# -# each modules link for any additional conf tags they require. # +# netbuffersize - Size of the buffer used to receive data from # +# clients. The ircd may only read() this amount # +# of text in one go at any time. (OPTIONAL) # # # -# WINDOWS USERS PLEASE NOTE: You can still load these modules! They # -# are incorporated into the executable and can be loaded and removed # -# similarly to if they were in a ramdisk. # - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Foobar module - does nothing -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Chanprotect module: gives +q and +a channel modes -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Globops module: gives /GLOBOPS and usermode +g -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Noinvite module: Gives channel mode +V -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper MD5 module: Allows MD5 hashed oper passwords -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Restricted channels module: Allows only opers to create channels -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Deny Channels: Deny Channels from being used by users -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Services support module: Adds several usermodes such as +R and +M -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Userip module: Adds the /USERIP command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Alias module: Allows you to define server-side command aliases -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# CHGHOST module: Adds the /CHGHOST command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# HELPOP module: Provides the /HELPOP command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# No kicks module: Adds the +Q channel mode -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper MOTD module: Provides support for seperate message of the day -# on oper-up -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Restrict message module: Allows users to only message opers -# -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Sethost module: Adds the /SETHOST command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Antibottler module: Labels bottler leech bots -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Watch module: Adds the WATCH command, which is used by clients to -# maintain notify lists. -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Cloaking module: Adds usermode +x and cloaking support -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Hostchange module: Allows a different style of cloaking -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# No nicks module: Adds the +N channel mode -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Override module: Adds support for oper override -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SAJOIN module: Adds the /SAJOIN command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Set Idle module: Adds a command for opers to change their -# idle time (mainly a toy) -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Block colour module: Adds the +c channel mode -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Conn-Lusers: Shows the LUSERS output on connect -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Ident: Provides RFC 1413 ident lookup support -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# No Notice module: adds the channel mode +T -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Parking module: Adds parking support and /PARK and /UNPARK -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SAMODE module: Adds the oper /SAMODE command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SETNAME module: Adds the /SETNAME command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Botmode module: Adds the user mode +B -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Filter module: Provides glob-based message filtering -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Knock module: adds the /KNOCK command and +K channel mode -# + -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper channels mode: Adds the +O channel mode -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Random Quote module: provides a random quote on connect -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SANICK module: Allows opers to change user's nicks -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Show Whois module: Adds the +W usermode which allows opers -# to see when they are whois'ed -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Strip colour module: Adds the channel mode +S -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Censor module: Adds the channel mode +G -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Nick locking module: Adds the oper-only /NICKLOCK command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper Join module: Forces opers to join a channel on oper-up -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Redirect module: Adds channel redirection (mode +L) -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SAPART module: Adds the oper /SAPART command -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SILENCE module: Adds support for /SILENCE -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Test command module: Does nothing significant -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Channel filter module: Allows channel-op defined message -# filtering using simple string matches (channel mode +g) -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# No ctcp module: Adds the channel mode +C to block CTCPs -# - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper levels module: Gives each oper a level and prevents -# actions being taken against higher level opers -# +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# announceinvites # +# - If this option is set, then invites are announced # +# to the channel when a user invites another user. # +# If you consider this to be unnecessary noise, # +# set this to 'none'. To announce to all ops, set # +# this to 'ops' and to announce to all users set the # +# value to 'all'. # +# # +# The value 'dynamic' varies between 'ops' and 'all' # +# settings depending on if the channel is +i or not. # +# When the channel is +i, messages go only to ops, # +# and when the channel is not +i, messages go to # +# everyone. In short, the messages will go to every # +# user who has power of INVITE on the channel. This # +# is the recommended setting. # +# # +# disablehmac - If you are linking your InspIRCd to older versions # +# then you can specify this option and set it to # +# yes. 1.1.6 and above support HMAC and challenge- # +# response for password authentication. These can # +# greatly enhance security of your server to server # +# connections when you are not using SSL (as is the # +# case with a lot of larger networks). Linking to # +# older versions of InspIRCd should not *usually* be # +# a problem, but if you have problems with HMAC # +# authentication, this option can be used to turn it # +# off. # +# # +# hidemodes - If this option is enabled, then the listmodes # +# given (e.g. +eI), will be hidden from users below # +# halfop. This is not recommended to be set on mode # +# +b, as it may break some features in popular # +# clients such as mIRC. # +# # +# hidesplits - When set to 'yes', will hide split server names # +# from non-opers. Non-opers will see '*.net *.split' # +# instead of the server names in the quit message, # +# identical to the way IRCu displays them. # +# # +# hidebans - When set to 'yes', will hide gline, kline, zline # +# and qline quit messages from non-opers. For # +# example, user A who is not an oper will just see # +# (G-Lined) while user B who is an oper will see the # +# text (G-Lined: Reason here) instead. # +# # +# hidewhois - When defined with a non-empty value, the given # +# text will be used in place of the user's server # +# in WHOIS, when a user is WHOISed by a non-oper. # +# For example, most nets will want to set this to # +# something like '*.netname.net' to conceal the # +# actual server the user is on. # +# # +# flatlinks - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, /MAP and /LINKS # +# will be flattened when shown to a non-opers. # +# # +# hideulines - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, then U-lined # +# servers will be hidden in /LINKS and /MAP for non # +# opers. Please be aware that this will also hide # +# any leaf servers of a U-lined server, e.g. jupes. # +# # +# userstats - The userstats field is optional and specifies # +# which stats characters in /STATS may be requested # +# by non-operators. Stats characters in this field # +# are case sensitive and are allowed to users # +# independent of if they are in a module or the core # +# # +# operspywhois - If this is set then when an IRC operator uses # +# /WHOIS on a user they will see all channels, even # +# ones if channels are secret (+s), private (+p) or # +# if the target user is invisible +i. # +# # +# customversion - If you specify this configuration item, and it is # +# not set to an empty value, then when a user does # +# a /VERSION command on the ircd, this string will # +# be displayed as the second portion of the output, # +# replacing the system 'uname', compile flags and # +# socket engine/dns engine names. You may use this # +# to enhance security, or simply for vanity. # +# # +# maxtargets - The maxtargets field is optional, and if not # +# defined, defaults to 20. It indicates the maximum # +# number of targets which may be given to commands # +# such as PRIVMSG, KICK etc. # +# # +# hidekills - The hidekills value, if set, replaces the source # +# of all oper-generated kills to be the given text # +# to provide anonimity to your opers. # +# # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Remove module: Adds the /REMOVE command which is a peaceful -# alternative to /KICK -# + + +#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# This configuration tag defines the maximum sizes of various types # +# on IRC, such as the maximum length of a channel name, and the # +# maximum length of a channel. Note that with the exception of the # +# identmax value all values given here are the exact values you would # +# expect to see on IRC. This contrasts with the older InspIRCd # +# releases where these values would be one character shorter than # +# defined to account for a null terminator on the end of the text. # +# # +# The identmax value has special meaning, as it may grow one # +# character longer than you specify, to accomodate for a ~ character # +# when m_ident is loaded. # +# # +# These values should match network-wide, otherwise you may end up # +# with desyncs, and confusing your users by being able to use a nick # +# of a certain length on one server but not on another. Servers will # +# link with mismatched values, but this is NOT recommended as a long # +# term measure! # +# # +# Values here should be self explanitory: # +# # +# maxnick - The maximum length of a nickname # +# maxchan - The maximum length of a channel name # +# maxmodes - The maximum number of parameterized mode changes # +# per line # +# maxident - The maximum length of an ident/username value # +# maxquit - The maximum length of a quit message # +# maxtopic - The maximum length of a channel topic # +# maxkick - The maximum length of a kick message # +# maxgecos - The maximum length of a GECOS (real name) # +# maxaway - The maximum length of an away message # +# # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SAQUIT module: Adds the oper /SAQUIT command (abusable!!!) -# + -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Timed bans module: Adds timed bans and the /TBAN command -# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper modes module: Allows you to specify modes to add/remove on oper -# - - -#-#-#-#-#-#-#-#-#-#-#- FILTER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# Logging +# ------- +# +# Logging is covered with the tag, which you may use to change +# the behaviour of the logging of the IRCd. +# +# In InspIRCd as of 1.2, logging is pluggable and very extensible. +# Different files can log the same thing, different 'types' of log can +# go to different places, and modules can even extend the log tag +# to do what they want. +# +# An example log tag would be: +# +# which would log all information on /oper (failed and successful) to +# a file called opers.log. +# +# There are many different types which may be used, and modules may +# generate their own. A list of useful types: +# - USERS - information relating to user connection and disconnection +# - CHANNELS - information relating to joining and parting of channels. +# XXX someone doc more on this +# +# You may also log *everything* by using a type of *, and subtract things out +# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT". +# +# Channel Logging +# --------------- +# +# I'm aware this would probably better belong in the modules section, but this +# is heavily interrelated to logging, and as such will be documented here. +# +# m_chanlog is one of the modules which can alter logging to it's own thing. +# An example of this may be: +# +# +# +# +# The following log tag is highly default and uncustomised. It is recommended you +# sort out your own log tags. This is just here so you get some output. + + +#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Optional - If you specify to use the m_filter.so module, then # -# specfiy below the path to the filter.conf file. # - -# - - -#-#-#-#-#-#-#-#-#-#-#-#- HELPOP CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# This tag lets you define the behaviour of the /whowas command of # +# your server. # # # -# Optional - If you specify to use the m_helpop.so module, then # -# specify below the path to the helpop.conf file. # - - -# - - -#-#-#-#-#-#-#-#-#-#- RANDOMQUOTES CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# groupsize - Controls the maximum entries per nick shown when # +# performing a /whowas nick. Setting this to 0 dis- # +# ables whowas completely. # # # -# Optional - If you specify to use the m_randquotes.so module, then # -# specify below the path to the randquotes.conf file. # - -# +# maxgroups - The maximum number of nickgroups that can be added # +# to the list. If max is reached, oldest group will # +# be deleted first like a FIFO. A groupsize of 3 and # +# a maxgroups of 5000 will allow for 5000 nicks to # +# be stored with a history of 3, thus giving a total # +# of 3 * 5000 = 15000 entries. A setting of 0 dis- # +# ables whowas completely. # +# # +# maxkeep - The maximum time a nick is kept in the whowas list # +# before being pruned. Time may be specified in # +# seconds, or in the following format: 1y2w3d4h5m6s # +# meaning one year, two weeks, three days, 4 hours, # +# 5 minutes and 6 seconds. All fields in this format # +# are optional. Minimum is 1 hour, if less InspIRCd # +# will default back to 1 hour. # +# # +# # #-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -669,6 +1192,7 @@ # badip lines ban an ip range (same as a zline) # # # # ipmask - The ip range to ban (wildcards possible) # +# CIDR is supported in the IP mask. # # reason - Reason to display when disconnected # # # # badnick lines ban a nick mask (same as a qline) # @@ -679,11 +1203,13 @@ # badhost lines ban a user@host mask (same as a kline) # # # # host - ident@hostname (wildcards possible) # +# If you specify an IP, CIDR is supported. # # reason - Reason to display on disconnection # # # # exception lines define a hostmask that is excempt from [kzg]lines # # # # host - ident@hostname (wildcards possible) # +# If you specify an IP, CIDR is supported. # # reason - Reason, shown only in /stats e # # # @@ -696,49 +1222,59 @@ + -#-#-#-#-#-#-#-#-#-#-#- ALIAS DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# If you have the m_alias.so module loaded, you may also define # -# aliases as shown below. They are commonly used to provide shortcut # -# commands to services, however they are not limited to jsut this use.# -# An alias tag requires the following values to be defined in it: # -# # -# text - The text to detect at the start of the line, # -# must be at the start of the line to trigger the # -# alias. May contain spaces, but case insensitive. # -# replace - The text to replace 'text' with. Usually this # -# will be "PRIVMSG ServiceName :" or similar. # -# requires - If you provide a value for 'requires' this means # -# the given nickname MUST be online for the alias # -# to successfully trigger. If they are not, then # -# the user receives a 'no such nick' 401 numeric. # -# uline - Defining this value with 'yes', 'true' or '1' # -# will ensure that the user given in 'requires' # -# must also be on a u-lined server, as well as # -# actually being on the network. If the user is # -# online, but not on a u-lined server, then an # -# oper-alert is sent out as this is possibly signs # -# of a user trying to impersonate a service. # -# # - - - - - +#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional tag allows you to specify how wide a gline, eline, # +# kline, zline or qline can be before it is forbidden from being # +# set. By setting hostmasks="yes", you can allow all G, K, E lines, # +# no matter how many users the ban would cover. This is not # +# recommended! By setting ipmasks="yes", you can allow all Z lines, # +# no matter how many users these cover too. Needless to say we # +# don't recommend you do this, or, set nickmasks="yes", which will # +# allow any qline. # +# # +# The trigger value indicates how wide any mask will be before it is # +# prevented from being set. The default value is 95.5% if this tag is # +# not defined in your configuration file, meaning that if your # +# network has 1000 users, a gline matching over 955 of them will be # +# prevented from being added. # +# # +# Please note that remote servers (and services) are exempt from # +# these restrictions and expected to enforce their own policies # +# locally! # +# # + + + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # You should already know what to do here :) # - + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# MODULES #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# Well done, you've reached the end of this. # +# We now suggest you read and edit modules.conf, as modules are what # +# provide almost all the features of InspIRCd. :) # +# # +# The default does nothing -- we include it for simplicity for you. # + ######################################################################### -# # -# -InspIRCd Development and Coding Team- # -# www.inspircd.org # -# # +# # +# - InspIRCd Development Team - # +# http://www.inspircd.org # +# # #########################################################################