X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=conf%2Finspircd.conf.example;h=baadf24d62233c39ad47a1823bc4e2311517e581;hb=fa67c7e80b15060773295e4719545a802d8717d5;hp=fa32053d93b81cb63836fd1e4ad432e2ec50fcab;hpb=c0cf560ec2b00f5829a7a40d9c3011cfc845bad6;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example index fa32053d9..baadf24d6 100644 --- a/conf/inspircd.conf.example +++ b/conf/inspircd.conf.example @@ -20,7 +20,7 @@ # This is an example of the config file for InspIRCd. # # Change the options to suit your network # # # -# $Id$ # +# $Id$ # # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # @@ -39,45 +39,67 @@ # # ######################################################################## - -#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#- +#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Here is where you enter the information about your server. # +# This optional tag allows you to include another config file # +# allowing you to keep your configuration tidy. The configuration # +# file you include will be treated as part of the configuration file # +# which includes it, in simple terms the inclusion is transparent. # # # -# Syntax is as follows: # +# All paths to config files are relative to the directory that the # +# process runs in. # # # -# # +# You may also include an executable file, in which case if you do so # +# the output of the executable on the standard output will be added # +# to your config at the point of the include tag. # +# # +# Syntax is as follows: # +# # +# # +# # +# Executable Include Example: # +# +# # + + +#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-# # # -# The server name should be a syntactically valid hostname, with at # -# least one '.', and does not need to resolve to an IP address. # +# You can define variables that will be substituted later in the # +# configuration file. This can be useful to allow settings to be # +# easily changed, or to parameterize a remote includes. # # # -# The description is freeform text. Remember you may put quotes in # -# this field by escaping it using \". # +# Variables may be redefined and may reference other variables. # +# Value expansion happens at the time the tag is read. # # # -# The network field indicates the network name given in on connect # -# to clients. It is used by many clients such as mIRC to select a # -# perform list, so it should be identical on all servers on a net # -# and should not contain spaces. # +# Using variable definitions REQUIRES that the config format be # +# changed to "xml" from the default "compat" that uses escape # +# sequences such as "\"" and "\n", and does not support # + + + + +#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#- # # -# The server ID is optional, and if omitted automatically calculated # -# from the server name and description. This is similar in # -# in behaviour to the server id on ircu and charybdis ircds. # -# You should only need to set this manually if there is a collision # -# between two server ID's on the network. The server ID must be # -# three digits or letters long, of which the first digit must always # -# be a number, and the other two letters may be any of 0-9 and A-Z. # -# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # -# QFX and 5eR are not. Remember, in most cases you will not need to # -# even set this value, it is calculated for you from your server # -# name and description. Changing these will change your auto- # -# generated ID. # +# Here is where you enter the information about your server. # # # - @@ -86,14 +108,16 @@ # Describes the Server Administrator's real name (optionally), # # nick, and email address. # # # -# Syntax is as follows: # -# # -# # - @@ -101,44 +125,7 @@ # # # Enter the port and address bindings here. # # # -# bind address - Specifies which address ports bind to. Leaving this # -# field blank binds the port to all IP's available. # -# # -# port - The port number to bind to. You may specify a port # -# range here, e.g. "6667-6669,7000,7001". If you do # -# this, the server will count each port within your # -# range as a separate binding, making the above # -# example equivalent to five separate bind tags. # -# A failure on one port in the range does not prevent # -# the entire range from being bound, just that one # -# port number. # # # -# type - Can be 'clients' or 'servers'. The clients type is # -# a standard TCP based socket, the servers type is a # -# also a TCP based connection but of a different # -# format. SSL support is provided by modules, to # -# enable SSL support, please read the module section # -# of this configuration file. # -# # -# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so # -# modules, you must define this value to use ssl on # -# that port. Valid values are 'gnutls' or 'openssl' # -# respectively. If the module is not loaded, this # -# setting is ignored. # -# # -# transport - If you have m_spanningtree.so loaded, along with # -# either one of the SSL modules (m_ssl_gnutls or # -# m_ssl_openssl) or m_ziplinks.so, then you may make # -# use of this value. # -# Setting it to 'openssl' or 'gnutls' or 'zip' # -# indicates that the port should accept connections # -# using the given transport name. Transports are # -# layers which sit on top of a socket and change the # -# way data is sent and received, e.g. encryption, # -# compression, and other such things. Because this # -# may not be limited in use to just encryption, # -# the 'ssl' value used for client ports does not # -# exist for servers, and this value is used instead. # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # @@ -150,39 +137,44 @@ # information on how to load this module! If you do not load this # # module, server ports will NOT be bound! # # # -# Leaving address empty binds to all available interfaces # -# # -# Syntax is as follows: # -# # -# # -# # -# # -# If InspIRCd is built for IPv6, and you wish to accept IPv4 clients, # -# then you can specify IPv4 ip addresses here to bind. You may also # -# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPv4 # -# address to bind the port, but as of InspIRCd 1.1.1, this is not # -# required. # -# # -# ------------------------------------------------------------------- # -# # -# PLEASE NOTE: If you have build InspIRCd as an IPv6 server, and you # -# specify an empty bind address, the binding will be bound to ALL THE # -# IPv6 IP ADDRESSES, and not the IPv4 addresses. If you are using an # -# IPv6 enabled InspIRCd and want to bind to multiple IPv4 addresses # -# in this way, you must specify them by hand. If you have built the # -# server for IPv4 connections only, then specifying an empty bind # -# address binds the port to all IPv4 IP addresses, as expected. # -# # +# PLEASE NOTE: If you have build InspIRCd with IPv6 support, you MUST # +# specify a bind address if you want the IRCd to bind to a IPv4 IP. # + + - + # port: Port for users or servers to be able to connect to. + # you can select multiple ports by separating them + # with a - character like the example below. + port="6697" -# When linking servers, the openssl and gnutls transports are largely -# link-compatible and can be used alongside each other or either/or + # type: Type of bind block this is. It can either be clients or + # servers. Whichever you select will be the only type able to connect + # to this bind section. + type="clients" + + # ssl: If you want this bind section to use SSL, define either + # gnutls or openssl here. The appropriate SSL modules must be loaded + # for ssl to work. If you do not want this bind section to support ssl, + # just remove or comment out this option. + ssl="gnutls" + > + + + +# When linking servers, the openssl and gnutls transports are completely +# link-compatible and can be used alongside each other # on each end of the link without any significant issues. +# Transports can only be used on server blocks. +# Supported Transports are: "ziplinks", "openssl" and "gnutls". +# You must load m_ziplinks module for zip, m_ssl_openssl for openssl +# or m_ssl_gnutls for gnutls. - + #-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- @@ -191,33 +183,24 @@ # the die and restart commands. Only trusted IRCop's who will # # need this ability should know the die and restart password. # # # -# Syntax is as follows: # -# # -# # - + + #hash="sha256" + # diepass: Password for opers to use if they need to shutdown (die) + # a server. + diepass="" + + # restartpass: Password for opers to use if they need to restart + # a server. + restartpass=""> -#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This optional tag allows you to include another config file # -# allowing you to keep your configuration tidy. The configuration # -# file you include will be treated as part of the configuration file # -# which includes it, in simple terms the inclusion is transparent. # -# # -# All paths to config files are relative to the directory of the main # -# config file inspircd.conf, unless the filename starts with a forward# -# slash (/) in which case it is treated as an absolute path. # -# # -# You may also include an executable file, in which case if you do so # -# the output of the executable on the standard output will be added # -# to your config at the point of the include tag. # -# # -# Syntax is as follows: # -# # -# # -# # #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # @@ -226,474 +209,222 @@ # You may have as many of these as you require. To allow/deny all # # connections, use a '*' or 0.0.0.0/0. # # # -# Syntax is as follows: # -# # -# # -# # -# # -# # -# # -# # -# IP masks may be specified in CIDR format or wildcard format, # -# for IPv4 and IPv6. You *cannot* use hostnames in the allow or # -# deny field, as the state is applied before the user's DNS has # -# been resolved. # -# # -# You can optionally name your connect allow/deny tags. If you do # -# this, you may reference this connect tag as the parent of another # -# connect tag with the option as shown above. If # -# you do this, any options not explicitly specified in the tag will # -# be copied from the parent. # -# # -# If the value maxchans is included, this overrides all other max # -# channels related settings, including the separate oper maximum. # -# You may set this to any (sane) value you wish and it applies to # -# all users within this connect tag. # -# # -# You may optionally include timeout="x" on any allow line, which # -# specifies the amount of time given before an unknown connection # -# is closed if USER/NICK/PASS are not given. This value is in secs. # -# # -# You may optionally limit the number of clients that are matched # -# by a single tag by specifying the maximum in the limit # -# parameter. If set to 0, there is no limit, which is the default. # +# -- It is important to note that connect tags are read from the -- # +# TOP DOWN. This means that you should have more specific deny # +# and allow tags at the top, progressively more general, followed # +# by a - + - + #hash="sha256" + + # password: Password to use for this block/user(s) + password="secret" + + # maxchans: Maximum number of channels a user in this class + # be in at one time. This overrides every other maxchans setting. + #maxchans="30" + + # timeout: How long (in seconds) the server will wait before + # disconnecting a user if they do not do anything on connect. + # (Note, this is a client-side thing, if the client does not + # send /nick, /user or /pass) + timeout="10" + + # localmax: Maximum local connections per IP (or CIDR mask, see below). localmax="3" + + # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below). globalmax="3" - limit="5000"> - - + # useident: Defines if users in this class MUST respond to a ident query or not. + useident="no" + # limit: How many users are allowed in this class + limit="5000" -#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- -# # -# Classes are a group of commands which are grouped together and # -# given a unique name. They're used to define which commands # -# are available to certain types of Operators. # -# # -# Syntax is as follows: # -# # -# # -# # -# The name value indicates a name for this class. # -# The commands value indicates a list of one or more commands that # -# are allowed by this class (see also 'READ THIS BIT' below). # -# The usermodes and chanmodes values indicate lists of usermodes and # -# channel modes this oper can execute. This only applies to modes # -# that are marked oper-only such as usermode +Q and channelmode +O. # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# You are not forced to give these classes the names given below. # -# You can create your own named classes, if you want, in fact that # -# is the whole idea of this system! # -# # -# Note: It is possible to make a class which covers all available # -# commands. To do this, specify commands="*". This is not really # -# recommended, as it negates the whole purpose of the class system, # -# however it is provided for fast configuration (e.g. in test nets) # -# # + # modes: Usermodes that are set on users in this block on connect. + # Enabling this option requires that the m_conn_umodes module be loaded. + # This entry is highly recommended to use for/with IP Cloaking/masking. + # For the example to work, this also requires that the m_cloaking + # module be loaded as well. + modes="+x" - - - - - + # port: What port this user is allowed to connect on. (optional) + # The port MUST be set to listen in the bind blocks above. + port="6667"> + # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# You are not forced to give these types the names given below. # -# You can create your own named types, if you want, in fact that # -# is the whole idea of this system! # -# # + # allow: What IP addresses/hosts to allow for this block. + allow="*" - - - + # maxchans: Maximum number of channels a user in this class + # be in at one time. This overrides every other maxchans setting. + #maxchans="30" + # timeout: How long (in seconds) the server will wait before + # disconnecting a user if they do not do anything on connect. + # (Note, this is a client-side thing, if the client does not + # send /nick, /user or /pass) + timeout="10" -#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# -# # -# Opers are defined here. This is a very important section. # -# Remember to only make operators out of trust worthy people. # -# # -# name - Oper name, this is case sensitive, so it is best to # -# use lower-case. # -# # -# password - Password to oper-up, also case sensitive. # -# encryption is supported via modules. You may load # -# modules for MD5 or SHA256 encryption, and if you do, # -# this value will be a hash value, otherwise put a # -# plaintext password in this value. # -# # -# host - Hosts of client allowed to oper-up. # -# wildcards accepted, separate multiple hosts with a # -# space. You may also specify CIDR IP addresses. # -# # -# fingerprint - When using the m_ssl_oper_cert.so module, you may # -# specify a key fingerprint here. This can be obtained # -# using the /fingerprint command whilst the module is # -# loaded, or from the notice given to you when you # -# connect to the ircd using a client certificate, # -# and will lock this oper block to only the user who # -# has that specific key/certificate pair. # -# this enhances security a great deal, however it # -# requires that opers use clients which can send ssl # -# client certificates, if this is configured for that # -# oper. Note that if the m_ssl_oper.so module is not # -# loaded, and/or one of m_ssl_openssl or m_ssl_gnutls # -# is not loaded, this configuration option has no # -# effect and will be ignored. # -# # -# type - Defines the kind of operator. This must match a type # -# tag you defined above, and is case sensitive. # -# # -# Syntax is as follows: # -# # -# # + # pingfreq: How often (in seconds) the server tries to ping connecting clients. + pingfreq="120" - + # hardsendq: maximum amount of data allowed in a client's send queue + # before they are dropped. Keep this value higher than the length of + # your network's /LIST or /WHO output, or you will have lots of + # disconnects from sendq overruns! + hardsendq="1048576" + # softsendq: amount of data in a client's send queue before the server + # begins delaying their commands in order to allow the sendq to drain + softsendq="8192" -#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-# -# # -# Defines which servers can link to this one, and which servers this # -# server may create outbound links to. # -# # -# name - The name is the canonical name of the server, does # -# not have to resolve - but it is expected to be set # -# in the remote servers connection info. # -# # -# ipaddr - Valid host or IP address for remote server. These # -# hosts are resolved on rehash, and cached, if you # -# specify a hostname; so if you find that your server # -# is still trying to connect to an old IP after you # -# have updated your DNS, try rehashing and then # -# attempting the connect again. # -# # -# port - The TCP port for the remote server. # -# # -# sendpass - Password to send to create an outbound connection # -# to this server. # -# # -# recvpass - Password to receive to accept an inbound connection # -# from this server. # -# # -# autoconnect - Sets the server to autoconnect. Where x is the num. # -# (optional) of seconds between attempts. e.g. 300 = 5 minutes. # -# # -# transport - If defined, this is a transport name implemented by # -# another module. Transports are layers on top of # -# plaintext connections, which alter them in certain # -# ways. Currently the three supported transports are # -# 'openssl' and 'gnutls' which are types of SSL # -# encryption, and 'zip' which is for compression. # -# If you define a transport, both ends of the # -# connection must use a compatible transport for the # -# link to succeed. OpenSSL and GnuTLS are link- # -# compatible with each other. # -# # -# statshidden - When using m_spanningtree.so for linking. you may # -# set this to 'yes', and if you do, the IP address/ # -# hostname of this connection will NEVER be shown to # -# any opers on the network. In /stats c its address # -# will show as *@, and during CONNECT and # -# inbound connections, it's IP will show as # -# UNLESS the connection fails (e.g. due to a bad # -# password or servername) # -# # -# allowmask - When this is defined, it indicates a range of IP # -# addresses to allow for this link (You may use CIDR # -# or wildcard form for this address). # -# e.g. if your server is going to connect to you from # -# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 # -# into this value. If it is not defined, then only # -# the ipaddr field of the server shall be allowed. # -# # -# failover - If you define this option, it must be the name of a # -# different link tag in your configuration. This # -# option causes the ircd to attempt a connection to # -# the failover link in the event that the connection # -# to this server fails. For example, you could define # -# two hub uplinks to a leaf server, and set an # -# american server to autoconnect, with a european # -# hub as its failover. In this situation, your ircd # -# will only try the link to the european hub if the # -# american hub is unreachable. NOTE that for the # -# intents and purposes of this option, an unreachable # -# server is one which DOES NOT ANSWER THE CONNECTION. # -# If the server answers the connection with accept(), # -# EVEN IF THE CREDENTIALS ARE INVALID, the failover # -# link will not be tried! Failover settings will also # -# apply to autoconnected servers as well as manually # -# connected ones. # -# # -# timeout - If this is defined, then outbound connections will # -# time out if they are not connected within this many # -# seconds. If this is not defined, the default of ten # -# seconds is used. # -# # -# bind - If you specify this value, then when creating an # -# outbound connection to the given server, the IP you # -# place here will be bound to. This is for multi- # -# homed servers which may have multiple IP addresses. # -# if you do not define this value, the first IP that # -# is not empty or localhost from your tags # -# will be bound to. This is usually acceptable, # -# however if your server has multiple network cards # -# then you may have to manually specify the bind # -# value instead of leaving it to automatic binding. # -# you can usually tell if you need to set this by # -# looking for the error 'Could not assign requested # -# address' in your log when connecting to servers. # -# # -# hidden - If this is set to true, yes, or 1, then the server # -# is completely hidden from non-opers. It does not # -# show in /links and it does not show in /map. Also, # -# any servers which are child servers of this one # -# in the network will *also* be hidden. Use with # -# care! You can use this to 'mask off' sections of # -# the network so that users only see a small portion # -# of a much larger net. It should NOT be relied upon # -# as a security tool, unless it is being used for # -# example to hide a non-client hub, for which clients # -# do not have an IP address or resolvable hostname. # -# # -# To u:line a server (give it extra privileges required for running # -# services, Q, etc) you must include the tag as shown # -# in the example below. You can have as many of these as you like. # -# # -# WARNING: Unlike other ircds, u:lining a server allows ALL users on # -# that server to operoverride modes. This should only be used for # -# services and protected oper servers! # -# # -# ------------------------------------------------------------------- # -# # -# NOTE: If you have built your server as an IPv6 server, then when a # -# DNS lookup of a server's host occurs, AAAA records (IPv6) are # -# prioritised over A records (IPv4). Therefore, if the server you are # -# connecting to has both an IPv6 IP address and an IPv4 IP address in # -# its DNS entry, the IPv6 address will *always* be selected. To # -# change this behaviour simply specify the IPv4 IP address rather # -# than the hostname of the server. # -# # -# ------------------------------------------------------------------- # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list below for # -# information on how to load this module! If you do not load this # -# module, server links will NOT work! # -# # -# Also, if you define any transports, you must load the modules for # -# these transports BEFORE you load m_spanningtree, e.g. place them # -# above it in the configuration file. Currently this means the three # -# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on # -# which you choose to use. # -# # + # recvq: amount of data allowed in a client's queue before they are dropped. + recvq="8192" + + # threshold: This specifies the amount of command penalty a user is allowed to have + # before being quit or fakelagged due to flood. Normal commands have a penalty of 1, + # ones such as /OPER have penalties up to 10. + # + # If you are not using fakelag, this should be at least 20 to avoid excess flood kills + # from processing some commands. + threshold="10" + + # commandrate: This specifies the maximum rate that commands can be processed. + # If commands are sent more rapidly, the user's penalty will increase and they will + # either be fakelagged or killed when they reach the threshold + # + # Units are millicommands per second, so 1000 means one line per second. + commandrate="1000" + + # fakelag: Use fakelag instead of killing users for excessive flood + # + # Fake lag stops command processing for a user when a flood is detected rather than + # immediately killing them; their commands are held in the recvq and processed later + # as the user's command penalty drops. Note that if this is enabled, flooders will + # quit with "RecvQ exceeded" rather than "Excess Flood". + fakelag="on" + + # localmax: Maximum local connections per IP. + localmax="3" + + # globalmax: Maximum global (network-wide) connections per IP. + globalmax="3" + + # useident: Defines if users in this class must respond to a ident query or not. + useident="no" + + # limit: How many users are allowed in this class + limit="5000" + + # modes: Usermodes that are set on users in this block on connect. + # Enabling this option requires that the m_conn_umodes module be loaded. + # This entry is highly recommended to use for/with IP Cloaking/masking. + # For the example to work, this also requires that the m_cloaking + # module be loaded as well. + modes="+x"> - - - - - -#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# -# This tag defines a ulined server. A U-Lined server has special # -# permissions, and should be used with caution. Services servers are # -# usually u-lined in this manner. # + +#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # -# The 'silent' value, if set to yes, indicates that this server should# -# not generate quit and connect notices, which can cut down on noise # -# to opers on the network. # +# CIDR configuration allows detection of clones and applying of # +# throttle limits across a CIDR range. (A CIDR range is a group of # +# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # +# represented as 192.168.1.0/24). This means that abuse across an ISP # +# is detected and curtailed much easier. Here is a good chart that # +# shows how many IPs the different CIDRs correspond to: # +# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # # # - + + +# This file has all the information about oper classes, types and o:lines. +# You *MUST* edit it. + + +# This file has all the information about server links and ulined servers. +# You *MUST* edit it if you intend to link servers. + #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # -# These options let you define the path to your motd and rules # -# files. If these are relative paths, they are relative to the # -# configuration directory. # -# # - + #-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# This optional configuration tag lets you define the maximum number # -# of channels that both opers and users may be on at any one time. # -# The default is 20 for users and 60 for opers if this tag is not # -# defined. Remote users are not restricted in any manner. # -# # - #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Define your DNS server address here. InspIRCd has its own resolver. # -# If you do not define this value, then InspIRCd will attempt to # -# determine your DNS server from your operating system. On POSIX # -# platforms, InspIRCd will read /etc/resolv.conf, and populate this # -# value with the first DNS server address found. On Windows platforms # -# InspIRCd will check the registry, and use the DNS server of the # -# first active network interface, if one exists. # -# If a DNS server cannot be determined from these checks, the default # -# value '127.0.0.1' is used instead. The timeout value is in seconds. # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# When choosing a server, be sure to choose one which will do a # -# RECURSIVE LOOKUP. InspIRCd's resolver does not currently do these # -# recursive lookups itself, to save time and resources. The DNS # -# server recommended by the InspIRCd team is bind, available from the # -# ISC website. If your DNS server does not do a recursive lookup, you # -# will be able to notice this by the fact that none of your users are # -# resolving even though the DNS server appears to be up! Most ISP and # -# hosting provider DNS servers support recursive lookups. # -# # -# ------------------------------------------------------------------- # -# # -# NOTE: If you have built InspIRCd with IPv6 support, then both # -# IPv6 and IPv4 addresses are allowed here, and also in the system # -# resolv.conf file. Remember that an IPv4 DNS server can still # -# resolve IPv6 addresses, and vice versa. # -# # - - +# If these values are not defined, InspIRCd uses the default DNS resolver +# of your system. + + # An example of using an IPv6 nameserver # @@ -723,17 +454,24 @@ -#-#-#-#-#-#-#-#-#-#-#- DISABLED COMMANDS -#-#-#-#-#-#-#-#-#-#-#-#-#-# +#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This tag is optional, and specifies one or more features which are # +# not available to non-operators. # # # -# This tag is optional, and specifies one or more commands which are # -# not available to non-operators. For example you may wish to disable # -# NICK and prevent non-opers from changing their nicknames. # +# For example you may wish to disable NICK and prevent non-opers from # +# changing their nicknames. # # Note that any disabled commands take effect only after the user has # # 'registered' (e.g. after the initial USER/NICK/PASS on connection) # # so for example disabling NICK will not cripple your network. # +# # +# You can also define if you want to disable any channelmodes # +# or usermodes from your users. # # # - -# +# `fakenonexistant' will make the ircd pretend that nonexistant # +# commands simply don't exist to non-opers ("no such command"). # +# # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -749,289 +487,199 @@ # # # Settings to define which features are usable on your server. # # # -# prefixquit - A prefix to be placed on the start of a client's # -# quit message # -# # -# suffixquit - A suffix to be placed on the end of a client's # -# quit message. # -# # -# fixedquit - A fixed quit message to display for all client # -# QUITS. If specified, overrides both prefixquit # -# and suffixquit options. # -# # -# prefixpart - A prefix to be placed on the start of a client's # -# part message # -# # -# suffixpart - A suffix to be placed on the end of a client's # -# part message. # -# # -# fixedpart - A fixed part message to display for all client # -# parts. If specified, overrides both prefixpart # -# and suffixpart options. # -# # -# allowhalfop - Allows the +h channel mode # -# # -# noservices - If noservices is true, yes, or 1, then the first # -# user into a channel gets founder status. This is # -# only useful on networks running the m_chanprotect # -# module without services. # -# # -# qprefix - qprefix is used by the chanprotect module to give # -# a visible prefix to users set +q (founder) in chan # -# It should be set to something sensible like ~ or ! # -# If not set, no prefix is applied to users with +q # -# # -# aprefix - aprefix is the same as qprefix, except it is for # -# giving users with mode +a (protected) a prefix # -# # -# deprotectself - If this value is set to yes, true, or 1, then any # -# user with +q or +a may remove the +q or +a from # -# themselves. The default setting is to not enable # -# this feature, which stops even the founder taking # -# away their founder status without using services. # -# # -# deprotectothers-If this value is set to yes, true, or 1, then any # -# user with +q or +a may remove the +q or +a from # -# other users. The default setting is to not enable # -# this feature, so that only +q may remove +a, and # -# nothing but services may remove +q. # -# # -# cyclehosts - If this is set to true, yes or 1, then when a # -# user's hostname changes, they will appear to quit # -# and then rejoin with their new host. This prevents # -# clients from being confused by host changes, # -# especially in the case of bots, and it is # -# recommended that this option is enabled. # -# # -# moduledir - This optional value indicates a runtime change of # -# the location where modules are to be found. This # -# does not add a supplementary directory. There can # -# only be one module path. # -# # -# syntaxhints - If set to yes, true or 1, when a user does not # -# give enough parameters for a command, a syntax # -# hint will be given (using the RPL_TEXT numeric) # -# as well as the standard ERR_NEEDMOREPARAMS. # -# # -# announcets - If this value is defined to yes, true, or 1, then # -# a channels' timestamp is updated, the users on # -# the channel will be informed of the change via # -# a server notice to the channel with the old and # -# new TS values in the timestamp. If you think this # -# is just pointless noise, define the value to 0. # -# # -# ircumsgprefix - Use undernet style message prefix for channel # -# NOTICE and PRIVMSG adding the prefix to the line # -# of text sent out. Eg. NOTICE @#test :@ testing # -# vs. the off setting: NOTICE @#test :testing # -# # -# hostintopic - If this is set to yes (the default) then the full # -# nick!user@host is shown for who set a TOPIC last. # -# if set to no, then only the nickname is shown. # -# # -# serverpingfreq- This value, when set, allows you to change the # -# frequency of server to server PING messages. This # -# can help if you are having certain network issues. # -# # -# pingwarning - This should be set to a number between 1 and 59 if # -# defined, and if it is defined will cause the server# -# to send out a warning via snomask +l if a server # -# does not answer to PING after this many seconds. # -# This can be useful for finding servers which are # -# at risk of pinging out due to network issues. # -# # -# exemptchanops - This option allows channel operators to be exempted# -# from certain channel modes. # -# Supported modes are +SfFgNc. Defaults to off. # -# # -# defaultmodes - The default modes to be given to each channel on # -# creation. Defaults to 'nt'. There should be no + # -# or - symbols in this sequence, if you add them # -# they will be ignored. You may add parameters for # -# modes which take them. # -# # -# moronbanner - The NOTICE to show to users who are glined, zlined # -# klined or qlined when they are disconnected. This # -# is totally freeform, you may place any text here # -# you wish. # -# # - + + # suffixpart: What (if anything) a users' part message + # should be suffixed with. + suffixpart=""" + + # fixedquit: Set all users' quit messages to this value. + #fixedquit="" + + # fixedpart: Set all users' part messages in all channels + # to this value. + #fixedpart="" + + # syntaxhints: If enabled, if a user fails to send the correct parameters + # for a command, the ircd will give back some help text of what + # the correct parameters are. syntaxhints="no" + + # cyclehosts: If enabled, when a user gets a host set, it will cycle + # them in all their channels. If not, it will simply change their host + # without cycling them. cyclehosts="yes" + + # ircumsgprefix: Use undernet-style message prefixing for NOTICE and + # PRIVMSG. If enabled, it will add users' prefix to the line, if not, + # it will just message the user normally. ircumsgprefix="no" + + # announcets: If set to yes, when the TimeStamp on a channel changes, all users + # in channel will be sent a NOTICE about it. announcets="yes" + + # allowmismatched: Setting this option to yes will allow servers to link even + # if they don't have the same VF_OPTCOMMON modules loaded. Setting this to + # yes may introduce some desyncs and weirdness. + allowmismatched="no" + + # hostintopic: If enabled, channels will show the host of the topicsetter + # in the topic. If set to no, it will only show the nick of the topicsetter. hostintopic="yes" + + # pingwarning: If a server does not respond to a ping within x seconds, + # it will send a notice to opers with snomask +l informing that the server + # is about to ping timeout. pingwarning="15" + + # serverpingfreq: How often pings are sent between servers (in seconds). serverpingfreq="60" + + # allowhalfop: Allows the use of +h channelmode (halfops). allowhalfop="yes" + + # defaultmodes: What modes are set on a empty channel when a user + # joins it and it is unregistered. This is similar to Asuka's + # autochanmodes. defaultmodes="nt" + + # moronbanner: This is the text that is sent to a user when they are + # banned from the server. moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." - exemptchanops=""> + + # invitebypassmodes: This allows /invite to bypass other channel modes. + # (Such as +k, +j, +l, etc) + invitebypassmodes="yes"> #-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# # # -# maxwho - The maximum number of results returned by a /WHO # -# query. This is to prevent /WHO being used as a # -# spam vector or means of flooding an ircd. The # -# default is 128, it is not recommended to raise it # -# above 1024. Values up to 65535 are permitted. If # -# this value is omitted, any size WHO is allowed by # -# anyone. # -# # -# somaxconn - The maximum number of sockets that may be waiting # -# in the accept queue. This usually allows the ircd # -# to soak up more connections in a shorter space of # -# time when increased but please be aware there is a # -# system defined maximum value to this, the same way # -# there is a system defined maximum number of file # -# descriptors. Some systems may only allow this to # -# be up to 5 (ugh) while others such as FreeBSD will # -# default to a much nicer 128. # -# # -# softlimit - This optional feature allows a defined softlimit. # -# if defined sets a soft maxconnections value, has # -# to be less than the ./configure maxclients # -# # -# nouserdns - If set to yes, true or 1, no user DNS lookups # -# will be performed for connecting users. This can # -# save a lot of resources on very busy IRC servers. # -# # -# quietbursts - When synching or splitting from the network, a # -# server can generate a lot of connect and quit # -# snotices to the +C and +Q snomasks. Setting this # -# value to yes squelches those messages, which can # -# make them more useful for opers, however it will # -# degrade their use by certain third party programs # -# such as BOPM which rely on them to scan users when # -# a split heals in certain configurations. # -# # -# netbuffersize - Size of the buffer used to receive data from # -# clients. The ircd may only read() this amount # -# of text in one go at any time. (OPTIONAL) # -# # - #-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # # -# announceinvites # -# - If this option is set, then invites are announced # -# to the channel when a user invites another user. # -# If you consider this to be unnecessary noise, # -# set this to 'none'. To announce to all ops, set # -# this to 'ops' and to announce to all users set the # -# value to 'all'. # -# # -# The value 'dynamic' varies between 'ops' and 'all' # -# settings depending on if the channel is +i or not. # -# When the channel is +i, messages go only to ops, # -# and when the channel is not +i, messages go to # -# everyone. In short, the messages will go to every # -# user who has power of INVITE on the channel. This # -# is the recommended setting. # -# # -# disablehmac - If you are linking your InspIRCd to older versions # -# then you can specify this option and set it to # -# yes. 1.1.6 and above support HMAC and challenge- # -# response for password authentication. These can # -# greatly enhance security of your server to server # -# connections when you are not using SSL (as is the # -# case with a lot of larger networks). Linking to # -# older versions of InspIRCd should not *usually* be # -# a problem, but if you have problems with HMAC # -# authentication, this option can be used to turn it # -# off. # -# # -# hidemodes - If this option is enabled, then the listmodes # -# given (e.g. +eI), will be hidden from users below # -# halfop. This is not recommended to be set on mode # -# +b, as it may break some features in popular # -# clients such as mIRC. # -# # -# hidesplits - When set to 'yes', will hide split server names # -# from non-opers. Non-opers will see '*.net *.split' # -# instead of the server names in the quit message, # -# identical to the way IRCu displays them. # -# # -# hidebans - When set to 'yes', will hide gline, kline, zline # -# and qline quit messages from non-opers. For # -# example, user A who is not an oper will just see # -# (G-Lined) while user B who is an oper will see the # -# text (G-Lined: Reason here) instead. # -# # -# hidewhois - When defined with a non-empty value, the given # -# text will be used in place of the user's server # -# in WHOIS, when a user is WHOISed by a non-oper. # -# For example, most nets will want to set this to # -# something like '*.netname.net' to conceal the # -# actual server the user is on. # -# # -# flatlinks - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, /MAP and /LINKS # -# will be flattened when shown to a non-opers. # -# # -# hideulines - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, then U-lined # -# servers will be hidden in /LINKS and /MAP for non # -# opers. Please be aware that this will also hide # -# any leaf servers of a U-lined server, e.g. jupes. # -# # -# userstats - The userstats field is optional and specifies # -# which stats characters in /STATS may be requested # -# by non-operators. Stats characters in this field # -# are case sensitive and are allowed to users # -# independent of if they are in a module or the core # -# # -# operspywhois - If this is set then when an IRC operator uses # -# /WHOIS on a user they will see all channels, even # -# ones if channels are secret (+s), private (+p) or # -# if the target user is invisible +i. # -# # -# customversion - If you specify this configuration item, and it is # -# not set to an empty value, then when a user does # -# a /VERSION command on the ircd, this string will # -# be displayed as the second portion of the output, # -# replacing the system 'uname', compile flags and # -# socket engine/dns engine names. You may use this # -# to enhance security, or simply for vanity. # -# # -# maxtargets - The maxtargets field is optional, and if not # -# defined, defaults to 20. It indicates the maximum # -# number of targets which may be given to commands # -# such as PRIVMSG, KICK etc. # -# # -# hidekills - The hidekills value, if set, replaces the source # -# of all oper-generated kills to be the given text # -# to provide anonimity to your opers. # -# # -