X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Finspircd.conf.example;h=3ea4d4190ebccc3a97a397a1c0b1fc9f47c6cf7c;hb=d5207987511ac58cb8e7496128b8811c93c5180e;hp=82c1a41ddb60b5105a28ebfe64b9a5e0b2d48ab9;hpb=aad6521747bf528a3098477666cb06e76bd718ba;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example index 82c1a41dd..b4c49332d 100644 --- a/docs/inspircd.conf.example +++ b/docs/inspircd.conf.example @@ -20,10 +20,7 @@ # This is an example of the config file for InspIRCd. # # Change the options to suit your network # # # -# Last updated on : 04/09/2006 # -# Written by : CC (cc@backchat.co.za) # -# Updated by : katsklaw (katsklaw@gmail.com) # -# Updated by : brain (brain@inspircd.org) # +# $Id$ # # # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # @@ -51,8 +48,33 @@ # # # # # # +# The server name should be a syntactically valid hostname, with at # +# least one '.', and does not need to resolve to an IP address. # +# # +# The description is freeform text. Remember you may put quotes in # +# this field by escaping it using \". # +# # +# The network field indicates the network name given in on connect # +# to clients. It is used by many clients such as mIRC to select a # +# perform list, so it should be identical on all servers on a net # +# and should not contain spaces. # +# # +# The server ID is optional, and if omitted automatically calculated # +# from the server name and description. This is similar in # +# in behaviour to the server id on ircu and charybdis ircds. # +# You should only need to set this manually if there is a collision # +# between two server ID's on the network. The server ID must be # +# three digits or letters long, of which the first digit must always # +# be a number, and the other two letters may be any of 0-9 and A-Z. # +# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # +# QFX and 5eR are not. Remember, in most cases you will not need to # +# even set this value, it is calculated for you from your server # +# name and description. Changing these will change your auto- # +# generated ID. # +# # # # # - + #-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # # Enter the port and address bindings here. # # # -# bind address - specifies which address ports bind to. Leaving this # -# field blank binds the port to all IPs available. # +# bind address - Specifies which address ports bind to. Leaving this # +# field blank binds the port to all IP's available. # # # # port - The port number to bind to. You may specify a port # # range here, e.g. "6667-6669,7000,7001". If you do # # this, the server will count each port within your # -# range as a seperate binding, making the above # -# example equivalent to five seperate bind tags. # +# range as a separate binding, making the above # +# example equivalent to five separate bind tags. # # A failure on one port in the range does not prevent # # the entire range from being bound, just that one # # port number. # # # -# type - can be 'clients' or 'servers'. The clients type is # -# a standard tcp based socket, the servers type is a # +# type - Can be 'clients' or 'servers'. The clients type is # +# a standard TCP based socket, the servers type is a # # also a TCP based connection but of a different # # format. SSL support is provided by modules, to # # enable SSL support, please read the module section # # of this configuration file. # # # +# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so # +# modules, you must define this value to use ssl on # +# that port. Valid values are 'gnutls' or 'openssl' # +# respectively. If the module is not loaded, this # +# setting is ignored. # +# # +# transport - If you have m_spanningtree.so loaded, along with # +# either one of the SSL modules (m_ssl_gnutls or # +# m_ssl_openssl) or m_ziplinks.so, then you may make # +# use of this value. # +# Setting it to 'openssl' or 'gnutls' or 'zip' # +# indicates that the port should accept connections # +# using the given transport name. Transports are # +# layers which sit on top of a socket and change the # +# way data is sent and received, e.g. encryption, # +# compression, and other such things. Because this # +# may not be limited in use to just encryption, # +# the 'ssl' value used for client ports does not # +# exist for servers, and this value is used instead. # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # @@ -105,7 +146,7 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree module! Please see the modules list below for # +# m_spanningtree.so module! Please see the modules list below for # # information on how to load this module! If you do not load this # # module, server ports will NOT be bound! # # # @@ -113,24 +154,41 @@ # # # Syntax is as follows: # # # -# # -# # +# # +# # +# # +# If InspIRCd is built for IPv6, and you wish to accept IPv4 clients, # +# then you can specify IPv4 ip addresses here to bind. You may also # +# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPv4 # +# address to bind the port, but as of InspIRCd 1.1.1, this is not # +# required. # +# # +# ------------------------------------------------------------------- # # # -# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, # -# then you must specify your IPV6 clients in the following form: # -# ::ffff:1.2.3.4, where 1.2.3.4 is the IPV4 address to bind the # -# port on. If InspIRCd is built for IPV4 connections (this is the # -# default) then you do not need to prefix your addresses like this. # +# PLEASE NOTE: If you have build InspIRCd as an IPv6 server, and you # +# specify an empty bind address, the binding will be bound to ALL THE # +# IPv6 IP ADDRESSES, and not the IPv4 addresses. If you are using an # +# IPv6 enabled InspIRCd and want to bind to multiple IPv4 addresses # +# in this way, you must specify them by hand. If you have built the # +# server for IPv4 connections only, then specifying an empty bind # +# address binds the port to all IPv4 IP addresses, as expected. # # # - + + + +# When linking servers, the openssl and gnutls transports are largely +# link-compatible and can be used alongside each other or either/or +# on each end of the link without any significant issues. + + #-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- # # # You can configure the passwords here which you wish to use for # -# the die and restart commands. Only trusted ircops who will # +# the die and restart commands. Only trusted IRCop's who will # # need this ability should know the die and restart password. # # # # Syntax is as follows: # @@ -138,7 +196,7 @@ # pause="secs before dying"> # # # - + #-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -152,40 +210,62 @@ # config file inspircd.conf, unless the filename starts with a forward# # slash (/) in which case it is treated as an absolute path. # # # +# You may also include an executable file, in which case if you do so # +# the output of the executable on the standard output will be added # +# to your config at the point of the include tag. # +# # # Syntax is as follows: # # # +# # # # #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # This is where you can configure which connections are allowed # -# and denied access onto your server. # -# The password is optional. # -# You may have as many of these as you require. # -# To allow/deny all connections use a * # +# and denied access onto your server. The password is optional. # +# You may have as many of these as you require. To allow/deny all # +# connections, use a '*' or 0.0.0.0/0. # # # # Syntax is as follows: # # # -# # -# # -# # -# # -# # -# # -# # -# # +# # +# # +# # +# # +# # # # # IP masks may be specified in CIDR format or wildcard format, # -# for IPV4 and IPV6. # +# for IPv4 and IPv6. You *cannot* use hostnames in the allow or # +# deny field, as the state is applied before the user's DNS has # +# been resolved. # +# # +# You can optionally name your connect allow/deny tags. If you do # +# this, you may reference this connect tag as the parent of another # +# connect tag with the option as shown above. If # +# you do this, any options not explicitly specified in the tag will # +# be copied from the parent. # +# # +# If the value maxchans is included, this overrides all other max # +# channels related settings, including the separate oper maximum. # +# You may set this to any (sane) value you wish and it applies to # +# all users within this connect tag. # # # # You may optionally include timeout="x" on any allow line, which # # specifies the amount of time given before an unknown connection # -# is closed if USER/NICK/PASS are not given. This value is in secs # +# is closed if USER/NICK/PASS are not given. This value is in secs. # +# # +# You may optionally limit the number of clients that are matched # +# by a single tag by specifying the maximum in the limit # +# parameter. If set to 0, there is no limit, which is the default. # # # # You should also include a flood="x" line which indicates # # the number of lines a user may place into their buffer at once # # before they are disconnected for excess flood. This feature can # -# not be disabled, however it can be set to exremely high values, # +# not be disabled, however it can be set to extremely high values, # # rendering it effectively disabled. A recommended value is 10. # # A counter is maintained for each user which is reset every # # 'threshold' seconds and specifying this threshold value with # @@ -198,17 +278,16 @@ # settings as shown in the full example below. # # The ping frequency is specified in seconds, and the sendq size # # in bytes. It is recommended, although not enforced, that you # -# should never set your sendq size to less than 8k. Send Queues are # +# should never set your sendq size to less than 8K. Send Queues are # # dynamically allocated and can grow as needed up to the maximum # # size specified. # # # # The optional recvq value is the maximum size which users in this # # group may grow their receive queue to. This is recommended to be # # kept pretty low compared to the sendq, as users will always # -# recieve more than they send in normal circumstances. The default # +# receive more than they send in normal circumstances. The default # # if not specified is 4096. # # # -# IMPORTANT NOTE, CALL THE CONFUSION POLICE! # # The sendq is the data waiting to be sent TO THE USER. # # The recvq is the data being received FROM THE USER. # # The names sendq and recvq are from the SERVER'S PERSPECTIVE not # @@ -225,9 +304,29 @@ # but if they can connect again to B, there are three. You get the # # idea (i hope). # # # +# The optional port value determines which port the connect tag is # +# handling. If left out the connect tag covers all bound ports else # +# only incoming connections on the specified port will match. Port # +# tags may be used on connect allow and connect deny tags. # +# # +# The limit value determines the maximum number of users which may # +# be in this class. Combine this with CIDR masks for various ISP # +# subnets to limit the number of users which may connect at any one # +# time from a certain ISP. Omit this value to not limit the tag. # +# # - - + + + @@ -235,14 +334,22 @@ #-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # -# Classes are a group of commands which are grouped together # -# and given a unique name. They used to define which commands # +# Classes are a group of commands which are grouped together and # +# given a unique name. They're used to define which commands # # are available to certain types of Operators. # # # # Syntax is as follows: # # # -# # +# # # # +# The name value indicates a name for this class. # +# The commands value indicates a list of one or more commands that # +# are allowed by this class (see also 'READ THIS BIT' below). # +# The usermodes and chanmodes values indicate lists of usermodes and # +# channel modes this oper can execute. This only applies to modes # +# that are marked oper-only such as usermode +Q and channelmode +O. # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # @@ -259,11 +366,11 @@ # however it is provided for fast configuration (e.g. in test nets) # # # - - - - - + + + + + #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# @@ -272,17 +379,17 @@ # your server, as well as the commands they are allowed to use. # # This works alongside with the classes specified above. # # # -# type name - a name for the combined class types # +# type name - A name for the combined class types. # # a type name cannot contain spaces, however if you # # put an _ symbol in the name, it will be translated # # to a space when displayed in a WHOIS. # # # -# classes - specified above, used for flexibility for the # +# classes - Specified above, used for flexibility for the # # server admin to decide on which operators get # # what commands. Class names are case sensitive, # -# seperate multiple class names with spaces. # +# separate multiple class names with spaces. # # # -# host - optional hostmask operators will recieve on oper-up. # +# host - Optional hostmask operators will receive on oper-up. # # # # Syntax is as follows: # # # @@ -307,20 +414,20 @@ #-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # Opers are defined here. This is a very important section. # -# Remember to only make operators out of truthworthy people. # +# Remember to only make operators out of trust worthy people. # # # -# name - oper name, This is case sensitive, so it is best to # +# name - Oper name, this is case sensitive, so it is best to # # use lower-case. # # # -# password - password to oper-up, also case sensitive. # +# password - Password to oper-up, also case sensitive. # # encryption is supported via modules. You may load # # modules for MD5 or SHA256 encryption, and if you do, # # this value will be a hash value, otherwise put a # # plaintext password in this value. # # # -# host - hosts of client allowed to oper-up. # -# wildcards accepted, seperate multiple hosts with a # -# space. You may also specify CIDR ip addresses. # +# host - Hosts of client allowed to oper-up. # +# wildcards accepted, separate multiple hosts with a # +# space. You may also specify CIDR IP addresses. # # # # fingerprint - When using the m_ssl_oper_cert.so module, you may # # specify a key fingerprint here. This can be obtained # @@ -329,7 +436,7 @@ # connect to the ircd using a client certificate, # # and will lock this oper block to only the user who # # has that specific key/certificate pair. # -# This enhances security a great deal, however it # +# this enhances security a great deal, however it # # requires that opers use clients which can send ssl # # client certificates, if this is configured for that # # oper. Note that if the m_ssl_oper.so module is not # @@ -337,7 +444,7 @@ # is not loaded, this configuration option has no # # effect and will be ignored. # # # -# type - Sefines the kind of operator. This must match a type # +# type - Defines the kind of operator. This must match a type # # tag you defined above, and is case sensitive. # # # # Syntax is as follows: # @@ -348,11 +455,10 @@ # type="oper type"> # # # - + #-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-# @@ -360,15 +466,15 @@ # Defines which servers can link to this one, and which servers this # # server may create outbound links to. # # # -# name - The name is the canocial name of the server, does # +# name - The name is the canonical name of the server, does # # not have to resolve - but it is expected to be set # # in the remote servers connection info. # # # -# ipaddr - Valid host or ip address for remote server. These # +# ipaddr - Valid host or IP address for remote server. These # # hosts are resolved on rehash, and cached, if you # -# specify a hostname, so if you find that your server # +# specify a hostname; so if you find that your server # # is still trying to connect to an old IP after you # -# have updated your dns, try rehashing and then # +# have updated your DNS, try rehashing and then # # attempting the connect again. # # # # port - The TCP port for the remote server. # @@ -382,18 +488,23 @@ # autoconnect - Sets the server to autoconnect. Where x is the num. # # (optional) of seconds between attempts. e.g. 300 = 5 minutes. # # # -# encryptionkey - Encryption key to be used for AES encryption, where # -# supported. Links using the spanning tree protocol # -# support AES. The encryption key must be EXACTLY 8, # -# 16 or 32 characters in length for a 64, 128 or 256 # -# bit key, respectively. # -# # -# hidden - When using m_spanningtree.so for linking. you may # +# transport - If defined, this is a transport name implemented by # +# another module. Transports are layers on top of # +# plaintext connections, which alter them in certain # +# ways. Currently the three supported transports are # +# 'openssl' and 'gnutls' which are types of SSL # +# encryption, and 'zip' which is for compression. # +# If you define a transport, both ends of the # +# connection must use a compatible transport for the # +# link to succeed. OpenSSL and GnuTLS are link- # +# compatible with each other. # +# # +# statshidden - When using m_spanningtree.so for linking. you may # # set this to 'yes', and if you do, the IP address/ # # hostname of this connection will NEVER be shown to # -# any opers on the network. In /STATS c its address # +# any opers on the network. In /stats c its address # # will show as *@, and during CONNECT and # -# inbound connections, its IP will show as # +# inbound connections, it's IP will show as # # UNLESS the connection fails (e.g. due to a bad # # password or servername) # # # @@ -428,7 +539,33 @@ # seconds. If this is not defined, the default of ten # # seconds is used. # # # -# to u:line a server (give it extra privilages required for running # +# bind - If you specify this value, then when creating an # +# outbound connection to the given server, the IP you # +# place here will be bound to. This is for multi- # +# homed servers which may have multiple IP addresses. # +# if you do not define this value, the first IP that # +# is not empty or localhost from your tags # +# will be bound to. This is usually acceptable, # +# however if your server has multiple network cards # +# then you may have to manually specify the bind # +# value instead of leaving it to automatic binding. # +# you can usually tell if you need to set this by # +# looking for the error 'Could not assign requested # +# address' in your log when connecting to servers. # +# # +# hidden - If this is set to true, yes, or 1, then the server # +# is completely hidden from non-opers. It does not # +# show in /links and it does not show in /map. Also, # +# any servers which are child servers of this one # +# in the network will *also* be hidden. Use with # +# care! You can use this to 'mask off' sections of # +# the network so that users only see a small portion # +# of a much larger net. It should NOT be relied upon # +# as a security tool, unless it is being used for # +# example to hide a non-client hub, for which clients # +# do not have an IP address or resolvable hostname. # +# # +# To u:line a server (give it extra privileges required for running # # services, Q, etc) you must include the tag as shown # # in the example below. You can have as many of these as you like. # # # @@ -436,11 +573,17 @@ # that server to operoverride modes. This should only be used for # # services and protected oper servers! # # # -# NOTE: If you have built InspIRCd with IPV6 support, and you want # -# to link to an IPV4 server, you must specify the IP address in the # -# form '::ffff:1.2.3.4' where 1.2.3.4 is the IP address of the target # -# server. If you have built InspIRCd for IPV4 (this is the default) # -# you should not prefix your IP addresses in this fashion. # +# ------------------------------------------------------------------- # +# # +# NOTE: If you have built your server as an IPv6 server, then when a # +# DNS lookup of a server's host occurs, AAAA records (IPv6) are # +# prioritised over A records (IPv4). Therefore, if the server you are # +# connecting to has both an IPv6 IP address and an IPv4 IP address in # +# its DNS entry, the IPv6 address will *always* be selected. To # +# change this behaviour simply specify the IPv4 IP address rather # +# than the hostname of the server. # +# # +# ------------------------------------------------------------------- # # # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # @@ -449,48 +592,83 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree module! Please see the modules list below for # +# m_spanningtree.so module! Please see the modules list below for # # information on how to load this module! If you do not load this # # module, server links will NOT work! # # # +# Also, if you define any transports, you must load the modules for # +# these transports BEFORE you load m_spanningtree, e.g. place them # +# above it in the configuration file. Currently this means the three # +# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on # +# which you choose to use. # +# # + ipaddr="penguin.box.com" + port="7000" + allowmask="69.58.44.0/24" + autoconnect="300" + failover="hub.other.net" + timeout="15" + transport="gnutls" + bind="1.2.3.4" + statshidden="no" + hidden="no" + sendpass="outgoing!password" + recvpass="incoming!password"> + ipaddr="localhost" + port="7000" + allowmask="127.0.0.0/8" + sendpass="penguins" + recvpass="polarbears"> - + +#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# This tag defines a ulined server. A U-Lined server has special # +# permissions, and should be used with caution. Services servers are # +# usually u-lined in this manner. # +# # +# The 'silent' value, if set to yes, indicates that this server should# +# not generate quit and connect notices, which can cut down on noise # +# to opers on the network. # +# # + #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # # These options let you define the path to your motd and rules # # files. If these are relative paths, they are relative to the # -# configurtion directory. # +# configuration directory. # # # - + + +#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional configuration tag lets you define the maximum number # +# of channels that both opers and users may be on at any one time. # +# The default is 20 for users and 60 for opers if this tag is not # +# defined. Remote users are not restricted in any manner. # +# # + + #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Define your DNS server address here. InspIRCd has its own resolver. # -# If you do not define this value, the first dns server from your # -# /etc/resolv.conf file is read. If no entries are found in this file # -# or the file cannot be opened, the default value '127.0.0.1' is used # -# instead. The timeout value is in seconds. # +# If you do not define this value, then InspIRCd will attempt to # +# determine your DNS server from your operating system. On POSIX # +# platforms, InspIRCd will read /etc/resolv.conf, and populate this # +# value with the first DNS server address found. On Windows platforms # +# InspIRCd will check the registry, and use the DNS server of the # +# first active network interface, if one exists. # +# If a DNS server cannot be determined from these checks, the default # +# value '127.0.0.1' is used instead. The timeout value is in seconds. # # # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # @@ -500,34 +678,31 @@ # # # When choosing a server, be sure to choose one which will do a # # RECURSIVE LOOKUP. InspIRCd's resolver does not currently do these # -# recursive lookups itself, to save time and resources. The dns # +# recursive lookups itself, to save time and resources. The DNS # # server recommended by the InspIRCd team is bind, available from the # # ISC website. If your DNS server does not do a recursive lookup, you # # will be able to notice this by the fact that none of your users are # # resolving even though the DNS server appears to be up! Most ISP and # # hosting provider DNS servers support recursive lookups. # # # -# NOTE: If you have built InspIRCd with IPV6 support, and you want # -# to use an IPV4 nameserver, you must specify the IP address in the # -# form '::ffff:1.2.3.4' where 1.2.3.4 is the IP address of the target # -# server. If you have built InspIRCd for IPV4 (this is the default) # -# you should not prefix your IP addresses in this fashion. # +# ------------------------------------------------------------------- # # # -# IF YOUR RESOLV.CONF CONTAINS ONLY IPV4 ADDRESSES, AND YOU ARE USING # -# IPV6, YOU MUST DEFINE THE TAG, AND USE THE ::FFFF # -# PREFIX NOTATION. IF YOU DO NOT, HOSTS WILL *NOT* RESOLVE. # +# NOTE: If you have built InspIRCd with IPv6 support, then both # +# IPv6 and IPv4 addresses are allowed here, and also in the system # +# resolv.conf file. Remember that an IPv4 DNS server can still # +# resolve IPv6 addresses, and vice versa. # # # -# An example of using IPV4 nameservers over IPV6 -# +# An example of using an IPv6 nameserver +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Define the path to the PID file here. The PID file can be used to # # rehash the ircd from the shell or to terminate the ircd from the # -# shell using shell scripts, perl scripts etc, and to monitor the # +# shell using shell scripts, perl scripts, etc... and to monitor the # # ircd's state via cron jobs. If this is a relative path, it will be # # relative to the configuration directory, and if it is not defined, # # the default of 'inspircd.pid' is used. # @@ -538,7 +713,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Use these tags to customise the ban limits on a per channel basis. # -# the tags are read from top to bottom, and any tag found which # +# The tags are read from top to bottom, and any tag found which # # matches the channels name applies the banlimit to that channel. # # It is advisable to put an entry with the channel as '*' at the # # bottom of the list. If none are specified or no maxbans tag is # @@ -572,25 +747,42 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Settings to define which features are useable on your server. # +# Settings to define which features are usable on your server. # +# # +# prefixquit - A prefix to be placed on the start of a client's # +# quit message # +# # +# suffixquit - A suffix to be placed on the end of a client's # +# quit message. # +# # +# fixedquit - A fixed quit message to display for all client # +# QUITS. If specified, overrides both prefixquit # +# and suffixquit options. # +# # +# prefixpart - A prefix to be placed on the start of a client's # +# part message # # # -# prefixquit - a prefix for a client's quit message # +# suffixpart - A suffix to be placed on the end of a client's # +# part message. # # # -# loglevel - specifies what detail of messages to log in the # -# log file. You may select from debug, verbose, # -# default, sparse and none. # +# fixedpart - A fixed part message to display for all client # +# parts. If specified, overrides both prefixpart # +# and suffixpart options. # # # -# allowhalfop - allows the +h channel mode # +# allowhalfop - Allows the +h channel mode # # # # noservices - If noservices is true, yes, or 1, then the first # # user into a channel gets founder status. This is # # only useful on networks running the m_chanprotect # # module without services. # # # -# qaprefixes - If qaprefixes is true, yes, or 1, then users # -# with +q or +a will get the ~ or & prefixes # -# used in unreal. This is only useful on networks # -# running the m_chanprotect module # +# qprefix - qprefix is used by the chanprotect module to give # +# a visible prefix to users set +q (founder) in chan # +# It should be set to something sensible like ~ or ! # +# If not set, no prefix is applied to users with +q # +# # +# aprefix - aprefix is the same as qprefix, except it is for # +# giving users with mode +a (protected) a prefix # # # # deprotectself - If this value is set to yes, true, or 1, then any # # user with +q or +a may remove the +q or +a from # @@ -598,6 +790,12 @@ # this feature, which stops even the founder taking # # away their founder status without using services. # # # +# deprotectothers-If this value is set to yes, true, or 1, then any # +# user with +q or +a may remove the +q or +a from # +# other users. The default setting is to not enable # +# this feature, so that only +q may remove +a, and # +# nothing but services may remove +q. # +# # # cyclehosts - If this is set to true, yes or 1, then when a # # user's hostname changes, they will appear to quit # # and then rejoin with their new host. This prevents # @@ -605,15 +803,90 @@ # especially in the case of bots, and it is # # recommended that this option is enabled. # # # -# netbuffersize - size of the buffer used to receive data from # -# clients. The ircd may only read() this amount # -# of text in one go at any time. (OPTIONAL) # +# moduledir - This optional value indicates a runtime change of # +# the location where modules are to be found. This # +# does not add a supplementary directory. There can # +# only be one module path. # +# # +# syntaxhints - If set to yes, true or 1, when a user does not # +# give enough parameters for a command, a syntax # +# hint will be given (using the RPL_TEXT numeric) # +# as well as the standard ERR_NEEDMOREPARAMS. # +# # +# announcets - If this value is defined to yes, true, or 1, then # +# a channels' timestamp is updated, the users on # +# the channel will be informed of the change via # +# a server notice to the channel with the old and # +# new TS values in the timestamp. If you think this # +# is just pointless noise, define the value to 0. # +# # +# ircumsgprefix - Use undernet style message prefix for channel # +# NOTICE and PRIVMSG adding the prefix to the line # +# of text sent out. Eg. NOTICE @#test :@ testing # +# vs. the off setting: NOTICE @#test :testing # +# # +# hostintopic - If this is set to yes (the default) then the full # +# nick!user@host is shown for who set a TOPIC last. # +# if set to no, then only the nickname is shown. # +# # +# serverpingfreq- This value, when set, allows you to change the # +# frequency of server to server PING messages. This # +# can help if you are having certain network issues. # +# # +# pingwarning - This should be set to a number between 1 and 59 if # +# defined, and if it is defined will cause the server# +# to send out a warning via snomask +l if a server # +# does not answer to PING after this many seconds. # +# This can be useful for finding servers which are # +# at risk of pinging out due to network issues. # +# # +# exemptchanops - This option allows channel operators to be exempted# +# from certain channel modes. # +# Supported modes are +SfFgNc. Defaults to off. # +# # +# defaultmodes - The default modes to be given to each channel on # +# creation. Defaults to 'nt'. There should be no + # +# or - symbols in this sequence, if you add them # +# they will be ignored. You may add parameters for # +# modes which take them. # +# # +# moronbanner - The NOTICE to show to users who are glined, zlined # +# klined or qlined when they are disconnected. This # +# is totally freeform, you may place any text here # +# you wish. # +# # + + + + +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# # # # maxwho - The maximum number of results returned by a /WHO # # query. This is to prevent /WHO being used as a # # spam vector or means of flooding an ircd. The # # default is 128, it is not recommended to raise it # -# above 1024. Values up to 65535 are permitted. # +# above 1024. Values up to 65535 are permitted. If # +# this value is omitted, any size WHO is allowed by # +# anyone. # # # # somaxconn - The maximum number of sockets that may be waiting # # in the accept queue. This usually allows the ircd # @@ -625,38 +898,70 @@ # be up to 5 (ugh) while others such as FreeBSD will # # default to a much nicer 128. # # # -# moduledir - This optional value indicates a runtime change of # -# the location where modules are to be found. This # -# does not add a supplementary directory. There can # -# only be one module path. # -# # # softlimit - This optional feature allows a defined softlimit. # # if defined sets a soft maxconnections value, has # # to be less than the ./configure maxclients # # # -# userstats - The userstats field is optional and specifies # -# which stats characters in /STATS may be requested # -# by non-operators. Stats characters in this field # -# are case sensitive and are allowed to users # -# independent of if they are in a module or the core # +# nouserdns - If set to yes, true or 1, no user DNS lookups # +# will be performed for connecting users. This can # +# save a lot of resources on very busy IRC servers. # # # -# operspywhois - If this is set then when an IRC operator uses # -# /WHOIS on a user they will see all channels, even # -# ones if channels are secret (+s), private (+p) or # -# if the target user is invisible +i. # +# quietbursts - When synching or splitting from the network, a # +# server can generate a lot of connect and quit # +# snotices to the +C and +Q snomasks. Setting this # +# value to yes squelches those messages, which can # +# make them more useful for opers, however it will # +# degrade their use by certain third party programs # +# such as BOPM which rely on them to scan users when # +# a split heals in certain configurations. # # # -# customversion - If you specify this configuration item, and it is # -# not set to an empty value, then when a user does # -# a /VERSION command on the ircd, this string will # -# be displayed as the second portion of the output, # -# replacing the system 'uname', compile flags and # -# socket engine/dns engine names. You may use this # -# to enhance security, or simply for vanity. # +# netbuffersize - Size of the buffer used to receive data from # +# clients. The ircd may only read() this amount # +# of text in one go at any time. (OPTIONAL) # # # -# maxtargets - The maxtargets field is optional, and if not # -# defined, defaults to 20. It indicates the maximum # -# number of targets which may be given to commands # -# such as PRIVMSG, KICK etc. # + + + +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# announceinvites # +# - If this option is set, then invites are announced # +# to the channel when a user invites another user. # +# If you consider this to be unnecessary noise, # +# set this to 'none'. To announce to all ops, set # +# this to 'ops' and to announce to all users set the # +# value to 'all'. # +# # +# The value 'dynamic' varies between 'ops' and 'all' # +# settings depending on if the channel is +i or not. # +# When the channel is +i, messages go only to ops, # +# and when the channel is not +i, messages go to # +# everyone. In short, the messages will go to every # +# user who has power of INVITE on the channel. This # +# is the recommended setting. # +# # +# disablehmac - If you are linking your InspIRCd to older versions # +# then you can specify this option and set it to # +# yes. 1.1.6 and above support HMAC and challenge- # +# response for password authentication. These can # +# greatly enhance security of your server to server # +# connections when you are not using SSL (as is the # +# case with a lot of larger networks). Linking to # +# older versions of InspIRCd should not *usually* be # +# a problem, but if you have problems with HMAC # +# authentication, this option can be used to turn it # +# off. # +# # +# hidemodes - If this option is enabled, then the listmodes # +# given (e.g. +eI), will be hidden from users below # +# halfop. This is not recommended to be set on mode # +# +b, as it may break some features in popular # +# clients such as mIRC. # # # # hidesplits - When set to 'yes', will hide split server names # # from non-opers. Non-opers will see '*.net *.split' # @@ -677,65 +982,95 @@ # actual server the user is on. # # # # flatlinks - When you are using m_spanningtree.so, and this # -# value is set to true, yes or 1, /MAP and /LINKS # -# will be flattened when shown to a non-oper. # +# value is set to yes, true or 1, /MAP and /LINKS # +# will be flattened when shown to a non-opers. # # # # hideulines - When you are using m_spanningtree.so, and this # -# value is set to true, yes or 1, then U-lined # -# servers will be hidden in /LINKS and /MAP. For non # +# value is set to yes, true or 1, then U-lined # +# servers will be hidden in /LINKS and /MAP for non # # opers. Please be aware that this will also hide # # any leaf servers of a U-lined server, e.g. jupes. # # # -# nouserdns - If set to 'yes', 'true' or '1', no user dns # -# lookups will be performed for connecting users. # -# this can save a lot of resources on very busy irc # -# servers. # +# userstats - The userstats field is optional and specifies # +# which stats characters in /STATS may be requested # +# by non-operators. Stats characters in this field # +# are case sensitive and are allowed to users # +# independent of if they are in a module or the core # # # -# syntaxhints - If set to 'yes', 'true' or '1', when a user does # -# not give enough parameters for a command, a syntax # -# hint will be given (using the RPL_TEXT numeric) # -# as well as the standard ERR_NEEDMOREPARAMS. # +# operspywhois - If this is set then when an IRC operator uses # +# /WHOIS on a user they will see all channels, even # +# ones if channels are secret (+s), private (+p) or # +# if the target user is invisible +i. # # # -# announcets - If this value is defined to 'yes', 'true' or '1', # -# then if a channel's timestamp is updated the users # -# on the channel will be informed of the change via # -# a server notice to the channel with the old and # -# new TS values in the timestamp. If you think this # -# is just pointless noise, define the value to 0. # +# customversion - If you specify this configuration item, and it is # +# not set to an empty value, then when a user does # +# a /VERSION command on the ircd, this string will # +# be displayed as the second portion of the output, # +# replacing the system 'uname', compile flags and # +# socket engine/dns engine names. You may use this # +# to enhance security, or simply for vanity. # # # -# notimesync - If this value is 'yes', 'true', or '1', time # -# synchronization is disabled on this server. This # -# means any servers you are linked to will not # -# automatically synchronize time with you, and in # -# most cases will just result in more bounced modes # -# on netsplits. This option should be the same on # -# all servers. # +# maxtargets - The maxtargets field is optional, and if not # +# defined, defaults to 20. It indicates the maximum # +# number of targets which may be given to commands # +# such as PRIVMSG, KICK etc. # # # - + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Logging +# ------- +# +# Logging is covered with the tag, which you may use to change +# the behaviour of the logging of the IRCd. +# +# In InspIRCd as of 1.2, logging is pluggable and very extensible. +# Different files can log the same thing, different 'types' of log can +# go to different places, and modules can even extend the log tag +# to do what they want. +# +# An example log tag would be: +# +# which would log all information on /oper (failed and successful) to +# a file called opers.log. +# +# There are many different types which may be used, and modules may +# generate their own. A list of useful types: +# - USERS - information relating to user connection and disconnection +# - CHANNELS - information relating to joining and parting of channels. +# XXX someone doc more on this +# +# You may also log *everything* by using a type of *, and subtract things out +# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT". +# +# Channel Logging +# --------------- +# +# I'm aware this would probably better belong in the modules section, but this +# is heavily interrelated to logging, and as such will be documented here. +# +# m_chanlog is one of the modules which can alter logging to it's own thing. +# An example of this may be: +# +# +# +# +# The following log tag is highly default and uncustomised. It is recommended you +# sort out your own log tags. This is just here so you get some output. + #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -804,6 +1139,29 @@ # # + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# MD5 Module - Allows other modules to generate MD5 hashes, usually for +# cryptographic uses and security. +# +# IMPORTANT: +# Other modules such as m_cloaking.so and m_opermd5.so may rely on +# this module being loaded to function. +# +# +# +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# SHA256 Module - Allows other modules to generate SHA256 hashes, +# usually for cryptographic uses and security. +# +# IMPORTANT: +# Other modules such as m_password_hash.so may rely on this module being +# loaded to function. Certain modules such as m_spanningtree.so will +# function without this module but when it is loaded their features will +# be enhanced (for example the addition of HMAC authentication). +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Alias module: Allows you to define server-side command aliases # @@ -815,9 +1173,23 @@ # commands to services, however they are not limited to just this use.# # An alias tag requires the following values to be defined in it: # # # -# text - The text to detect at the start of the line, # -# must be at the start of the line to trigger the # -# alias. Cant contain spaces, but case insensitive # +# text - The text to detect as the actual command line, # +# Cant contain spaces, but case insensitive. # +# You may have multiple aliases with the same # +# command name (text="" value), however the first # +# found will be executed if its format value is # +# matched, or it has no format value. Aliases are # +# read from the top of the file to the bottom. # +# # +# format - If this is defined, the parameters of the alias # +# must match this glob pattern. For example if you # +# want the first parameter to start with a # for # +# the alias to be executed, set format="#*" in the # +# alias definition. Note that the :'s which are # +# part of IRC formatted lines will be preserved # +# for matching of this text. This value is # +# optional. # +# # # replace - The text to replace 'text' with. Usually this # # will be "PRIVMSG ServiceName :$2-" or similar. # # You may use the variables $1 through $9 in the # @@ -829,14 +1201,16 @@ # command "foo bar baz qux quz" then $3- will hold # # "baz qux quz" and $2 will contain "bar". You may # # also use the special variables: $nick, $ident, # -# $host and $vhost, and you may seperate multiple # +# $host and $vhost, and you may separate multiple # # commands with \n. If you wish to use the ACTUAL # # characters \ and n together in a line, you must # # use the sequence "\\n". # +# # # requires - If you provide a value for 'requires' this means # # the given nickname MUST be online for the alias # # to successfully trigger. If they are not, then # # the user receives a 'no such nick' 401 numeric. # +# # # uline - Defining this value with 'yes', 'true' or '1' # # will ensure that the user given in 'requires' # # must also be on a u-lined server, as well as # @@ -844,6 +1218,7 @@ # online, but not on a u-lined server, then an # # oper-alert is sent out as this is possibly signs # # of a user trying to impersonate a service. # +# # # operonly - Defining this value, with a value of 'yes', '1' # # or true will make the alias oper only. If a non- # # oper attempts to use the alias, it will appear # @@ -855,7 +1230,23 @@ # # # -# +# +# An example of using the format value to create an alias with two +# different behaviours depending on the format of the parameters. +# +# +# +# +# +# This alias fixes a glitch in xchat 2.6.x and above and the way it +# assumes IDENTIFY must be prefixed by a colon (:) character. It should +# be placed ABOVE the default NICKSERV alias (the first example) listed +# above. +# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Alltime module: Shows time on all connected servers at once @@ -870,10 +1261,35 @@ # Antibottler module: Labels bottler leech bots # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Auditorium module: Adds channel mode +u which makes everyone else +# except you in the channel invisible, used for large meetings etc. +# +# +# Auditorium settings: +# +# +# +# showops: +# Setting this value to yes makes m_auditorium behave like unrealircd +# +u channel mode, e.g. ops see users joining, parting, etc, and users +# joining the channel see the ops. Without this flag, the mode acts +# like ircnet's +a (anonymous channels), showing only the user in the +# names list, and not even showing the ops in the list, or showing the +# ops that the user has joined. +# operoverride: +# Setting this value to yes makes m_auditorium affect the userlist for +# regular users only. Opers will view all users in the channel normally. + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ban except module: Adds support for channel ban exceptions (+e) # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Ban redirection module: Allows bans which redirect to a specified +# channel. e.g. +b nick!ident@host#channelbanneduserissentto +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Block amsg module: Attempt to block all usage of /amsg and /ame # @@ -892,8 +1308,24 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Block CAPS module: Blocking all-CAPS messages with cmode +P +# Block CAPS module: Blocking all-CAPS messages with cmode +B # +# # +#-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# percent - How many percent of text must be caps before text # +# will be blocked. # +# # +# minlen - The minimum length a line must be for the block # +# percent to have any effect. # +# # +# capsmap - A list of chars to be considered CAPS, this was # +# you can add CAPS for your language. Also you can # +# add things like ! and space to further lock down # +# on caps usage. # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Block colour module: Blocking colour-coded messages with cmode +c @@ -903,6 +1335,27 @@ # Botmode module: Adds the user mode +B # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# CallerID module: Adds usermode +g which activates hybrid-style +# callerid (== block all private messages unless you /accept first) +# +# +#-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# maxaccepts - Maximum number of entires a user can add to his # +# /accept list. Default is 16 entries. # +# operoverride - Can opers (note: ALL opers) ignore callerid mode? # +# Default is no. # +# tracknick - Preserve /accept entries when a user changes nick? # +# If no (the default), the user is removed from # +# everyone's accept list if he changes nickname. # +# cooldown - Amount of time (in seconds) that must pass since # +# the last notification sent to a user before he can # +# be sent another. Default is 60 (1 minute). # +# @@ -919,6 +1372,53 @@ # # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# CGI:IRC module: Adds support for automatic host changing in CGI:IRC +# (http://cgiirc.sourceforge.net). +# +# +#-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# +# Optional - If you specify to use m_cgiirc, then you must specify one +# or more cgihost tags which indicate authorised CGI:IRC servers which +# will be connecting to your network, and an optional cgiirc tag. +# For more information see: http://www.inspircd.org/wiki/CGI-IRC_Module +# +# Set to yes if you want to notice opers when CGI clients connect +# +# +# The type field indicates where the module should get the real +# client's IP address from, for further information, please see the +# CGI:IRC documentation. +# +# Old style: +# # Get IP from PASS +# # Get IP from ident +# # See the docs +# New style: +# # Get IP from WEBIRC +# +# IMPORTANT NOTE: +# --------------- +# +# When you connect CGI:IRC clients, there are two connect classes which +# apply to these clients. When the client initially connects, the connect +# class which matches the cgi:irc site's host is checked. Therefore you +# must raise the maximum local/global clients for this ip as high as you +# want to allow cgi clients. After the client has connected and is +# determined to be a cgi:irc client, the class which matches the client's +# real IP is then checked. You may set this class to a lower value, so that +# the real IP of the client can still be restricted to, for example, 3 +# sessions maximum. +# + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Channel create module: Adds snomask +j, which will notify opers of +# any new channels that are created +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel filter module: Allows channel-op defined message # filtering using simple string matches (channel mode +g) @@ -928,39 +1428,97 @@ # Chanprotect module: gives +q and +a channel modes # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Check module: gives /check +# Check is useful for looking up information on channels, +# users, IP addresses and hosts. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGHOST module: Adds the /CHGHOST command # +# +#-#-#-#-#-#-#-#-# /CHGHOST - /SETHOST CONFIGURATION #-#-#-#-#-#-#-#-# +# Optional - If you want to use special chars for hostnames you can # +# specify your own custom list of chars with the tag: # +# # +# charmap - A list of chars accepted as valid by the /CHGHOST # +# and /SETHOST commands. Also note that the list is # +# case-sensitive. # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGIDENT module: Adds the /CHGIDENT command # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Cloaking module: Adds usermode +x and cloaking support +# CHGNAME module: Adds the /CHGNAME command +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Cloaking module: Adds usermode +x and cloaking support. +# Relies on the module m_md5.so being loaded before m_cloaking.so in +# the configuration file. # # #-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # -# Optional - If ypu specify the m_cloaking.so module as above, you # +# Optional - If you specify the m_cloaking.so module as above, you # # must define cloak keys, and optionally a cloak prefix as shown # # below. When using cloaking, the cloak keys are MANDITORY and must # # be included. However, if prefix is not included, it will default # -# to your networks name from the tag. # +# to your networks name from the tag. You can also include # +# the following optional values: # +# # +# ipalways - Always cloak the IP address, not the hostname, # +# which doesn't reveal the user's ISP, but # +# results in hosts that are harder to read and # +# ban. # +# # +# lowercase - Display the cloaked hostnames in lowercase # +# characters instead of uppercase # # # -# # +# # # # # Please note that the key values will accept any number, and should # # be large numbers. Using small numbers such as "7" or "1924" will # -# seriously weaken the security of your cloak. # +# seriously weaken the security of your cloak. It is recommended you # +# use hexdecimal numbers prefixed by "0x", as shown in this example, # +# with each key eight hex digits long. # + +#-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Close module: Allows an oper to close all unregistered connections. +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Clones module: Adds an oper command /CLONES for detecting cloned +# users. Warning: This module may be resource intensive when its +# command is issued, use with care. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Conn-Lusers: Shows the LUSERS output on connect -# +# Common channels module: Adds user mode +c, which, when set, requires +# that users must share a common channel with you to PRIVMSG or NOTICE +# you. +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Conn-Join: Allows you to force users to join one or more channels +# automatically upon connecting to the server. +# +# +#-#-#-#-#-#-#-#-#-#-#-#- CONNJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# +# If you have m_conn_join.so loaded, you can configure it using the +# follow values: +# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Conn-Usermodes: Set modes on users when they connect @@ -986,6 +1544,24 @@ # # # + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Channel cycle module. Server side /hop, with +ilk etc bypass. +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Connectban: Provides per-IP connection throttling. Any IP that disconnects +# too many times (configurable) in an hour is zlined for a (configurable) +# duration, and their count resets to 0. +# +# NOTE: This module may change name/behaviour later in 1.2. Please make sure +# you read release announcements! +# +# +# This allows for 10 quits in an hour with a 10 minute ban if that is exceeded. +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Connection throttle module. Configuration: # @@ -1006,6 +1582,22 @@ # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Custom title module: Adds the /TITLE command which allows for trusted +# users to gain a custom whois line and a optional +# vhost can be specified. +# +# +#-#-#-#-#-#-#-#-#-#- CUSTOM TITLE CONFIGURATION -#-#-#-#-#-#-#-#-#-# +# name - The username used to identify +# password - The password used to identify +# host - Allowed hostmask [optional] +# title - Title shown in whois +# vhost - Displayed host [optional] +# +# +#<title name="bar" password="foo" host="ident@host.name" title="Official Chat Helper" vhost="helper.network.chat"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DCCALLOW module: Adds the /DCCALLOW command #<module name="m_dccallow.so"> @@ -1027,6 +1619,19 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Deaf module: adds support for ircu style usermode +d - deaf to +# channel messages and channel notices. +#<module name="m_deaf.so"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Delay join module: Adds the channel mode +D which delays all JOIN +# messages from users until they speak. If they quit or part before +# speaking, their quit or part message will not be shown to the channel +# which helps cut down noise on large channels in a more friendly way +# than the auditorium mode. Only channel ops may set the +D mode. +#<module name="m_delayjoin.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Deny Channels: Deny Channels from being used by users #<module name="m_denychans.so"> @@ -1036,18 +1641,36 @@ # If you have the m_denychans.so module loaded, you need to specify # # the channels to deny: # # # -# name - The channel name to deny. # +# name - The channel name to deny. (glob masks are ok) # # # # allowopers - If operators are allowed to override the deny. # # # # reason - Reason given for the deny. # # # -#<badchan name="#gods" allowopers="yes" reason="Tortoises!"> +# redirect - Redirect the user to a different channel # +# # +#<badchan name="#gods*" allowopers="yes" reason="Tortoises!"> # +#<badchan name="#heaven" redirect="#hell" reason="Nice try!"> # +# # +# Redirects will not work if the target channel is set +L. # +# # +# Additionally, you may specify channels which are allowed, even if # +# a badchan tag specifies it would be denied: # +#<goodchan name="#godsleeps"> # +# Glob masks are accepted here also. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Devoice Module: Let users devoice themselves. #<module name="m_devoice.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# DNS Blacklist Module: Provides support for looking up IPs on one or # +# more blacklists. # +#<module name="m_dnsbl.so"> # +# # +# For configuration options please see the wiki page for m_dnsbl at # +# http://inspircd.org/wiki/DNS_Blacklist_Module # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Filter module: Provides glob-based message filtering #<module name="m_filter.so"> @@ -1069,6 +1692,23 @@ # Foobar module: does nothing - historical relic #<module name="m_foobar.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# GeoIP module: Allows the server admin to ban users by country code. +#<module name="m_geoip.so"> +# +#-#-#-#-#-#-#-#-#-#-#-# GEOIP CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# # +# <geoip banunknown="false"> # +# # +# Set this value to true or yes to block unknown IP ranges which are # +# not in the database (usually LAN addresses, localhost, etc) # +# # +# <geoban country="TR" reason="This country not permitted"> # +# # +# Use one or more of these tags to ban countries by country code. # +# The country code must be in capitals and should be an ISO country # +# code such as TR, GB, or US. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: gives /GLOBOPS and usermode +g #<module name="m_globops.so"> @@ -1109,10 +1749,11 @@ # Optional - If you choose to use the m_hostchange.so module. # # Config Help - See http://www.inspircd.org/wiki/Host_Changer_Module # # # -#<host suffix="polarbears.org"> +#<host suffix="polarbears.org" separator="." prefix=""> #<hostchange mask="*@fbi.gov" action="addnick"> #<hostchange mask="*r00t@*" action="suffix"> #<hostchange mask="a@b.com" action="set" value="blah.blah.blah"> +#<hostchange mask="localhost" ports="7000,7001,7005-7007" action="set" value="blahblah.foo"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # httpd module: Provides http server support for InspIRCd @@ -1131,6 +1772,26 @@ # HTTP server. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# http ACL module: Provides access control lists for m_httpd dependent +# modules. Use this module to restrict pages by IP address and by +# password. +# +#<module name="m_httpd_acl.so"> +# +#-#-#-#-#-#-#-#-#-#-#-#- HTTPD ACL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# +# Restrict access to the m_httpd_stats module to all but the local +# network and when the correct password is specified: +# +# <httpdacl path="/stats*" types="password,whitelist" +# password="mypasshere" whitelist="127.0.0.*,10.*"> +# +# Deny all connections to all but the main index page: +# +# <httpdacl path="/*" types="blacklist" blacklist="*"> +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # http stats module: Provides basic stats pages over HTTP # Requires m_httpd.so to be loaded for it to function. @@ -1151,17 +1812,33 @@ # specify the timeout for ident lookups here. If not defined, it will # # default to one second. This is a non-blocking timeout which holds # # the user in a 'connecting' state until the lookup is complete. # +# The bind value indicates which IP to bind outbound requests to. # # # -#<ident timeout="5"> +#<ident timeout="5" bind=""> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Invite except module: Adds support for channel invite exceptions (+I) #<module name="m_inviteexception.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Invisible module - Adds support for usermode +Q (quiet) which lets an +# oper go 'invisible' similar to unrealircd 3.1's +I mode. Note that +# opers are still able to see invisible users, and if an oper with +Q +# deopers, they will become visible. +# +# IMPORTANT NOTE: To allow this mode to be used by a type of oper, you +# must first add the value canquiet="yes" to that oper's type tag. +# +#<module name="m_invisible.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection (+j) #<module name="m_joinflood.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Jump Server module: Adds support for the RPL_REDIR numeric +#<module name="m_jumpserver.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Anti-Auto-Rejoin: Adds support for prevention of auto-rejoin (+J) #<module name="m_kicknorejoin.so"> @@ -1170,10 +1847,80 @@ # Knock module: adds the /KNOCK command and +K channel mode #<module name="m_knock.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# LDAP authentication module: Adds the ability to authenticate users # +# via LDAP. This is an extra module which must be enabled explicitly # +# by symlinking it from modules/extra, and requires the OpenLDAP libs # +# # +#<module name="m_ldapauth.so"> # +# # +# Configuration: # +# # +# <ldapauth baserdn="ou=People,dc=brainbox,dc=cc" # +# attribute="uid" # +# server="ldap://brainwave.brainbox.cc" # +# allowpattern="Guest*" # +# killreason="Access denied" # +# searchscope="subtree" # +# binddn="cn=Manager,dc=brainbox,dc=cc" # +# bindauth="mysecretpass" # +# verbose="yes"> # +# # +# The baserdn indicates the base DN to search in for users. Usually # +# this is 'ou=People,dc=yourdomain,dc=yourtld'. # +# # +# The attribute value indicates the attribute which is used to locate # +# a user account by name. On POSIX systems this is usually 'uid'. # +# # +# The server parameter indicates the LDAP server to connect to. The # +# ldap:// style scheme before the hostname proper is MANDITORY. # +# # +# The allowpattern value allows you to specify a wildcard mask which # +# will always be allowed to connect regardless of if they have an # +# account, for example guest users. # +# # +# Killreason indicates the QUIT reason to give to users if they fail # +# to authenticate. # +# # +# The searchscope value indicates the subtree to search under. On our # +# test system this is 'subtree'. Your mileage may vary. # +# # +# Setting the verbose value causes an oper notice to be sent out for # +# every failed authentication to the server, with an error string. # +# # +# The binddn and bindauth indicate the DN to bind to for searching, # +# and the password for the distinguished name. Some LDAP servers will # +# allow anonymous searching in which case these two values do not # +# need defining, otherwise they should be set similar to the examples # +# above. # + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that is # +# used to temporarily close/open for new connections to the server. # +# These commands require OPER status and that the LOCKSERV UNLOCKSERV # +# are specified in a <class> tag that the oper is part of. This is so # +# you can control who has access to this possible dangerous command. # +# If your server is locked and you got disconnected, do a REHASH from # +# shell to open up again. +#<module name="m_lockserv.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Msg flood module: Adds message/notice flood protection (+f) #<module name="m_messageflood.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# MsSQL module: Allows other SQL modules to access MS SQL Server +# through a unified API. You must copy the source for this module +# from the directory src/modules/extra, plus the file m_sqlv2.h +#<module name="m_mssql.so"> +# +#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# m_mssql.so is more complex than described here, see wiki for more # +# info http://www.inspircd.org/wiki/SQLServer_Service_Provider_Module # +# +#<database name="db" username="user" password="pass" hostname="localhost" id="db1"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. You must copy the source for this module @@ -1193,6 +1940,17 @@ # This is supported by mIRC, x-chat, klient, and maybe more. #<module name="m_namesx.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Nickban: Implements extended ban n:, which stops anyone matching +# a mask like +b n:nick!user@host from changing their nick on channel. +#<module name="m_nickban.so"> +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Nickchange flood protection module: Allows up to X nick changes in Y seconds. +# Provides channel mode +F. +#<module name="m_nickflood.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that # user from changing their nick again. @@ -1228,9 +1986,15 @@ # #-#-#-#-#-#-#-#-#-#-# OPERJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # -# If you are using the m_operjoin.so module, specify the channel here # +# If you are using the m_operjoin.so module, specify options here: # # # -#<operjoin channel="#channel"> +# channel - The channel name to join, can also be a comma # +# seperated list eg. "#channel1,#channel2". # +# # +# override - Lets the oper join walking thru any modes that # +# might be set, even bans. Use "yes" or "no". # +# # +#<operjoin channel="#channel" override="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper MOTD module: Provides support for seperate message of the day @@ -1258,20 +2022,42 @@ # Specify the level as the 'level' parameter of the <type> tag #<module name="m_operlevels.so"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper MD5 module: Allows MD5 hashed oper passwords -#<module name="m_opermd5.so"> - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper SHA256 module: Allows SHA256 hashed oper passwords -# This module is in src/modules/extra -#<module name="m_opersha256.so"> - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper modes module: Allows you to specify modes to add/remove on oper # Specify the modes as the 'modes' parameter of the <type> tag +# and/or as the 'modes' parameter of the <oper> tag. #<module name="m_opermodes.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Oper password hash module: Allows hashed oper passwords +# Relies on the module m_md5.so and/or m_sha256.so being loaded before +# m_password_hash.so in the configuration file. +#<module name="m_password_hash.so"> +# +#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# +# To use this module, you must define a hash type for each oper's +# password you want to hash. For example: +# +# <oper name="Brain" +# host="ident@dialup15.isp.com" +# hash="sha256" +# password="a41d730937a53b79f788c0ab13e9e1d5" +# type="NetAdmin"> +# +# The types of hashing available vary depending on which hashing modules +# you load, but usually if you load m_sha256.so and m_md5.so, both md5 +# and sha256 type hashing will be available (the most secure of which +# is SHA256). + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Permanent Channels module: Channels with the permanent channels mode +# will remain open even after everyone else has left the channel, and +# therefore keep things like modes, ban lists and topic. Permanent +# channels -may- need support from your Services package to function +# properly with them. This adds channel mode +P. +#<module name="m_permchannels.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. You must copy the source for this module @@ -1285,6 +2071,12 @@ # #<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database" ssl="no"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Quietban: Implements extended ban q:, which stops anyone matching +# a mask like +b q:nick!user@host from speaking on channel. +#<module name="m_quietban.so"> +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Random Quote module: provides a random quote on connect. # NOTE: Some of these may mimic fatal errors and confuse users and @@ -1302,6 +2094,11 @@ # Redirect module: Adds channel redirection (mode +L) #<module name="m_redirect.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Registered users only channel creation +# Allows only registered users and opers to create new channels. +#<module name="m_regonlycreate.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Remove module: Adds the /REMOVE command which is a peaceful # alternative to /KICK @@ -1321,10 +2118,36 @@ # Restrict message module: Allows users to only message opers #<module name="m_restrictmsg.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Ban users through regular expression patterns +#<module name="m_rline.so"> +# +#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# If you wish to re-check a user when they change nickname (can be +# useful under some situations, but *can* also use CPU with more users +# on a server) then set the following configuration value: +#<rline matchonnickchange="yes"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Provide /LIST throttling (to prevent flooding) and /LIST safety to # prevent excess flood when the list is large. #<module name="m_safelist.so"> +# +#-#-#-#-#-#-#-#-#-#-# SAFELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# +# When using Safelist, you may set the following values; +# +# The first value, 'throttle', sets the amount of time in seconds a user +# must wait between LIST commands. For example, if this is set to 60 +# (the default) then the user may not /LIST more than once a minute. +# If not defined, the default value is 60 seconds. +# +# The second value, 'maxlisters', indicates the maximum number of users +# which may be retrieving a LIST at once. It is not recommended you raise +# this value, as increasing it too high can make your network vulnerable +# to floodbots which waste your bandwidth and CPU time with LIST requests. +# +#<safelist throttle="60" maxlisters="50"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAJOIN module: Adds the /SAJOIN command @@ -1346,10 +2169,28 @@ # SAQUIT module: Adds the oper /SAQUIT command (abusable!!!) #<module name="m_saquit.so"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, # crippling most spambots and trojan spreader bots. #<module name="m_securelist.so"> +# +#-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Securelist can be harmful to some irc search engines such as # +# netsplit.de and searchirc.com. To prevent securelist blocking these # +# sites from listing, define exception tags as shown below: # +<securehost exception="*@*.searchirc.org"> +<securehost exception="*@*.netsplit.de"> +<securehost exception="*@echo940.server4you.de"> +# # +# Define the following variable to change how long a user must wait # +# before issuing a LIST. If not defined, defaults to 60 seconds. # +# # +#<securelist waittime="60"> # + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# See nicks module: Allow for SNOMASK +N which shows nick changes. +#<module name="m_seenicks.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Set Idle module: Adds a command for opers to change their @@ -1360,17 +2201,25 @@ # Services support module: Adds several usermodes such as +R and +M # this module implements the 'identified' state via user mode +r, which # is similar to the DALnet and dreamforge systems. +# +# N O T E!! +# >> This CAN NOT be used at the same time as m_services_account << +# N O T E!! #<module name="m_services.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Services support module: Adds several usermodes such as +R and +M # this module implements the 'identified' state via account names (AC) # and is similar in operation to the way asuka and ircu handle services. -# it cannot be used at the same time as m_services, above. +# +# N O T E!! +# >> This CAN NOT be used at the same time as m_services << +# N O T E!! #<module name="m_services_account.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Sethost module: Adds the /SETHOST command +# See m_chghost for how to customise valid chars for hostnames #<module name="m_sethost.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1389,8 +2238,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Spy module: Adds the commands SPYLIST and SPYNAMES that let opers # see who is in a +s channel, and list +s channels, show keys of keyed -# channels the oper is not a member of etc. (standard 'abusive' features -# of many other ircds, modulized here in InspIRCd). +# channels the oper is not a member of etc. Like most standard 'abusive' +# features of many other ircds, this is modular in InspIRCd. #<module name="m_spy.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1416,6 +2265,10 @@ # # # m_ssl_gnutls.so is too complex it describe here, see the wiki: # # http://www.inspircd.org/wiki/GnuTLS_SSL_Module # +# # +# NOTE: If you want to use this module to encrypt and sign your # +# server to server traffic, you MUST load it before m_spanningtree in # +# your configuration file! # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL Info module: Allows users to retrieve information about other @@ -1436,6 +2289,10 @@ # # # m_ssl_openssl.so is too complex it describe here, see the wiki: # # http://www.inspircd.org/wiki/OpenSSL_SSL_Module # +# # +# NOTE: If you want to use this module to encrypt and sign your # +# server to server traffic, you MUST load it before m_spanningtree in # +# your configuration file! # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL Cert Oper module: Allows opers to oper up using the key fingerprint @@ -1453,11 +2310,26 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SILENCE module: Adds support for /SILENCE #<module name="m_silence.so"> +# +# Configuration tags: +# +#<silence maxentries="32"> +# +# Sets the maximum number of entries on a users silence list. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Extended SILENCE module: Adds support for /SILENCE with additional -# features to silence based on invites, channel messages, etc. -#<module name="m_silence_ext.so"> +# SQLite3 module: Allows other SQL modules to access SQLite3 # +# databases through a unified API. You must link the source for this # +# module from the directory src/modules/extra to src/modules, plus # +# the file m_sqlv2.h # +#<module name="m_sqlite3.so"> +# +#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# m_sqlite.so is more complex than described here, see the wiki for # +# more: http://www.inspircd.org/wiki/SQLite3_Service_Provider_Module # +# +#<database hostname="/full/path/to/database.db" id="anytext"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQLutils module: Provides some utilities to SQL client modules, such @@ -1481,7 +2353,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQL logging module: Allows you to log network-wide data for your -# network in a fully normalized set of SQL tables. You must copy the +# network in a fully normalised set of SQL tables. You must copy the # source for this module from the directory src/modules/extra #<module name="m_sqllog.so"> # @@ -1502,15 +2374,26 @@ #-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # dbid - Database ID to use (see m_sql) # +# hash - Hashing provider to use for password hashing # # # # See also: http://www.inspircd.org/wiki/SQL_Oper_Storage_Module # # # -#<sqloper dbid="1"> +#<sqloper dbid="1" hash="md5"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be # +# added/removed by Services. # +#<module name="m_svshold.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SWHOIS module: Allows you to add arbitary lines to user WHOIS. #<module name="m_swhois.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Taxonomy module: Adds the /TAXONOMY command, used to view all +# metadata attached to a user. +#<module name="m_taxonomy.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Test command module: Does nothing significant. Read: pointless. #<module name="m_testcommand.so"> @@ -1524,6 +2407,15 @@ # users a /GLINE or /ZLINE etc would match. #<module name="m_tline.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# UHNAMES support module: Adds support for the IRCX style UHNAMES +# extension, which displays ident and hostname in the names list for +# each user, saving clients from doing a WHO on the channel. Note that +# this module is not widely supported yet. If a client does not support +# UHNAMES it will not enable it, this will not break incompatible +# clients. +#<module name="m_uhnames.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Uninvite module: Adds the /UNINVITE command which lets users remove # pending invites from channels without waiting for the user to join. @@ -1552,6 +2444,40 @@ # Watch module: Adds the WATCH command, which is used by clients to # maintain notify lists. #<module name="m_watch.so"> +# +# Configuration tags: +# +#<watch maxentries="32"> +# +# Sets the maximum number of entries on a user's watch list. + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules) +# in a file "xline.db" which can be re-loaded on restart. This is useful +# for two reasons: it keeps bans so users may not evade them, and on +# bigger networks, server connections will take less time as there will +# be a lot less bans to apply - as most of them will already be there. +#<module name="m_xline_db.so"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# XMLSocket module: Adds support for connections using the shockwave +# flash XMLSocket. Note that this does not work if the client you are +# using has retarded ideas of the IRC protocol. Your client must still +# send RFC-correct lines to the server, this module only changes the +# line ending from newlines to null terminators. +# +#<module name="m_xmlsocket.so"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# ZipLinks module: Adds support for zlib deflate on server to server +# connections. Both ends of the connection must load this module. +# +#<module name="m_ziplink.so"> +# +# To use this module, you must enable it as a transport type in your +# <link> tags or <bind> tags using the transport name 'zip'. +# See the documentation of <link> and <bind>, respectively. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -1597,11 +2523,36 @@ <exception host="*@ircop.host.com" reason="Opers hostname"> +#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional tag allows you to specify how wide a gline, eline, # +# kline, zline or qline can be before it is forbidden from being # +# set. By setting hostmasks="yes", you can allow all G, K, E lines, # +# no matter how many users the ban would cover. This is not # +# recommended! By setting ipmasks="yes", you can allow all Z lines, # +# no matter how many users these cover too. Needless to say we # +# don't recommend you do this, or, set nickmasks="yes", which will # +# allow any qline. # +# # +# The trigger value indicates how wide any mask will be before it is # +# prevented from being set. The default value is 95.5% if this tag is # +# not defined in your configuration file, meaning that if your # +# network has 1000 users, a gline matching over 955 of them will be # +# prevented from being added. # +# # +# Please note that remote servers (and services) are exempt from # +# these restrictions and expected to enforce their own policies # +# locally! # +# # + +<insane hostmasks="no" ipmasks="no" nickmasks="no" trigger="95.5"> + + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # You should already know what to do here :) # -<die value="No, i wasnt joking. You should probably edit your config *PROPERLY* and try again."> +<die value="User error. Insert new user and press any key. (you didn't edit your config properly.)"> #########################################################################