X-Git-Url: http://git.pk910.de/?a=blobdiff_plain;f=doc%2Fexample.conf;h=8ffe13704979b164234398c6f07a4b593fb7d0d3;hb=refs%2Fheads%2Fupstream-ssl;hp=3d42f5f6920bf409c753c82919e6bdfc7c0b73ef;hpb=cc05a230ac079fa15a2e43e6e68ef7126128cefd;p=ircu2.10.12-pk.git diff --git a/doc/example.conf b/doc/example.conf index 3d42f5f..8ffe137 100644 --- a/doc/example.conf +++ b/doc/example.conf @@ -1,12 +1,15 @@ -# ircd.conf configuration file for ircd version ircu2.9.mu and ircu2.10 +# ircd.conf - configuration file for ircd version ircu2.10 # -# Last Updated: 26, June 2001. +# Last Updated: 20, March 2002. # # Written by Niels , based on the original example.conf, # server code and some real-life (ahem) experience. # # Updated and heavily modified by Braden . # +# Rewritten by A1kmm(Andrew Miller) to support +# the new flex/bison configuration parser. +# # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, @@ -19,16 +22,18 @@ # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # -# All configuration options start with a letter identifying the option, -# and a colon separated list of options. Unused fields should be left -# blank. +# The configuration format consists of a number of blocks in the format +# BlockName { setting = number; setting2 = "string"; setting3 = yes; }; +# Note that comments start from a #(hash) and go to the end of the line. +# Whitespace(space, tab, or carriage return/linefeed) are ignored and may +# be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. -# It reads the lines in reverse order. +# It uses the blocks in reverse order. # -# This means that you should start your I: lines with the "fall through", -# most vanilla one and end with the most detailed. +# This means that you should start your Client blocks with the +# "fall through", most vanilla one, and end with the most detailed. # # There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can @@ -42,78 +47,223 @@ # it to work. -# [M:line] +# [General] # # First some information about the server. -# M::::: -# -# must contain either a * or a valid IPv4 address in -# dotted quad notation. (127.0.0.1) The address MUST be the address -# of a physical interface on the host. This address is used for outgoing -# connections only, see P:lines for listener virtual hosting. -# If in doubt put a * or the IP of your primary interface here. -# The server must be compiled with virtual hosting turned on to get this -# to work correctly. +# General { +# name = "servername"; +# vhost = "ipv4vhost"; +# vhost = "ipv6vhost"; +# description = "description"; +# numeric = numericnumber; +# dns vhost = "ipv4vhost"; +# dns vhost = "ipv6vhost"; +# dns server = "ipaddress"; +# dns server = "ipaddress2"; +# }; +# +# If present, must contain a valid address in dotted +# quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST +# be the address of a physical interface on the host. This address is +# used for outgoing connections if the Connect{} block does not +# override it. See Port{} for listener virtual hosting. If in doubt, +# leave it out -- or use "*", which has the same meaning as no vhost. +# +# You may specify both an IPv4 virtual host and an IPv6 virtual host, +# to indicate which address should be used for outbound connections +# of the respective type. # # Note that has to be unique on the network your server # is running on, must be between 0 and 4095, and is not updated on a rehash. -M:London.UK.Eu.UnderNet.org::University of London, England::1 - - -# [A:line] +# +# The two DNS lines allow you to specify the local IP address to use +# for DNS lookups ("dns vhost") and one or more DNS server addresses +# to use. If the vhost is ambiguous for some reason, you may list +# IPV4 and/or IPV6 between the equals sign and the address string. +# The default DNS vhost is to let the operating system assign the +# address, and the default DNS servers are read from /etc/resolv.conf. +# In most cases, you do not need to specify either the dns vhost or +# the dns server. +General { + name = "London.UK.Eu.UnderNet.org"; + description = "University of London, England"; + numeric = 1; +}; + +# [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. -# A::: -A:The University of London:Undernet IRC server:IRC Admins - +Admin { + # At most two location lines are allowed... + Location = "The University of London"; + Location = "Undernet IRC server"; + Contact = "IRC Admins "; +}; -# [Y:lines] +# [Classes] # # All connections to the server are associated with a certain "connection # class", be they incoming or outgoing (initiated by the server), be they -# clients, servers or Martians. (Note that ircd doesn't have direct support -# for Martians (yet?); they will have to register as normal users. ;-) -# Take the following Y: lines only as a guide. -# Y::::: -# +# clients or servers. +# +# Class { +# name = ""; +# pingfreq = time; +# connectfreq = time; +# maxlinks = number; +# sendq = size; +# usermode = "+i"; +# }; +# +# For connection classes used on server links, maxlinks should be set +# to either 0 (for hubs) or 1 (for leaf servers). Client connection +# classes may use maxlinks between 0 and approximately 4,000,000,000. +# maxlinks = 0 means there is no limit on the number of connections +# using the class. +# # applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # condition is satisfied. This is a Bad Thing(tm). -# -# should be set at either 0 or 1. -# -# Server classes: 90 = all your uplinks for who you do not wish to hub; -# 80 = leaf servers (only used if your server is a hub) -Y:90:90:300:1:9000000 -Y:80:90:300:0:9000000 - -# Client classes. 10 = locals; 2 = for all .net and .com that are not -# in Europe; 1 = for everybody. -Y:10:90:0:100:160000 -Y:2:90:0:5:80000 -Y:1:90:0:400:160000 - - -# [I:lines] +# Note that times can be specified as a number, or by giving something +# like: 1 minutes 20 seconds, or 1*60+20. +# +# Recommended server classes: +# All your server uplinks you are not a hub for. +Class { + name = "Server"; + pingfreq = 1 minutes 30 seconds; + connectfreq = 5 minutes; + maxlinks = 1; + sendq = 9000000; +}; +# All the leaf servers you hub for. +Class { + name = "LeafServer"; + pingfreq = 1 minutes 30 seconds; + connectfreq = 5 minutes; + maxlinks = 0; + sendq = 9000000; +}; + +# Client { +# username = "ident"; +# host = "host"; +# ip = "127.0.0.0/8"; +# password = "password"; +# class = "classname"; +# maxlinks = 3; +# }; +# +# Everything in a Client block is optional. If a username mask is +# given, it must match the client's username from the IDENT protocol. +# If a host mask is given, the client's hostname must resolve and +# match the host mask. If a CIDR-style IP mask is given, the client +# must have an IP matching that range. If maxlinks is given, it is +# limits the number of matching clients allowed from a particular IP +# address. +# +# Take the following class blocks only as a guide. +Class { + name = "Local"; + pingfreq = 1 minutes 30 seconds; + sendq = 160000; + maxlinks = 100; + usermode = "+iw"; +}; +Class { + name = "America"; + pingfreq = 1 minutes 30 seconds; + sendq = 80000; + maxlinks = 5; +}; +Class { + name = "Other"; + pingfreq = 1 minutes 30 seconds; + sendq = 160000; + maxlinks = 400; +}; +Class { + name = "Opers"; + pingfreq = 1 minutes 30 seconds; + sendq = 160000; + maxlinks = 10; + + # For connection classes intended for operator use, you can specify + # privileges used when the Operator block (see below) names this + # class. The local (aka globally_opered) privilege MUST be defined + # by either the Class or Operator block. The following privileges + # exist: + # + # local (or propagate, with the opposite sense) + # whox (log oper's use of x flag with /WHO) + # display (oper status visible to lusers) + # chan_limit (can join local channels when in + # MAXCHANNELSPERUSER channels) + # mode_lchan (can /MODE &channel without chanops) + # deop_lchan (cannot be deopped or kicked on local channels) + # walk_lchan (can forcibly /JOIN &channel OVERRIDE) + # show_invis (see +i users in /WHO x) + # show_all_invis (see +i users in /WHO x) + # unlimit_query (show more results from /WHO) + # local_kill (can kill clients on this server) + # rehash (can use /REHASH) + # restart (can use /RESTART) + # die (can use /DIE) + # local_jupe (not used) + # set (can use /SET) + # local_gline (can set a G-line for this server only) + # local_badchan (can set a Gchan for this server only) + # see_chan (can see users in +s channels in /WHO) + # list_chan (can see +s channels with /LIST S, or modes with /LIST M) + # wide_gline (can use ! to force a wide G-line) + # see_opers (can see opers without DISPLAY privilege) + # local_opmode (can use OPMODE/CLEARMODE on local channels) + # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) + # kill (can kill clients on other servers) + # gline (can issue G-lines to other servers) + # jupe_server (not used) + # opmode (can use /OPMODE) + # badchan (can issue Gchans to other servers) + # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) + # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) + # + # For global opers (with propagate = yes or local = no), the default + # is to grant all of the above privileges EXCEPT walk_lchan, + # unlimit_query, set, badchan, local_badchan and apass_opmode. + # For local opers, the default is to grant ONLY the following + # privileges: + # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, + # rehash, local_gline, local_jupe, local_opmode, whox, display, + # force_local_opmode + # Any privileges listed in a Class block override the defaults. + + local = no; +}; +# [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the -# Y: lines, you can let in a specific domain, but get rid of all other +# Client blocks, you can let in a specific domain, but get rid of all other # domains in the same toplevel, thus setting up some sort of "reverse -# K: line". -# I::::: +# Kill block". +# Client { +# host = "user@host"; +# ip = "user@ip"; +# password = "password"; +# class = "classname"; +# }; # # Technical description (for examples, see below): # For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to , -# and the I: line is used when any matches; the client will then show +# and the Client {} is used when any matches; the client will then show # with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the field, if this matches -# then the I: line is used nevertheless and the client will show with the +# then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections @@ -123,82 +273,138 @@ Y:1:90:0:400:160000 # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would -# match this I: line: -# I:jolan.ppro::foobar::1 -# Finally, I: lines with empty or fields are skipped. +# match this block: +# host = "*@jolan.ppro"; # # This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. -I:*@*:1:Unresolved::1 -I:Resolved::*@*::1 - +Client +{ + class = "Other"; + ip = "*@*"; + maxlinks = 2; +}; + + +Client +{ + class = "Other"; + host = "*@*"; + maxlinks = 2; +}; # If you don't want unresolved dudes to be able to connect to your -# server, use just: -# I:NotMatchingCrap::*@*::1 +# server, do not specify any "ip = " settings. # # Here, take care of all American ISPs. -I:Resolved::*@*.com::2 -I:Resolved::*@*.net::2 - +Client +{ + host = "*@*.com"; + class = "America"; + maxlinks = 2; +}; + +Client +{ + host = "*@*.net"; + class = "America"; + maxlinks = 2; +}; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other -# way around - K: lining every single ISP in the US. +# way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... -I:Resolved::*@*.wirehub.net::1 -I:Resolved::*@*.planete.net::1 -I:Resolved::*@*.ivg.com::1 -I:Resolved::*@*.ib.com::1 -I:Resolved::*@*.ibm.net::1 -I:Resolved::*@*.hydro.com::1 -I:Resolved::*@*.NL.net::1 +Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; }; # You can request a more complete listing, including the "list of standard -# K-lines" from the Routing Committee; it will also be sent to you if +# Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. # # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). -I:*@193.37.*::*@*.london.ac.uk::10 - -# You can put a digit (0..9) in the password field, which will make ircd +Client +{ + host = "*@*.london.ac.uk"; + ip = "*@193.37.*"; + class = "Local"; + # A maxlinks of over 5 will automatically be glined by euworld on Undernet + maxlinks = 5; +}; + +# You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: -# I:Resolved:1:*@*.swipnet.se::1 -# I:Resolved:2:*@dial??.*::1 +# Client { +# host = "*@*.swipnet.se"; +# maxlinks = 1; +# class = "Other"; +# }; +# Client { +# host = "*@dial??.*"; +# maxlinks = 2; +# class = "Other"; +# }; # # If you are not worried about who connects, this line will allow everyone # to connect. -I:*::*::1 +Client { + host = "*@*"; + ip = "*@*"; + class = "Other"; + maxlinks = 2; +}; -# [T:lines] +# [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. -# T:: -# or: -# T:: +# motd { +# # Note: host can also be a classname. +# host = "Other"; +# file = "path/to/motd/file"; +# }; +# +# More than one host = "mask"; entry may be present in one block; this +# has the same effect as one Motd block for each host entry, but makes +# it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged -# to register their domains and get their own I: lines if they're in +# to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. -T:*.net:net_com.motd -T:*.com:net_com.motd -T:2:net_com.motd +motd { + host = "*.net"; + file = "net_com.motd"; +}; +motd { + host = "*.com"; + file = "net_com.motd"; +}; +motd { + host = "America"; + file = "net_com.motd"; +}; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... -T:*.london.ac.uk:london.motd +motd { + host = "*.london.ac.uk"; + file = "london.motd"; +}; - -# [U:lines] +# [UWorld] # # One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode @@ -207,7 +413,12 @@ T:*.london.ac.uk:london.motd # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. -# U:::* +# UWorld { +# # The servername or wildcard mask for it that this applies to. +# name = "relservername"; +# }; +# +# You may have have more than one name listed in each block. # # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results @@ -216,60 +427,98 @@ T:*.london.ac.uk:london.motd # If you're on Undernet, you MUST have these lines. I cannnot stress # this enough. If all of the servers don't have the same lines, the # servers will try to undo the mode hacks that Uworld does. Make SURE that -# all of the servers have the EXACT same Ulines. +# all of the servers have the EXACT same UWorld blocks. # -# As of ircu2.10.05 is it possible to Jupe nicks. Juped nicks need to be -# added to U: lines. As per CFV-0095, the following nicks must be juped, -# it is not allowed to jupe others as well. -U:Uworld.EU.undernet.org:EuWorld,E,StatServ,NoteServ:* -U:Uworld2.undernet.org:UWorld2,ChanSvr,ChanSaver,ChanServ:* -U:Uworld.undernet.org:Uworld,NickSvr,NickSaver,NickServ:* -U:channels.undernet.org:LPT1,X,login:* -U:channels2.undernet.org:LPT2,W,Undernet:* -U:channels3.undernet.org:COM1,V,protocol:* -U:channels4.undernet.org:COM2,U,pass:* -U:channels5.undernet.org:COM3,Y,AUX:* -U:channels6.undernet.org:COM4,Z,newpass:* - - -# [K:lines] +# If your server starts on a bit larger network, you'll probably get +# assigned one or two uplinks to which your server can connect. +# If your uplink(s) also connect to other servers than yours (which is +# probable), you need to define your uplink as being allowed to "hub". +# See the Connect block documentation for details on how to do that. + +UWorld { + name = "uworld.eu.undernet.org"; + name = "uworld2.undernet.org"; + name = "uworld.undernet.org"; + name = "channels.undernet.org"; + name = "channels2.undernet.org"; + name = "channels3.undernet.org"; + name = "channels4.undernet.org"; + name = "channels5.undernet.org"; + name = "channels6.undernet.org"; +}; + +# As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and +# CFV-0255, the following nicks must be juped, it is not allowed to +# jupe others as well. +Jupe { + nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; + nick = "EuWorld,UWorld,UWorld2"; + nick = "login,undernet,protocol,pass,newpass,org"; + nick = "StatServ,NoteServ"; + nick = "ChanSvr,ChanSaver,ChanServ"; + nick = "NickSvr,NickSaver,NickServ"; + nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; +}; + +# [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # -# For this purpose, the ircd understands "kill lines". -# K::"": +# For this purpose, the ircd understands "kill blocks". These are also +# known as K-lines, by virtue of the former config file format. +# Kill +# { +# host = "user@host"; +# reason = "The reason the user will see"; +# }; +# It is possible to ban on the basis of the real name. +# It is also possible to use a file as comment for the ban, using +# file = "file": +# Kill +# { +# realname = "realnametoban"; +# file = "path/to/file/with/reason/to/show"; +# }; # -# It is possible to use a file as comment for the ban. -# K::!: # # The default reason is: "You are banned from this server" -# Note that K: lines are local to the server; if you ban a person or a +# Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server -# that doesn't have them K: lined (yet). +# that doesn't have them Killed (yet). # # With a simple comment, using quotes: -K:*.au:"Please use a nearer server":* -K:*.edu:"Please use a nearer server":* - -# With a file, prepending a '!' before the filename. -# The file can contain for example, a reason, a link to the -# server rules and a contact address. -K:unixbox.flooder.co.uk:!kline/youflooded.txt:*luser - -# -# IP-based kill lines are designated with a lowercase 'k'. These lines -# use the same format as normal K: lines, except they apply to all hosts, -# even if an IP address has a properly resolving host name. -k:192.168.*:!klines/martians:* +Kill { host = "*.au"; reason = "Please use a nearer server"; }; +Kill { host = "*.edu"; reason = "Please use a nearer server"; }; -# Additionally, you may specify a hostmask prefixed with $R to indicate -# a match should be performed against the "real-name" / "info" field -# instead of the host/IP. -K:$R*sub7*:"You are infected with a Trojan":* +# You can also kill based on username. +Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; }; - -# [C:lines] +# The file can contain for example, a reason, a link to the +# server rules and a contact address. Note the combination +# of username and host in the host field. +Kill +{ + host = "*luser@unixbox.flooder.co.uk"; + file = "kline/youflooded.txt"; +}; + +# IP-based kill lines apply to all hosts, even if an IP address has a +# properly resolving host name. +Kill +{ + host = "192.168.*"; + file = "klines/martians"; +}; + +# The realname field lets you ban by realname... +Kill +{ + realname = "*sub7*"; + reason = "You are infected with a Trojan"; +}; + +# [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. @@ -282,52 +531,81 @@ K:$R*sub7*:"You are infected with a Trojan":* # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # -# The Connection lines (also known as C lines) +# The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. -# C::::: +# Connect { +# name = "servername"; +# host = "hostnameORip"; +# vhost = "localIP"; +# password = "passwd"; +# port = portno; +# class = "classname"; +# maxhops = 2; +# hub = "*.eu.undernet.org"; +# autoconnect = no; +# }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also -# the port used when the server attempts to auto-connect to the remote -# server. (See Y:lines for more informationa about auto-connects). +# the port used when the server attempts to auto-connect to the remote +# server. (See Class blocks for more informationa about auto-connects). +# You may tell ircu to not automatically connect to a server by adding +# "autoconnect = no;"; the default is to autoconnect. # -# Our primary uplink. -C:1.2.3.4:passwd:Amsterdam.NL.Eu.UnderNet.org:4400:90 - - -# [H:lines] +# If the vhost field is present, the server will use that IP as the +# local end of connections that it initiates to this server. This +# overrides the vhost value from the General block. # -# If your server starts on a bit larger network, you'll probably get -# assigned one or two uplinks to which your server can connect. -# If your uplink(s) also connect to other servers than yours (which is -# probable), you need to define your uplink as being allowed to "hub". -# H::: -H:*.*::Amsterdam.NL.Eu.UnderNet.org - - -# [L:lines] +# The maxhops field causes an SQUIT if a hub tries to introduce +# servers farther away than that; the element 'leaf;' is an alias for +# 'maxhops = 0;'. The hub field limits the names of servers that may +# be introduced by a hub; the element 'hub;' is an alias for +# 'hub = "*";'. # -# Of course, the opposite is also possible: forcing a server to be -# a leaf. L: lines follow Murphy's Law: if you use them, there's a big -# chance that routing will be screwed up afterwards. -# L:::: - +# Our primary uplink. +Connect { + name = "Amsterdam.NL.Eu.UnderNet.org"; + host = "1.2.3.4"; + password = "passwd"; + port = 4400; + class = "Server"; + hub; +}; -# [D:lines] +# [crule] # # For an advanced, real-time rule-based routing decision making system -# you can use Disallow lines. For more information, see doc/readme.crules. -# D::: -# d::: -# D:*.US.UnderNet.org::connected(*.US.UnderNet.org) -# d:*.EU.UnderNet.org::connected(Amsterdam.NL.EU.*) -# -# The following line is recommended for leaf servers: -# d:*::directcon(*) - - -# [O:lines] +# you can use crule blocks. For more information, see doc/readme.crules. +# If more than one server mask is present in a single crule, the rule +# applies to all servers. +# CRULE +# { +# server = "servermask"; +# rule = "connectrule"; +# # Setting all to yes makes the rule always apply. Otherwise it only +# # applies to autoconnects. +# all = yes; +# }; +CRULE +{ + server = "*.US.UnderNet.org"; + rule = "connected(*.US.UnderNet.org)"; +}; +CRULE +{ + server = "*.EU.UnderNet.org"; + rule = "connected(Amsterdam.NL.EU.*)"; +}; + +# The following block is recommended for leaf servers: +CRULE +{ + server = "*"; + rule = "directcon(*)"; +}; + +# [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the @@ -342,30 +620,58 @@ H:*.*::Amsterdam.NL.Eu.UnderNet.org # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. -# Depending on some defines in include/config.h, local operators are also -# not allowed to /DIE and /RESTART the server. -# Local operators are designated with a lowercase 'o' -# O::::: -# o::::: # -# The encrypted password is optional. If you wish to encrypt your password, -# there is a utility in the ircd. Please read the file tools/README. -O:*@*.cs.vu.nl:VRKLKuGKn0jLs:Niels::10 -o:*@*.uu.net:noncryptedpass:Braden::10 +# More than one host = "mask"; entry may be present in one block; this +# has the same effect as one Operator block for each host entry, but +# makes it easier to update operator nicks, passwords, classes, and +# privileges. +# +# Operator { +# host = "host/IP mask"; +# name = "opername"; +# password = "encryptedpass"; +# class = "classname"; +# # You can also set any operator privilege; see the Class block +# # documentation for details. A privilege defined for a single +# # Operator will override the privilege settings for the Class +# # and the default setting. +# }; +# +# By default, the password is hashed using the system's native crypt() +# function. Other password mechanisms are available; the umkpasswd +# utility from the ircd directory can hash passwords using those +# mechanisms. If you use a password format that is NOT generated by +# umkpasswd, ircu will not recognize the oper's password. +# +# All privileges are shown with their default values; if you wish to +# override defaults, you should set only those privileges for the +# operator. Listing defaulted privileges just makes things harder to +# find. +Operator { + local = no; + host = "*@*.cs.vu.nl"; + password = "VRKLKuGKn0jLt"; + name = "Niels"; + class = "Local"; +}; +Operator { + host = "*@*.uu.net"; + password = "$PLAIN$notencryptedpass"; + name = "Niels"; + class = "Opers"; +}; # Note that the is optional, but leaving it away -# puts the O: lines in class 0, which usually only accepts one connection -# at a time. If you want users to Oper up more then once per O: line, -# then use a connection class that allows more then one connection, -# for example (using class 10 as in the example above): +# puts the opers in class "default", which usually only accepts one +# connection at a time. If you want users to Oper up more then once per +# block, then use a connection class that allows more then one connection, +# for example (using class Local as in the example above): # # Once you OPER your connection class changes no matter where you are or -# your previous connection classes. If the defined connection class is 10 -# for the O:line, then your new connection class is 10. -# Y:10:90:0:100:160000 +# your previous connection classes. If the defined connection class is +# Local for the operator block, then your new connection class is Local. - -# [P:lines] +# [Port] # When your server gets more full, you will notice delays when trying to # connect to your server's primary listening port. It is possible via the # Port lines to specify additional ports for the ircd to listen to. @@ -373,12 +679,28 @@ o:*@*.uu.net:noncryptedpass:Braden::10 # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. -# IANA says we should use port 194, but that requires us to run as root, so -# we don't do that. -# -# P:::<[CS][H]>: -# -# The hostmask setting allows you to specify a range of IP addresses that +# IANA says we should use port 194, but that requires us to run as root, +# so we don't do that. +# +# +# Port { +# port = [ipv4] [ipv6] number; +# mask = "ipmask"; +# # Use this to control the interface you bind to. +# vhost = [ipv4] [ipv6] "virtualhostip"; +# # You can specify both virtual host and port number in one entry. +# vhost = [ipv4] [ipv6] "virtualhostip" number; +# # Setting to yes makes this server only. +# server = yes; +# # Setting to yes makes the port "hidden" from stats. +# hidden = yes; +# }; +# +# The port and vhost lines allow you to specify one or both of "ipv4" +# and "ipv6" as address families to use for the port. The default is +# to listen on both IPv4 and IPv6. +# +# The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting @@ -392,41 +714,81 @@ o:*@*.uu.net:noncryptedpass:Braden::10 # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # -# The [CS][H] field is an optional field to specify that a port is a -# server port or a client port and whether it's hidden or not. -# If used the first character MUST be either a C or S. -# If you want to hide a port from /stats p from non-opers follow the C -# or S with an H -# -# C = Client (Ports 6660-6669) -# S = Server (Port 4400) -# -# P:::<[CS][H]>: -# -# This is a normal server port, you need to have at least one server -# port defined if you want to connect your server to other servers. -P:::S:4400 +Port { + server = yes; + port = 4400; +}; -# This is a Server port that is Hidden -#P:::SH:4401 +# This is an IPv4-only Server port that is Hidden +Port { + server = yes; + hidden = yes; + port = ipv4 4401; +}; # The following are normal client ports -P:::C:6667 -P::::6668 -P:192.168.*:::6666 - -# This is a hidden client port, listening on the interface associated -# with the IP address 168.8.21.107 -#P:*:168.8.21.107:CH:7000 - - -# [F:lines] -# +Port { port = 6667; }; +Port { port = 6668; }; +Port { + # This only accepts clients with IPs like 192.168.*. + mask = "192.168.*"; + port = 6666; +}; + +# This is a hidden client port, listening on 168.8.21.107. +Port { + vhost = "168.8.21.107"; + hidden = yes; + port = 7000; +}; + +# More than one vhost may be present in a single Port block; in this case, +# we recommend listing the port number on the vhost line for clarity. +Port { + vhost = "172.16.0.1" 6667; + vhost = "172.16.3.1" 6668; + hidden = no; +}; + +# Quarantine blocks disallow operators from using OPMODE and CLEARMODE +# on certain channels. Opers with the force_opmode (for local +# channels, force_local_opmode) privilege may override the quarantine +# by prefixing the channel name with an exclamation point ('!'). +# Wildcards are NOT supported; the channel name must match exactly. +Quarantine { + "#shells" = "Thou shalt not support the h4><0rz"; + "&kiddies" = "They can take care of themselves"; +}; + +# This is a server-implemented alias to send a message to a service. +# The string after Pseudo is the command name; the name entry inside +# is the service name, used for error messages. More than one nick +# entry can be provided; the last one listed has highest priority. +Pseudo "CHANSERV" { + name = "X"; + nick = "X@channels.undernet.org"; +}; + +# You can also prepend text before the user's message. +Pseudo "LOGIN" { + name = "X"; + prepend = "LOGIN "; + nick = "X@channels.undernet.org"; +}; + +# You can ask a separate server whether to allow users to connect. +# Uncomment this ONLY if you have an iauth helper program. +# IAuth { +# program = "../path/to/iauth" "-n" "options go here"; +# }; + +# [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the -# configuration file. Feature lines are the hook we're using for this. -# F: