X-Git-Url: http://git.pk910.de/?a=blobdiff_plain;f=doc%2Fexample.conf;h=8ffe13704979b164234398c6f07a4b593fb7d0d3;hb=refs%2Fheads%2Fupstream-ssl;hp=652e1a96b4759d0c29ab4c08fb99f932b7efb72d;hpb=13e5ea0dd2bc6ff69a492189165a80d6a922ab05;p=ircu2.10.12-pk.git diff --git a/doc/example.conf b/doc/example.conf index 652e1a9..8ffe137 100644 --- a/doc/example.conf +++ b/doc/example.conf @@ -1,13 +1,20 @@ -# ircd.conf configuration file for ircd version ircu2.9.mu and ircu2.10 +# ircd.conf - configuration file for ircd version ircu2.10 +# +# Last Updated: 20, March 2002. # # Written by Niels , based on the original example.conf, # server code and some real-life (ahem) experience. # +# Updated and heavily modified by Braden . +# +# Rewritten by A1kmm(Andrew Miller) to support +# the new flex/bison configuration parser. +# # Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn, # Xorath, WildThang, Mmmm, SeKs, Ghostwolf and # all other Undernet IRC Admins and Operators, # and programmers working on the Undernet ircd. - +# # This is an example of the configuration file used by the Undernet ircd. # # This document is based on a (fictious) server in Europe with a @@ -15,110 +22,248 @@ # but if all the other hubs in Europe aren't in service, it can connect # to one in the US by itself. # -# All configuration options start with a letter identifying the option, -# and a colon separated list of options. An asterisk indicates an -# unused field. +# The configuration format consists of a number of blocks in the format +# BlockName { setting = number; setting2 = "string"; setting3 = yes; }; +# Note that comments start from a #(hash) and go to the end of the line. +# Whitespace(space, tab, or carriage return/linefeed) are ignored and may +# be used to make the configuration file more readable. # # Please note that when ircd puts the configuration lines into practice, # it parses them exactly the other way round than they are listed here. -# This means that you should start your I: lines with the "fall through", -# most vanilla one and end with the most detailed. +# It uses the blocks in reverse order. # -# There is a difference between the ``hostname'' and the ``server name'' +# This means that you should start your Client blocks with the +# "fall through", most vanilla one, and end with the most detailed. +# +# There is a difference between the "hostname" and the "server name" # of the machine that the server is run on. For example, the host can -# have ``veer.cs.vu.nl'' as FQDN, and ``Amsterdam.NL.EU.undernet.org'' as +# have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as # server name. -# A ``server mask'' is something like '*.EU.UnderNet.org'', which is -# matched by 'Amsterdam.NL.EU.undernet.org' but not by -# 'Manhattan.KS.US.undernet.org'. +# A "server mask" is something like "*.EU.UnderNet.org", which is +# matched by "Amsterdam.NL.EU.undernet.org" but not by +# "Manhattan.KS.US.undernet.org". +# +# Please do NOT just rename the example.conf to ircd.conf and expect +# it to work. + +# [General] # # First some information about the server. -# M::::: -# -# must contain either a * or a valid IPv4 address in -# dotted quad notation. (127.0.0.1) The address MUST be the address -# of a physical interface on the host. This address is used for outgoing -# connections only, see P:lines for listener virtual hosting. -# If in doubt put a * or the IP of your primary interface here. -# The server must be compiled with virtual hosting turned on to get this -# to work correctly. -# -# The is no longer used. -# Ports need to be specified with a P: line, see below. -# At some point in the future we may want to use the port value for -# server capacity. --Bleep +# General { +# name = "servername"; +# vhost = "ipv4vhost"; +# vhost = "ipv6vhost"; +# description = "description"; +# numeric = numericnumber; +# dns vhost = "ipv4vhost"; +# dns vhost = "ipv6vhost"; +# dns server = "ipaddress"; +# dns server = "ipaddress2"; +# }; +# +# If present, must contain a valid address in dotted +# quad or IPv6 numeric notation (127.0.0.1 or ::1). The address MUST +# be the address of a physical interface on the host. This address is +# used for outgoing connections if the Connect{} block does not +# override it. See Port{} for listener virtual hosting. If in doubt, +# leave it out -- or use "*", which has the same meaning as no vhost. +# +# You may specify both an IPv4 virtual host and an IPv6 virtual host, +# to indicate which address should be used for outbound connections +# of the respective type. # # Note that has to be unique on the network your server -# is running on, must be between 1 and 64, and is not updated on a rehash. - -M:London.UK.Eu.UnderNet.org:*:University of London, England:0:1 - +# is running on, must be between 0 and 4095, and is not updated on a rehash. +# +# The two DNS lines allow you to specify the local IP address to use +# for DNS lookups ("dns vhost") and one or more DNS server addresses +# to use. If the vhost is ambiguous for some reason, you may list +# IPV4 and/or IPV6 between the equals sign and the address string. +# The default DNS vhost is to let the operating system assign the +# address, and the default DNS servers are read from /etc/resolv.conf. +# In most cases, you do not need to specify either the dns vhost or +# the dns server. +General { + name = "London.UK.Eu.UnderNet.org"; + description = "University of London, England"; + numeric = 1; +}; + +# [Admin] # # This sets information that can be retrieved with the /ADMIN command. # It should contain at least an admin Email contact address. -# A::: - -A:The University of London:Undernet IRC server:IRC Admins - -# -# All connections to the server are associated with a certain ``connection -# class'', be they incoming or outgoing (initiated by the server), be they -# clients, servers or Martians. (Note that ircd doesn't have direct support -# for Martians (yet?); they will have to register as normal users. ;-) -# Take the following Y: lines only as a guide. -# Y::::: - +Admin { + # At most two location lines are allowed... + Location = "The University of London"; + Location = "Undernet IRC server"; + Contact = "IRC Admins "; +}; + +# [Classes] +# +# All connections to the server are associated with a certain "connection +# class", be they incoming or outgoing (initiated by the server), be they +# clients or servers. +# +# Class { +# name = ""; +# pingfreq = time; +# connectfreq = time; +# maxlinks = number; +# sendq = size; +# usermode = "+i"; +# }; +# +# For connection classes used on server links, maxlinks should be set +# to either 0 (for hubs) or 1 (for leaf servers). Client connection +# classes may use maxlinks between 0 and approximately 4,000,000,000. +# maxlinks = 0 means there is no limit on the number of connections +# using the class. +# # applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # condition is satisfied. This is a Bad Thing(tm). - -# has different meanings for clients and servers. -# For clients, it is the total number of connections allowed for the class. -# Thus, if it is set to 100, then up to 100 clients can connect in that class. - -# Auto-connecting -# For servers, is the number of remote servers, in that class, that the -# server will attempt to be connected to. The server will initiate auto connections -# until it is connected to remote servers. This field DOES NOT limit -# the total number of servers that can be manually connected. -# To turn off auto connecting, should be set to 0. -# Note that MAXIMUM_LINKS (defined in make config) sets a hard limit on the number -# of servers that can be connected and still have the server attempt auto-connections. -# It is usually set to 1, which means a server will not attempt auto connects with a server -# already connected, regardless of how the Y:lines are set up. - -# Server classes: 90 = all your uplinks for who you do not wish to hub; -# 80 = leaf servers (only used if your server is a hub) - -Y:90:90:300:1:9000000 -Y:80:90:300:0:9000000 - -# Client classes. 10 = locals; 2 = for all .net and .com that are not -# in Europe; 1 = for everybody. - -Y:10:90:0:100:160000 -Y:2:90:0:5:80000 -Y:1:90:0:400:160000 - +# Note that times can be specified as a number, or by giving something +# like: 1 minutes 20 seconds, or 1*60+20. +# +# Recommended server classes: +# All your server uplinks you are not a hub for. +Class { + name = "Server"; + pingfreq = 1 minutes 30 seconds; + connectfreq = 5 minutes; + maxlinks = 1; + sendq = 9000000; +}; +# All the leaf servers you hub for. +Class { + name = "LeafServer"; + pingfreq = 1 minutes 30 seconds; + connectfreq = 5 minutes; + maxlinks = 0; + sendq = 9000000; +}; + +# Client { +# username = "ident"; +# host = "host"; +# ip = "127.0.0.0/8"; +# password = "password"; +# class = "classname"; +# maxlinks = 3; +# }; +# +# Everything in a Client block is optional. If a username mask is +# given, it must match the client's username from the IDENT protocol. +# If a host mask is given, the client's hostname must resolve and +# match the host mask. If a CIDR-style IP mask is given, the client +# must have an IP matching that range. If maxlinks is given, it is +# limits the number of matching clients allowed from a particular IP +# address. +# +# Take the following class blocks only as a guide. +Class { + name = "Local"; + pingfreq = 1 minutes 30 seconds; + sendq = 160000; + maxlinks = 100; + usermode = "+iw"; +}; +Class { + name = "America"; + pingfreq = 1 minutes 30 seconds; + sendq = 80000; + maxlinks = 5; +}; +Class { + name = "Other"; + pingfreq = 1 minutes 30 seconds; + sendq = 160000; + maxlinks = 400; +}; +Class { + name = "Opers"; + pingfreq = 1 minutes 30 seconds; + sendq = 160000; + maxlinks = 10; + + # For connection classes intended for operator use, you can specify + # privileges used when the Operator block (see below) names this + # class. The local (aka globally_opered) privilege MUST be defined + # by either the Class or Operator block. The following privileges + # exist: + # + # local (or propagate, with the opposite sense) + # whox (log oper's use of x flag with /WHO) + # display (oper status visible to lusers) + # chan_limit (can join local channels when in + # MAXCHANNELSPERUSER channels) + # mode_lchan (can /MODE &channel without chanops) + # deop_lchan (cannot be deopped or kicked on local channels) + # walk_lchan (can forcibly /JOIN &channel OVERRIDE) + # show_invis (see +i users in /WHO x) + # show_all_invis (see +i users in /WHO x) + # unlimit_query (show more results from /WHO) + # local_kill (can kill clients on this server) + # rehash (can use /REHASH) + # restart (can use /RESTART) + # die (can use /DIE) + # local_jupe (not used) + # set (can use /SET) + # local_gline (can set a G-line for this server only) + # local_badchan (can set a Gchan for this server only) + # see_chan (can see users in +s channels in /WHO) + # list_chan (can see +s channels with /LIST S, or modes with /LIST M) + # wide_gline (can use ! to force a wide G-line) + # see_opers (can see opers without DISPLAY privilege) + # local_opmode (can use OPMODE/CLEARMODE on local channels) + # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels) + # kill (can kill clients on other servers) + # gline (can issue G-lines to other servers) + # jupe_server (not used) + # opmode (can use /OPMODE) + # badchan (can issue Gchans to other servers) + # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels) + # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys) + # + # For global opers (with propagate = yes or local = no), the default + # is to grant all of the above privileges EXCEPT walk_lchan, + # unlimit_query, set, badchan, local_badchan and apass_opmode. + # For local opers, the default is to grant ONLY the following + # privileges: + # chan_limit, mode_lchan, show_invis, show_all_invis, local_kill, + # rehash, local_gline, local_jupe, local_opmode, whox, display, + # force_local_opmode + # Any privileges listed in a Class block override the defaults. + + local = no; +}; +# [Client] # # To allow clients to connect, they need authorization. This can be # done based on hostmask, address mask, and/or with a password. # With intelligent use of classes and the maxconnections field in the -# Y: lines, you can let in a specific domain, but get rid of all other -# domains in the same toplevel, thus setting up some sort of 'reverse -# K: line'. -# I::::: - +# Client blocks, you can let in a specific domain, but get rid of all other +# domains in the same toplevel, thus setting up some sort of "reverse +# Kill block". +# Client { +# host = "user@host"; +# ip = "user@ip"; +# password = "password"; +# class = "classname"; +# }; +# # Technical description (for examples, see below): -# For every connecting client, the IP-number is know. A reverse lookup +# For every connecting client, the IP address is known. A reverse lookup # on this IP-number is done to get the (/all) hostname(s). # Each hostname that belongs to this IP-number is matched to , -# and the I: line is used when any matches; the client will then show -# with this particular hostname. If none of the hostnames matches, then +# and the Client {} is used when any matches; the client will then show +# with this particular hostname. If none of the hostnames match, then # the IP-number is matched against the field, if this matches -# then the I: line is used nevertheless and the client will show with the +# then the Client{} is used nevertheless and the client will show with the # first (main) hostname if any; if the IP-number did not resolve then the # client will show with the dot notation of the IP-number. # There is a special case for the UNIX domain sockets and localhost connections @@ -128,128 +273,252 @@ Y:1:90:0:400:160000 # 002 Your host is 2.undernet.org[jolan.ppro], running version ... # Then the "jolan.ppro" is the name used for matching. # Therefore, unix domain sockets, and connections to localhost would -# match this I: line: -# I:jolan.ppro::foobar::1 -# Finally, I: lines with empty or fields are skipped. - -# This is the 'fallback' entry. All .uk, .nl, and all unresolved are +# match this block: +# host = "*@jolan.ppro"; +# +# This is the "fallback" entry. All .uk, .nl, and all unresolved are # in these two lines. # By using two different lines, multiple connections from a single IP # are only allowed from hostnames which have both valid forward and # reverse DNS mappings. - -I:*@*:1:Unresolved::1 -I:Resolved::*@*::1 - +Client +{ + class = "Other"; + ip = "*@*"; + maxlinks = 2; +}; + + +Client +{ + class = "Other"; + host = "*@*"; + maxlinks = 2; +}; # If you don't want unresolved dudes to be able to connect to your -# server, use just: -# I:NotMatchingCrap::*@*::1 - +# server, do not specify any "ip = " settings. +# # Here, take care of all American ISPs. -I:Resolved::*@*.com::2 -I:Resolved::*@*.net::2 - +Client +{ + host = "*@*.com"; + class = "America"; + maxlinks = 2; +}; + +Client +{ + host = "*@*.net"; + class = "America"; + maxlinks = 2; +}; # Now list all the .com / .net domains that you wish to have access... # actually it's less work to do it this way than to do it the other -# way around - K: lining every single ISP in the US. +# way around - K-lining every single ISP in the US. # I wish people in Holland just got a .nl domain, and not try to be # cool and use .com... -I:Resolved::*@*.wirehub.net::1 -I:Resolved::*@*.planete.net::1 -I:Resolved::*@*.ivg.com::1 -I:Resolved::*@*.ib.com::1 -I:Resolved::*@*.ibm.net::1 -I:Resolved::*@*.hydro.com::1 -I:Resolved::*@*.NL.net::1 +Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; }; +Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; }; # You can request a more complete listing, including the "list of standard -# K-lines" from the Routing Committee; it will also be sent to you if +# Kill blocks" from the Routing Committee; it will also be sent to you if # you apply for a server and get accepted. - +# # Ourselves - this makes sure that we can get in, no matter how full # the server is (hopefully). -I:*@193.37.*::*@*.london.ac.uk::10 - -# You can put a digit (0..9) in the password field, which will make ircd +Client +{ + host = "*@*.london.ac.uk"; + ip = "*@193.37.*"; + class = "Local"; + # A maxlinks of over 5 will automatically be glined by euworld on Undernet + maxlinks = 5; +}; + +# You can put an expression in the maxlinks value, which will make ircd # only accept a client when the total number of connections to the network # from the same IP number doesn't exceed this number. # The following example would accept at most one connection per IP number # from "*.swipnet.se" and at most two connections from dial up accounts # that have "dial??.*" as host mask: -# I:Resolved:1:*@*.swipnet.se::1 -# I:Resolved:2:*@dial??.*::1 - -# -# T:Lines +# Client { +# host = "*@*.swipnet.se"; +# maxlinks = 1; +# class = "Other"; +# }; +# Client { +# host = "*@dial??.*"; +# maxlinks = 2; +# class = "Other"; +# }; +# +# If you are not worried about who connects, this line will allow everyone +# to connect. +Client { + host = "*@*"; + ip = "*@*"; + class = "Other"; + maxlinks = 2; +}; + + +# [motd] # # It is possible to show a different Message of the Day to a connecting # client depending on its origin. -# T:: -# or: -# T:: +# motd { +# # Note: host can also be a classname. +# host = "Other"; +# file = "path/to/motd/file"; +# }; +# +# More than one host = "mask"; entry may be present in one block; this +# has the same effect as one Motd block for each host entry, but makes +# it easier to update the messages's filename. # # DPATH/net_com.motd contains a special MOTD where users are encouraged -# to register their domains and get their own I: lines if they're in +# to register their domains and get their own client{} lines if they're in # Europe, or move to US.UnderNet.org if they're in the USA. -T:*.net:net_com.motd -T:*.com:net_com.motd +motd { + host = "*.net"; + file = "net_com.motd"; +}; +motd { + host = "*.com"; + file = "net_com.motd"; +}; +motd { + host = "America"; + file = "net_com.motd"; +}; # A different MOTD for ourselves, where we point out that the helpdesk # better not be bothered with questions regarding irc... -T:*.london.ac.uk:london.motd +motd { + host = "*.london.ac.uk"; + file = "london.motd"; +}; +# [UWorld] # -# One of the many nice features of Undernet is ``Uworld'', a program +# One of the many nice features of Undernet is "Uworld", a program # connected to the net as a server. This allows it to broadcast any mode -# change, thus allowing opers to, for example, 'unlock' a channel that +# change, thus allowing opers to, for example, "unlock" a channel that # has been taken over. # There is only one slight problem: the TimeStamp protocol prevents this. # So there is a configuration option to allow them anyway from a certain # server. +# UWorld { +# # The servername or wildcard mask for it that this applies to. +# name = "relservername"; +# }; +# +# You may have have more than one name listed in each block. +# # Note: (1) These lines are agreed on by every server admin on Undernet; # (2) These lines must be the same on every single server, or results # will be disasterous; (3) This is a useful feature, not something that # is a liability and abused regularly (well... :-) # If you're on Undernet, you MUST have these lines. I cannnot stress -# this enough. -# As of ircu2.10.05 is it possible to Jupe nicks. Juped nicks need to be -# added to U: lines. As per CFV-0095, the following nicks must be juped, -# it is not allowed to jupe others as well. - -U:Uworld.EU.undernet.org:EuWorld,E,protocol,StatServ,NoteServ,Undernet:* -U:Uworld2.undernet.org:UWorld2,W,ChanSvr,ChanSaver,ChanServ,COM1,COM2,COM3,COM4:* -U:Uworld.undernet.org:Uworld,X,NickSvr,NickSaver,NickServ,LPT1,LPT2,AUX:* - +# this enough. If all of the servers don't have the same lines, the +# servers will try to undo the mode hacks that Uworld does. Make SURE that +# all of the servers have the EXACT same UWorld blocks. +# +# If your server starts on a bit larger network, you'll probably get +# assigned one or two uplinks to which your server can connect. +# If your uplink(s) also connect to other servers than yours (which is +# probable), you need to define your uplink as being allowed to "hub". +# See the Connect block documentation for details on how to do that. + +UWorld { + name = "uworld.eu.undernet.org"; + name = "uworld2.undernet.org"; + name = "uworld.undernet.org"; + name = "channels.undernet.org"; + name = "channels2.undernet.org"; + name = "channels3.undernet.org"; + name = "channels4.undernet.org"; + name = "channels5.undernet.org"; + name = "channels6.undernet.org"; +}; + +# As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and +# CFV-0255, the following nicks must be juped, it is not allowed to +# jupe others as well. +Jupe { + nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`"; + nick = "EuWorld,UWorld,UWorld2"; + nick = "login,undernet,protocol,pass,newpass,org"; + nick = "StatServ,NoteServ"; + nick = "ChanSvr,ChanSaver,ChanServ"; + nick = "NickSvr,NickSaver,NickServ"; + nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX"; +}; + +# [Kill] # # While running your server, you will most probably encounter individuals # or groups of persons that you do not wish to have access to your server. # -# For this purpose, the ircd understands "kill lines". -# K::"": +# For this purpose, the ircd understands "kill blocks". These are also +# known as K-lines, by virtue of the former config file format. +# Kill +# { +# host = "user@host"; +# reason = "The reason the user will see"; +# }; +# It is possible to ban on the basis of the real name. +# It is also possible to use a file as comment for the ban, using +# file = "file": +# Kill +# { +# realname = "realnametoban"; +# file = "path/to/file/with/reason/to/show"; +# }; # -# It is possible to use a file as comment for the ban. -# K::!: # # The default reason is: "You are banned from this server" -# Note that K: lines are local to the server; if you ban a person or a +# Note that Kill blocks are local to the server; if you ban a person or a # whole domain from your server, they can get on IRC via any other server -# that doesn't have them K: lined (yet). - +# that doesn't have them Killed (yet). +# # With a simple comment, using quotes: -K:*.au:"Please use a nearer server":* -K:*.edu:"Please use a nearer server":* +Kill { host = "*.au"; reason = "Please use a nearer server"; }; +Kill { host = "*.edu"; reason = "Please use a nearer server"; }; -# With a file, prepending a '!' before the filename. -# The file can contain for example, a reason, a link to the -# server rules and a contact address. -K:unixbox.flooder.co.uk:!kline/youflooded.txt:*luser - -# -# IP-based kill lines are designated with a lowercase 'k'. These lines -# use the same format as normal K: lines, except they apply to all hosts, -# even if an IP address has a properly resolving host name. -k:192.168.*:!klines/martians:* +# You can also kill based on username. +Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; }; +# The file can contain for example, a reason, a link to the +# server rules and a contact address. Note the combination +# of username and host in the host field. +Kill +{ + host = "*luser@unixbox.flooder.co.uk"; + file = "kline/youflooded.txt"; +}; + +# IP-based kill lines apply to all hosts, even if an IP address has a +# properly resolving host name. +Kill +{ + host = "192.168.*"; + file = "klines/martians"; +}; + +# The realname field lets you ban by realname... +Kill +{ + realname = "*sub7*"; + reason = "You are infected with a Trojan"; +}; + +# [Connect] # # You probably want your server connected to other servers, so your users # have other users to chat with. @@ -262,44 +531,81 @@ k:192.168.*:!klines/martians:* # server links is provided for ircd to decide what links to allow, what # to let humans do themselves, and what links to (forcefully) disallow. # -# The Connection lines (also known as C lines) +# The Connect blocks # define what servers the server connect to, and which servers are # allowed to connect. -# C::::: +# Connect { +# name = "servername"; +# host = "hostnameORip"; +# vhost = "localIP"; +# password = "passwd"; +# port = portno; +# class = "classname"; +# maxhops = 2; +# hub = "*.eu.undernet.org"; +# autoconnect = no; +# }; # # The "port" field defines the default port the server tries to connect # to if an operator uses /connect without specifying a port. This is also -# the port used when the server attempts to auto-connect to the remote -# server. (See Y:lines for more informationa about auto-connects). - -# Our primary uplink. -C:1.2.3.4:passwd:Amsterdam.NL.Eu.UnderNet.org:4400:90 - +# the port used when the server attempts to auto-connect to the remote +# server. (See Class blocks for more informationa about auto-connects). +# You may tell ircu to not automatically connect to a server by adding +# "autoconnect = no;"; the default is to autoconnect. # -# If your server starts on a bit larger network, you'll probably get -# assigned one or two uplinks to which your server can connect. -# If your uplink(s) also connect to other servers than yours (which is -# probable), you need to define your uplink as being allowed to "hub". -# H::: -H:*.*::Amsterdam.NL.Eu.UnderNet.org - +# If the vhost field is present, the server will use that IP as the +# local end of connections that it initiates to this server. This +# overrides the vhost value from the General block. # -# Of course, the opposite is also possible: forcing a server to be -# a leaf. L: lines follow Murphy's Law: if you use them, there's a big -# chance that routing will be screwed up afterwards. -# L:::: +# The maxhops field causes an SQUIT if a hub tries to introduce +# servers farther away than that; the element 'leaf;' is an alias for +# 'maxhops = 0;'. The hub field limits the names of servers that may +# be introduced by a hub; the element 'hub;' is an alias for +# 'hub = "*";'. +# +# Our primary uplink. +Connect { + name = "Amsterdam.NL.Eu.UnderNet.org"; + host = "1.2.3.4"; + password = "passwd"; + port = 4400; + class = "Server"; + hub; +}; +# [crule] # # For an advanced, real-time rule-based routing decision making system -# you can use Disallow lines. For more information, see doc/readme.crules. -# D::: -# d::: -# D:*.US.UnderNet.org::connected(*.US.UnderNet.org) -# d:*.EU.UnderNet.org::connected(Amsterdam.NL.EU.*) - -# The following line is recommended for leaf servers: -# d:*::directcon(*) - +# you can use crule blocks. For more information, see doc/readme.crules. +# If more than one server mask is present in a single crule, the rule +# applies to all servers. +# CRULE +# { +# server = "servermask"; +# rule = "connectrule"; +# # Setting all to yes makes the rule always apply. Otherwise it only +# # applies to autoconnects. +# all = yes; +# }; +CRULE +{ + server = "*.US.UnderNet.org"; + rule = "connected(*.US.UnderNet.org)"; +}; +CRULE +{ + server = "*.EU.UnderNet.org"; + rule = "connected(Amsterdam.NL.EU.*)"; +}; + +# The following block is recommended for leaf servers: +CRULE +{ + server = "*"; + rule = "directcon(*)"; +}; + +# [Operator] # # Inevitably, you have reached the part about "IRC Operators". Oper status # grants some special privileges to a user, like the power to make the @@ -314,35 +620,87 @@ H:*.*::Amsterdam.NL.Eu.UnderNet.org # can squit, connect and kill - but only locally: their +o user mode # is not not passed along to other servers. On Undernet, this prevents # them from using Uworld as well. -# Depending on some defines in include/config.h, local operators are also -# not allowed to /DIE and /RESTART the server. -# Local operators are designated with a lowercase 'o' -# O::::: -# o::::: - -O:*@*.cs.vu.nl:VRKLKuGKn0jLs:Niels::10 +# +# More than one host = "mask"; entry may be present in one block; this +# has the same effect as one Operator block for each host entry, but +# makes it easier to update operator nicks, passwords, classes, and +# privileges. +# +# Operator { +# host = "host/IP mask"; +# name = "opername"; +# password = "encryptedpass"; +# class = "classname"; +# # You can also set any operator privilege; see the Class block +# # documentation for details. A privilege defined for a single +# # Operator will override the privilege settings for the Class +# # and the default setting. +# }; +# +# By default, the password is hashed using the system's native crypt() +# function. Other password mechanisms are available; the umkpasswd +# utility from the ircd directory can hash passwords using those +# mechanisms. If you use a password format that is NOT generated by +# umkpasswd, ircu will not recognize the oper's password. +# +# All privileges are shown with their default values; if you wish to +# override defaults, you should set only those privileges for the +# operator. Listing defaulted privileges just makes things harder to +# find. +Operator { + local = no; + host = "*@*.cs.vu.nl"; + password = "VRKLKuGKn0jLt"; + name = "Niels"; + class = "Local"; +}; +Operator { + host = "*@*.uu.net"; + password = "$PLAIN$notencryptedpass"; + name = "Niels"; + class = "Opers"; +}; # Note that the is optional, but leaving it away -# puts the O: lines in class 0, which usually only accepts one connection -# at a time. If you want users to Oper up more then once per O: line, -# then use a connection class that allows more then one connection, -# for example (using class 10 as in the example above): -# Y:10:90:0:100:160000 - -# [P:lines] -# When your server gets fuller, you will notice delays when trying to -# connect to your server's primary listening port. Via the Port lines -# it is possible to specify additional ports for ircd to listen to. +# puts the opers in class "default", which usually only accepts one +# connection at a time. If you want users to Oper up more then once per +# block, then use a connection class that allows more then one connection, +# for example (using class Local as in the example above): +# +# Once you OPER your connection class changes no matter where you are or +# your previous connection classes. If the defined connection class is +# Local for the operator block, then your new connection class is Local. + +# [Port] +# When your server gets more full, you will notice delays when trying to +# connect to your server's primary listening port. It is possible via the +# Port lines to specify additional ports for the ircd to listen to. # De facto ports are: 6667 - standard; 6660-6669 - additional client # ports; # Undernet uses 4400 for server listener ports. # These are just hints, they are in no way official IANA or IETF policies. -# IANA says we should use port 194, but that requires us to run as root, so -# we don't do that. -# -# P:::<[CS][H]>: -# -# The hostmask setting allows you to specify a range of IP addresses that +# IANA says we should use port 194, but that requires us to run as root, +# so we don't do that. +# +# +# Port { +# port = [ipv4] [ipv6] number; +# mask = "ipmask"; +# # Use this to control the interface you bind to. +# vhost = [ipv4] [ipv6] "virtualhostip"; +# # You can specify both virtual host and port number in one entry. +# vhost = [ipv4] [ipv6] "virtualhostip" number; +# # Setting to yes makes this server only. +# server = yes; +# # Setting to yes makes the port "hidden" from stats. +# hidden = yes; +# }; +# +# The port and vhost lines allow you to specify one or both of "ipv4" +# and "ipv6" as address families to use for the port. The default is +# to listen on both IPv4 and IPv6. +# +# The mask setting allows you to specify a range of IP addresses that # you will allow connections from. This should only contain IP addresses # and '*' if used. This field only uses IP addresses. This does not use # DNS in any way so you can't use it to allow *.nl or *.uk. Attempting @@ -356,97 +714,213 @@ O:*@*.cs.vu.nl:VRKLKuGKn0jLs:Niels::10 # If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it # WILL bind to all interfaces - not what most people seem to expect. # -# The [CS][H] field is an optional field to specify that a port is a -# server port or a client port and whether it's hidden or not. -# If used the first character MUST be either a C or S. -# If you want to hide a port from /stats p from non-opers follow the C -# or S with an H -# -# P:::<[CS][H]>: -# -# This is a normal server port, you need to have at least one server -# port defined if you want to connect your server to other servers. -P:::S:4400 -# This is a Server port that is Hidden -#P:::SH:4401 - -# The following are normal client ports -P:::C:6667 -P::::6668 -P:192.168.*:::6666 +Port { + server = yes; + port = 4400; +}; -# This is a hidden client port, listening on the interface associated -# with the IP address 168.8.21.107 -#P:*:168.8.21.107:CH:7000 +# This is an IPv4-only Server port that is Hidden +Port { + server = yes; + hidden = yes; + port = ipv4 4401; +}; -# [F:lines] +# The following are normal client ports +Port { port = 6667; }; +Port { port = 6668; }; +Port { + # This only accepts clients with IPs like 192.168.*. + mask = "192.168.*"; + port = 6666; +}; + +# This is a hidden client port, listening on 168.8.21.107. +Port { + vhost = "168.8.21.107"; + hidden = yes; + port = 7000; +}; + +# More than one vhost may be present in a single Port block; in this case, +# we recommend listing the port number on the vhost line for clarity. +Port { + vhost = "172.16.0.1" 6667; + vhost = "172.16.3.1" 6668; + hidden = no; +}; + +# Quarantine blocks disallow operators from using OPMODE and CLEARMODE +# on certain channels. Opers with the force_opmode (for local +# channels, force_local_opmode) privilege may override the quarantine +# by prefixing the channel name with an exclamation point ('!'). +# Wildcards are NOT supported; the channel name must match exactly. +Quarantine { + "#shells" = "Thou shalt not support the h4><0rz"; + "&kiddies" = "They can take care of themselves"; +}; + +# This is a server-implemented alias to send a message to a service. +# The string after Pseudo is the command name; the name entry inside +# is the service name, used for error messages. More than one nick +# entry can be provided; the last one listed has highest priority. +Pseudo "CHANSERV" { + name = "X"; + nick = "X@channels.undernet.org"; +}; + +# You can also prepend text before the user's message. +Pseudo "LOGIN" { + name = "X"; + prepend = "LOGIN "; + nick = "X@channels.undernet.org"; +}; + +# You can ask a separate server whether to allow users to connect. +# Uncomment this ONLY if you have an iauth helper program. +# IAuth { +# program = "../path/to/iauth" "-n" "options go here"; +# }; + +# [features] # IRC servers have a large number of options and features. Most of these # are set at compile time through the use of #define's--see "make config" # for more details--but we are working to move many of these into the -# configuration file. Feature lines are the hook we're using for this. -# -# F::[:[...]] -# -# Currently, the only defined value for is "LOG," and it allows you -# to customize the settings of the logging architecture. You can set the -# default logging facility to, say, local7 (F:LOG:LOCAL7), or set a log -# file for one of the subsystems (F:LOG:GLINE:FILE:gline.log). More than -# one subsystem can log to the same file without danger of interleaving. -# -# The currently defined subsystems are SYSTEM, CONFIG, OPERMODE (used by -# /opmode and /clearmode), GLINE, JUPE, WHO (used by /whox), NETWORK -# (connects and disconnects), OPERKILL, SERVKILL, USER, OPER, OPERLOG, -# USERLOG, RESOLVER, SOCKET, DEBUG, and OLDLOG. You can set log files -# for these subsystems to log to, or you can tell them to syslog their -# data, or even send server notices. You can do any of these in -# combination, but you can't log to more than one file. You can also set -# minimum log levels per subsystem, if you wish. -# -# The format for LOG Feature lines is as follows: -# -# F:LOG: -# F:LOG::[:] -# -# The first sets the default facility for ircu to log to to . -# Valid values are listed in the syslog(3) man page; just -# remove the "LOG_" prefix. -# -# The list of subsystems is given above. The valid values for are -# FILE, FACILITY, SNOMASK, and LEVEL, which respectively set the log file, -# the syslog facility, a server notice mask value, and the minimum log -# level. If no is given, or if is empty, the default -# value for that type is set. -# -# Valid 's for the FACILITY type are the normal syslog values (with -# the "LOG_" prefix removed) or the special values "NONE" (which specifies -# that syslogging should not be attempted) and "DEFAULT" (which specifies -# that the server-wide facility should be used); the default for all -# subsystems is "NONE." -# -# Valid 's for the SNOMASK type are OLDSNO, SERVKILL, OPERKILL, -# HACK2, HACK3, UNAUTH, TCPCOMMON, TOOMANY, HACK4, GLINE, NETWORK, -# IPMISMATCH, THROTTLE, OLDREALOP, and CONNEXIT, as well as the special -# values NONE, which specifies that no server notices should be sent, -# and DEBUG, which is only available if DEBUGMODE has been enabled. -# -# Valid 's for the LEVEL type are CRIT, ERR, WARNING, NOTICE, -# TRACE, INFO, and DEBUG. Note that logs with level CRIT always result -# in server notices to mask SNO_OLDSNO, and logs with level DEBUG always -# send server notices to mask SNO_DEBUG. -# -# A couple of things to note: log settings are not reset to defaults prior -# to a rehash; this means that if you delete F-lines and rehash, logs will -# continue going to the same place. Also, all subsystems are defaulted to -# minimum log level INFO (or DEBUG if DEBUGMODE is #define'd). - -# -# Well, you have now reached the end of this sample configuration file -# If you have any questions, feel free to mail -# or . -# If you are interested in linking your server to the Undernet IRC network -# visit http://www.routing-com.undernet.org/, and if there are any problems -# then contact asking for information. -# Upgrades of the Undernet ircd can be found on http://coder-com.undernet.org/. +# configuration file. Features let you configure these at runtime. +# You only need one feature block in which you use +# "featurename" = "value1" , "value2", ..., "valuen-1", "valuen"; +# +# The entire purpose of F:lines are so that you do not have to recompile +# the IRCD everytime you want to change a feature. All of the features +# are listed below, and at the bottom is how to set logging. +# +# A Special Thanks to Kev for writing the documentation of F:lines. It can +# be found at doc/readme.features and the logging documentation can be +# found at doc/readme.log. The defaults used by the Undernet network are +# below. +# +features +{ +# These log features are the only way to get certain error messages +# (such as when the server dies from being out of memory). For more +# explanation of how they work, see doc/readme.log. + "LOG" = "SYSTEM" "FILE" "ircd.log"; + "LOG" = "SYSTEM" "LEVEL" "CRIT"; +# "DOMAINNAME"=""; +# "RELIABLE_CLOCK"="FALSE"; +# "BUFFERPOOL"="27000000"; +# "HAS_FERGUSON_FLUSHER"="FALSE"; +# "CLIENT_FLOOD"="1024"; +# "SERVER_PORT"="4400"; +# "NODEFAULTMOTD"="TRUE"; +# "MOTD_BANNER"="TRUE"; +# "KILL_IPMISMATCH"="FALSE"; +# "IDLE_FROM_MSG"="TRUE"; +# "HUB"="FALSE"; +# "WALLOPS_OPER_ONLY"="FALSE"; +# "NODNS"="FALSE"; +# "RANDOM_SEED"=""; +# "DEFAULT_LIST_PARAM"="TRUE"; +# "NICKNAMEHISTORYLENGTH"="800"; +# "NETWORK"="UnderNet"; +# "HOST_HIDING"="FALSE"; +# "HIDDEN_HOST"="users.undernet.org"; +# "HIDDEN_IP"="127.0.0.1"; +# "KILLCHASETIMELIMIT"="30"; +# "MAXCHANNELSPERUSER"="10"; +# "NICKLEN" = "12"; +# "AVBANLEN"="40"; +# "MAXBANS"="30"; +# "MAXSILES"="15"; +# "HANGONGOODLINK"="300"; +# "HANGONRETRYDELAY" = "10"; +# "CONNECTTIMEOUT" = "90"; +# "MAXIMUM_LINKS" = "1"; +# "PINGFREQUENCY" = "120"; +# "CONNECTFREQUENCY" = "600"; +# "DEFAULTMAXSENDQLENGTH" = "40000"; +# "GLINEMAXUSERCOUNT" = "20"; +# "MPATH" = "ircd.motd"; +# "RPATH" = "remote.motd"; +# "PPATH" = "ircd.pid"; +# "TOS_SERVER" = "0x08"; +# "TOS_CLIENT" = "0x08"; +# "POLLS_PER_LOOP" = "200"; +# "IRCD_RES_TIMEOUT" = "4"; +# "IRCD_RES_RETRIES" = "2"; +# "AUTH_TIMEOUT" = "9"; +# "IPCHECK_CLONE_LIMIT" = "4"; +# "IPCHECK_CLONE_PERIOD" = "40"; +# "IPCHECK_CLONE_DELAY" = "600"; +# "CHANNELLEN" = "200"; +# "CONFIG_OPERCMDS" = "FALSE"; +# "OPLEVELS" = "TRUE"; +# "ZANNELS" = "TRUE"; +# "LOCAL_CHANNELS" = "TRUE"; +# "ANNOUNCE_INVITES" = "FALSE"; +# These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS) +# behavior to hide most network topology from users. +# "HIS_SNOTICES" = "TRUE"; +# "HIS_SNOTICES_OPER_ONLY" = "TRUE"; +# "HIS_DEBUG_OPER_ONLY" = "TRUE"; +# "HIS_WALLOPS" = "TRUE"; +# "HIS_MAP" = "TRUE"; +# "HIS_LINKS" = "TRUE"; +# "HIS_TRACE" = "TRUE"; +# "HIS_STATS_a" = "TRUE"; +# "HIS_STATS_c" = "TRUE"; +# "HIS_STATS_d" = "TRUE"; +# "HIS_STATS_e" = "TRUE"; +# "HIS_STATS_f" = "TRUE"; +# "HIS_STATS_g" = "TRUE"; +# "HIS_STATS_i" = "TRUE"; +# "HIS_STATS_j" = "TRUE"; +# "HIS_STATS_J" = "TRUE"; +# "HIS_STATS_k" = "TRUE"; +# "HIS_STATS_l" = "TRUE"; +# "HIS_STATS_L" = "TRUE"; +# "HIS_STATS_m" = "TRUE"; +# "HIS_STATS_M" = "TRUE"; +# "HIS_STATS_o" = "TRUE"; +# "HIS_STATS_p" = "TRUE"; +# "HIS_STATS_q" = "TRUE"; +# "HIS_STATS_r" = "TRUE"; +# "HIS_STATS_R" = "TRUE"; +# "HIS_STATS_t" = "TRUE"; +# "HIS_STATS_T" = "TRUE"; +# "HIS_STATS_u" = "FALSE"; +# "HIS_STATS_U" = "TRUE"; +# "HIS_STATS_v" = "TRUE"; +# "HIS_STATS_w" = "TRUE"; +# "HIS_STATS_x" = "TRUE"; +# "HIS_STATS_y" = "TRUE"; +# "HIS_STATS_z" = "TRUE"; +# "HIS_STATS_IAUTH" = "TRUE"; +# "HIS_WHOIS_SERVERNAME" = "TRUE"; +# "HIS_WHOIS_IDLETIME" = "TRUE"; +# "HIS_WHOIS_LOCALCHAN" = "TRUE"; +# "HIS_WHO_SERVERNAME" = "TRUE"; +# "HIS_WHO_HOPCOUNT" = "TRUE"; +# "HIS_MODEWHO" = "TRUE"; +# "HIS_BANWHO" = "TRUE"; +# "HIS_KILLWHO" = "TRUE"; +# "HIS_REWRITE" = "TRUE"; +# "HIS_REMOTE" = "TRUE"; +# "HIS_NETSPLIT" = "TRUE"; +# "HIS_SERVERNAME" = "*.undernet.org"; +# "HIS_SERVERINFO" = "The Undernet Underworld"; +# "HIS_URLSERVERS" = "http://www.undernet.org/servers.php"; +# "URLREG" = "http://cservice.undernet.org/live/"; +}; + +# Well, you have now reached the end of this sample configuration +# file. If you have any questions, feel free to mail +# . If you are interested in linking your +# server to the Undernet IRC network visit +# http://www.routing-com.undernet.org/, and if there are any +# problems then contact asking for +# information. Upgrades of the Undernet ircd can be found on +# http://coder-com.undernet.org/. # # For the rest: Good Luck! #