added FEAT_CHMODE_A_NOSET to prevent +a from being set by users

[ircu2.10.12-pk.git] / doc / example.conf

# ircd.conf - configuration file for ircd version ircu2.10
#
# Last Updated:  20, March 2002.
#
# Written by Niels <niels@undernet.org>, based on the original example.conf,
# server code and some real-life (ahem) experience.
#
# Updated and heavily modified by Braden <dbtem@yahoo.com>.
#
# Rewritten by A1kmm(Andrew Miller)<a1kmm@mware.virtualave.net> to support
# the new flex/bison configuration parser.
#
# Thanks and credits to: Run, Trillian, Cym, Morrissey, Chaos, Flynn,
#                        Xorath, WildThang, Mmmm, SeKs, Ghostwolf and
#                        all other Undernet IRC Admins and Operators,
#                        and programmers working on the Undernet ircd.
#
# This is an example of the configuration file used by the Undernet ircd.
#
# This document is based on a (fictious) server in Europe with a
# connection to the Undernet IRC network. It is primarily a leaf server,
# but if all the other hubs in Europe aren't in service, it can connect
# to one in the US by itself.
#
# The configuration format consists of a number of blocks in the format
#  BlockName { setting = number; setting2 = "string"; setting3 = yes; };
# Note that comments start from a #(hash) and go to the end of the line.
# Whitespace(space, tab, or carriage return/linefeed) are ignored and may
# be used to make the configuration file more readable.
#
# Please note that when ircd puts the configuration lines into practice,
# it parses them exactly the other way round than they are listed here.
# It uses the blocks in reverse order.
#
# This means that you should start your Client blocks with the
# "fall through", most vanilla one, and end with the most detailed.
#
# There is a difference between the "hostname" and the "server name"
# of the machine that the server is run on. For example, the host can
# have "veer.cs.vu.nl" as FQDN, and "Amsterdam.NL.EU.undernet.org" as
# server name.
# A "server mask" is something like "*.EU.UnderNet.org", which is
# matched by "Amsterdam.NL.EU.undernet.org" but not by
# "Manhattan.KS.US.undernet.org".
#
# Please do NOT just rename the example.conf to ircd.conf and expect
# it to work.


# [General]
#
# First some information about the server.
# General {
#         name = "servername";
#         vhost = "ipv4vhost";
#         vhost = "ipv6vhost";
#         description = "description";
#         numeric = numericnumber;
#         dns vhost = "ipv4vhost";
#         dns vhost = "ipv6vhost";
#         dns server = "ipaddress";
#         dns server = "ipaddress2";
# };
#
# If present, <virtual host> must contain a valid address in dotted
# quad or IPv6 numeric notation (127.0.0.1 or ::1).  The address MUST
# be the address of a physical interface on the host.  This address is
# used for outgoing connections if the Connect{} block does not
# override it.  See Port{} for listener virtual hosting.  If in doubt,
# leave it out -- or use "*", which has the same meaning as no vhost.
#
# You may specify both an IPv4 virtual host and an IPv6 virtual host,
# to indicate which address should be used for outbound connections
# of the respective type.
#
# Note that <server numeric> has to be unique on the network your server
# is running on, must be between 0 and 4095, and is not updated on a rehash.
#
# The two DNS lines allow you to specify the local IP address to use
# for DNS lookups ("dns vhost") and one or more DNS server addresses
# to use.  If the vhost is ambiguous for some reason, you may list
# IPV4 and/or IPV6 between the equals sign and the address string.
# The default DNS vhost is to let the operating system assign the
# address, and the default DNS servers are read from /etc/resolv.conf.
# In most cases, you do not need to specify either the dns vhost or
# the dns server.
General {
         name = "London.UK.Eu.UnderNet.org";
         description = "University of London, England";
         numeric = 1;
};

# [Admin]
#
# This sets information that can be retrieved with the /ADMIN command.
# It should contain at least an admin Email contact address.
Admin {
  # At most two location lines are allowed...
  Location = "The University of London";
  Location = "Undernet IRC server";
  Contact = "IRC Admins <irc@london.ac.uk>";
};

# [Classes]
#
# All connections to the server are associated with a certain "connection
# class", be they incoming or outgoing (initiated by the server), be they
# clients or servers.
#
# Class {
#  name = "<class>";
#  pingfreq = time;
#  connectfreq = time;
#  maxlinks = number;
#  sendq = size;
#  usermode = "+i";
# };
#
# For connection classes used on server links, maxlinks should be set
# to either 0 (for hubs) or 1 (for leaf servers).  Client connection
# classes may use maxlinks between 0 and approximately 4,000,000,000.
# maxlinks = 0 means there is no limit on the number of connections
# using the class.
# 
# <connect freq> applies only to servers, and specifies the frequency 
# that the server tries to autoconnect. setting this to 0 will cause
# the server to attempt to connect repeatedly with no delay until the 
# <maximum links> condition is satisfied. This is a Bad Thing(tm).
# Note that times can be specified as a number, or by giving something
# like: 1 minutes 20 seconds, or 1*60+20.
#
# Recommended server classes:
# All your server uplinks you are not a hub for.
Class {
 name = "Server";
 pingfreq = 1 minutes 30 seconds;
 connectfreq = 5 minutes;
 maxlinks = 1;
 sendq = 9000000;
};
# All the leaf servers you hub for.
Class {
 name = "LeafServer";
 pingfreq = 1 minutes 30 seconds;
 connectfreq = 5 minutes;
 maxlinks = 0;
 sendq = 9000000;
};

# Client {
#  username = "ident";
#  host = "host";
#  ip = "127.0.0.0/8";
#  password = "password";
#  class = "classname";
#  maxlinks = 3;
# };
#
# Everything in a Client block is optional.  If a username mask is
# given, it must match the client's username from the IDENT protocol.
# If a host mask is given, the client's hostname must resolve and
# match the host mask.  If a CIDR-style IP mask is given, the client
# must have an IP matching that range.  If maxlinks is given, it is
# limits the number of matching clients allowed from a particular IP
# address.
#
# Take the following class blocks only as a guide.
Class {
 name = "Local";
 pingfreq = 1 minutes 30 seconds;
 sendq = 160000;
 maxlinks = 100;
 usermode = "+iw";
};
Class {
 name = "America";
 pingfreq = 1 minutes 30 seconds;
 sendq = 80000;
 maxlinks = 5;
};
Class {
 name = "Other";
 pingfreq = 1 minutes 30 seconds;
 sendq = 160000;
 maxlinks = 400;
};
Class {
 name = "Opers";
 pingfreq = 1 minutes 30 seconds;
 sendq = 160000;
 maxlinks = 10;

 # For connection classes intended for operator use, you can specify
 # privileges used when the Operator block (see below) names this
 # class.  The local (aka globally_opered) privilege MUST be defined
 # by either the Class or Operator block.  The following privileges
 # exist:
 #
 # local (or propagate, with the opposite sense)
 # whox  (log oper's use of x flag with /WHO)
 # display (oper status visible to lusers)
 # chan_limit (can join local channels when in
 #                              MAXCHANNELSPERUSER channels)
 # mode_lchan (can /MODE &channel without chanops)
 # deop_lchan (cannot be deopped or kicked on local channels)
 # walk_lchan (can forcibly /JOIN &channel OVERRIDE)
 # show_invis (see +i users in /WHO x)
 # show_all_invis (see +i users in /WHO x)
 # unlimit_query (show more results from /WHO)
 # local_kill (can kill clients on this server)
 # rehash (can use /REHASH)
 # restart (can use /RESTART)
 # die (can use /DIE)
 # local_jupe (not used)
 # set (can use /SET)
 # local_gline (can set a G-line for this server only)
 # local_badchan (can set a Gchan for this server only)
 # see_chan (can see users in +s channels in /WHO)
 # list_chan (can see +s channels with /LIST S, or modes with /LIST M)
 # wide_gline (can use ! to force a wide G-line)
 # see_opers (can see opers without DISPLAY privilege)
 # local_opmode (can use OPMODE/CLEARMODE on local channels)
 # force_local_opmode (can use OPMODE/CLEARMODE on quarantined local channels)
 # kill (can kill clients on other servers)
 # gline (can issue G-lines to other servers)
 # jupe_server (not used)
 # opmode (can use /OPMODE)
 # badchan (can issue Gchans to other servers)
 # force_opmode (can use OPMODE/CLEARMODE on quarantined global channels)
 # apass_opmode (can use OPMODE/CLEARMODE on +A and +U keys)
 # umode_nochan (can set usermode +n to hide channels)
 # umode_noidle (can set usermode +I to hide idle time)
 # umode_chserv (can set umode +k)
 # umode_xtraop (can set umode +X)
 # umode_netserv (can set umode +S)
 # umode_overridecc (Allow to set umode +c which overrides cmodes +cC)
 # see_idletime (can see idletime of local +I users)
 # hide_idletime (hides idle time also from users with see_idletime, unless they are on the same server and have this priv too)
 # more_flood (has less throttling)
 # unlimited_flood (no more excess floods)
 # unlimited_targets (allow unlimited target changes)
 # noamsg_override (can override cmode +M)
 #
 # For global opers (with propagate = yes or local = no), the default
 # is to grant all of the above privileges EXCEPT walk_lchan,
 # umode_chserv, umode_xtraop, umode_service,
 # unlimit_query, set, badchan, local_badchan and apass_opmode.
 # For local opers, the default is to grant ONLY the following
 # privileges:
 #  chan_limit, mode_lchan, show_invis, show_all_invis, local_kill,
 #  rehash, local_gline, local_jupe, local_opmode, whox, display,
 #  force_local_opmode, see_idletime, hide_channels, hide_idletime,
 #  more_flood
 # Any privileges listed in a Class block override the defaults.

 local = no;
};
# [Client]
#
# To allow clients to connect, they need authorization. This can be
# done based on hostmask, address mask, and/or with a password.
# With intelligent use of classes and the maxconnections field in the
# Client blocks, you can let in a specific domain, but get rid of all other
# domains in the same toplevel, thus setting up some sort of "reverse
# Kill block".
# Client {
#  host = "user@host";
#  ip = "user@ip";
#  password = "password";
#  class = "classname";
# };
#
# Technical description (for examples, see below):
# For every connecting client, the IP address is known.  A reverse lookup
# on this IP-number is done to get the (/all) hostname(s).
# Each hostname that belongs to this IP-number is matched to <hostmask>,
# and the Client {} is used when any matches; the client will then show
# with this particular hostname.  If none of the hostnames match, then
# the IP-number is matched against the <IP mask ...> field, if this matches
# then the Client{} is used nevertheless and the client will show with the
# first (main) hostname if any; if the IP-number did not resolve then the
# client will show with the dot notation of the IP-number.
# There is a special case for the UNIX domain sockets and localhost connections
# though; in this case the <IP mask ...> field is compared with the
# name of the server (thus not with any IP-number representation). The name
# of the server is the one returned in the numeric 002 reply, for example:
# 002 Your host is 2.undernet.org[jolan.ppro], running version ...
# Then the "jolan.ppro" is the name used for matching.
# Therefore, unix domain sockets, and connections to localhost would
# match this block:
# host = "*@jolan.ppro";
#
# This is the "fallback" entry. All .uk, .nl, and all unresolved are
# in these two lines.
# By using two different lines, multiple connections from a single IP
# are only allowed from hostnames which have both valid forward and
# reverse DNS mappings.
Client
{
 class = "Other";
 ip = "*@*";
 maxlinks = 2;
};


Client
{
 class = "Other";
 host = "*@*";
 maxlinks = 2;
};
# If you don't want unresolved dudes to be able to connect to your
# server, do not specify any "ip = " settings.
#
# Here, take care of all American ISPs.
Client
{
 host = "*@*.com";
 class = "America";
 maxlinks = 2;
};

Client
{
 host = "*@*.net";
 class = "America";
 maxlinks = 2;
};
# Now list all the .com / .net domains that you wish to have access...
# actually it's less work to do it this way than to do it the other
# way around - K-lining every single ISP in the US.
# I wish people in Holland just got a .nl domain, and not try to be
# cool and use .com...
Client { host = "*@*.wirehub.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.planete.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ivg.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ib.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.ibm.net"; class = "Other"; maxlinks=2; };
Client { host = "*@*.hydro.com"; class = "Other"; maxlinks=2; };
Client { host = "*@*.nl.net"; class = "Local"; maxlinks=2; };

# You can request a more complete listing, including the "list of standard
# Kill blocks" from the Routing Committee; it will also be sent to you if
# you apply for a server and get accepted.
#
# Ourselves - this makes sure that we can get in, no matter how full
# the server is (hopefully).
Client
{
 host = "*@*.london.ac.uk";
 ip = "*@193.37.*";
 class = "Local";
 # A maxlinks of over 5 will automatically be glined by euworld on Undernet
 maxlinks = 5;
};

# You can put an expression in the maxlinks value, which will make ircd
# only accept a client when the total number of connections to the network
# from the same IP number doesn't exceed this number.
# The following example would accept at most one connection per IP number
# from "*.swipnet.se" and at most two connections from dial up accounts
# that have "dial??.*" as host mask:
# Client {
#  host = "*@*.swipnet.se";
#  maxlinks = 1;
#  class = "Other";
# };
# Client {
#  host = "*@dial??.*";
#  maxlinks = 2;
#  class = "Other";
# };
#
# If you are not worried about who connects, this line will allow everyone
# to connect.
Client {
 host = "*@*";
 ip = "*@*";
 class = "Other";
 maxlinks = 2;
};


# [motd]
#
# It is possible to show a different Message of the Day to a connecting
# client depending on its origin.
# motd {
#  # Note: host can also be a classname.
#  host = "Other";
#  file = "path/to/motd/file";
# };
#
# More than one host = "mask"; entry may be present in one block; this
# has the same effect as one Motd block for each host entry, but makes
# it easier to update the messages's filename.
#
# DPATH/net_com.motd contains a special MOTD where users are encouraged
# to register their domains and get their own client{} lines if they're in
# Europe, or move to US.UnderNet.org if they're in the USA.
motd {
 host = "*.net";
 file = "net_com.motd";
};
motd {
 host = "*.com";
 file = "net_com.motd";
};
motd {
 host = "America";
 file = "net_com.motd";
};

# A different MOTD for ourselves, where we point out that the helpdesk
# better not be bothered with questions regarding irc...
motd {
 host = "*.london.ac.uk";
 file = "london.motd";
};

# [UWorld]
#
# One of the many nice features of Undernet is "Uworld", a program
# connected to the net as a server. This allows it to broadcast any mode
# change, thus allowing opers to, for example, "unlock" a channel that
# has been taken over.
# There is only one slight problem: the TimeStamp protocol prevents this.
# So there is a configuration option to allow them anyway from a certain
# server.
# UWorld {
#  # The servername or wildcard mask for it that this applies to.
#  name = "relservername";
# };
#
# You may have have more than one name listed in each block.
#
# Note: (1) These lines are agreed on by every server admin on Undernet;
# (2) These lines must be the same on every single server, or results
# will be disasterous; (3) This is a useful feature, not something that
# is a liability and abused regularly (well... :-)
# If you're on Undernet, you MUST have these lines. I cannnot stress
# this enough.  If all of the servers don't have the same lines, the
# servers will try to undo the mode hacks that Uworld does.  Make SURE that
# all of the servers have the EXACT same UWorld blocks.
#
# If your server starts on a bit larger network, you'll probably get
# assigned one or two uplinks to which your server can connect.
# If your uplink(s) also connect to other servers than yours (which is
# probable), you need to define your uplink as being allowed to "hub".
# See the Connect block documentation for details on how to do that.

UWorld {
 name = "uworld.eu.undernet.org";
 name = "uworld2.undernet.org";
 name = "uworld.undernet.org";
 name = "channels.undernet.org";
 name = "channels2.undernet.org";
 name = "channels3.undernet.org";
 name = "channels4.undernet.org";
 name = "channels5.undernet.org";
 name = "channels6.undernet.org";
};

# As of ircu2.10.05 is it possible to Jupe nicks. As per CFV-0095 and
# CFV-0255, the following nicks must be juped, it is not allowed to
# jupe others as well.
Jupe {
 nick = "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,{,|,},~,-,_,`";
 nick = "EuWorld,UWorld,UWorld2";
 nick = "login,undernet,protocol,pass,newpass,org";
 nick = "StatServ,NoteServ";
 nick = "ChanSvr,ChanSaver,ChanServ";
 nick = "NickSvr,NickSaver,NickServ";
 nick = "LPT1,LPT2,COM1,COM2,COM3,COM4,AUX";
};

# [Kill]
#
# While running your server, you will most probably encounter individuals
# or groups of persons that you do not wish to have access to your server.
#
# For this purpose, the ircd understands "kill blocks". These are also
# known as K-lines, by virtue of the former config file format.
# Kill
# {
#   host = "user@host";
#   reason = "The reason the user will see";
# };
# It is possible to ban on the basis of the real name.
# It is also possible to use a file as comment for the ban, using
# file = "file":
# Kill
# {
#   realname = "realnametoban";
#   file = "path/to/file/with/reason/to/show";
# };
#
#
# The default reason is: "You are banned from this server"
# Note that Kill blocks are local to the server; if you ban a person or a
# whole domain from your server, they can get on IRC via any other server
# that doesn't have them Killed (yet).
#
# With a simple comment, using quotes:
Kill { host = "*.au"; reason = "Please use a nearer server"; };
Kill { host = "*.edu"; reason = "Please use a nearer server"; };

# You can also kill based on username.
Kill { username = "sub7"; realname = "s*7*"; reason = "You are infected with a Trojan"; };

# The file can contain for example, a reason, a link to the
# server rules and a contact address.  Note the combination
# of username and host in the host field.
Kill
{
 host = "*luser@unixbox.flooder.co.uk";
 file = "kline/youflooded.txt";
};

# IP-based kill lines apply to all hosts, even if an IP address has a
# properly resolving host name.
Kill
{
 host = "192.168.*";
 file = "klines/martians";
};

# The realname field lets you ban by realname...
Kill
{
 realname = "*sub7*";
 reason = "You are infected with a Trojan";
};

# [SSL]
#
#SSL {
# # There need to be the private key AND the public key INSIDE the certificate file
# cert = "";
# # Optional CA certificate for non-self-signed certificates
# cacert = "";
#};

SSL {
 cert = "ircd.pem";
};

# [Connect]
#
# You probably want your server connected to other servers, so your users
# have other users to chat with.
# IRC servers connect to other servers forming a network with a star or
# tree topology. Loops are not allowed.
# In this network, two servers can be distinguished: "hub" and "leaf"
# servers. Leaf servers connect to hubs; hubs connect to each other.
# Of course, many servers can't be directly classified in one of these
# categories. Both a fixed and a rule-based decision making system for
# server links is provided for ircd to decide what links to allow, what
# to let humans do themselves, and what links to (forcefully) disallow.
#
# The Connect blocks
# define what servers the server connect to, and which servers are
# allowed to connect.
# Connect {
#  name = "servername";
#  host = "hostnameORip";
#  vhost = "localIP";
#  password = "passwd";
#  port = portno;
#  class = "classname";
#  maxhops = 2;
#  hub = "*.eu.undernet.org";
#  autoconnect = no;
# };
#
# The "port" field defines the default port the server tries to connect
# to if an operator uses /connect without specifying a port. This is also
# the port used when the server attempts to auto-connect to the remote
# server. (See Class blocks for more informationa about auto-connects).
# You may tell ircu to not automatically connect to a server by adding
# "autoconnect = no;"; the default is to autoconnect.
#
# If the vhost field is present, the server will use that IP as the
# local end of connections that it initiates to this server.  This
# overrides the vhost value from the General block.
#
# The maxhops field causes an SQUIT if a hub tries to introduce
# servers farther away than that; the element 'leaf;' is an alias for
# 'maxhops = 0;'.  The hub field limits the names of servers that may
# be introduced by a hub; the element 'hub;' is an alias for
# 'hub = "*";'.
#
# Our primary uplink.
Connect {
 name = "Amsterdam.NL.Eu.UnderNet.org";
 host = "1.2.3.4";
 password = "passwd";
 port = 4400;
 class = "Server";
 hub;
};

# [crule]
#
# For an advanced, real-time rule-based routing decision making system
# you can use crule blocks. For more information, see doc/readme.crules.
# If more than one server mask is present in a single crule, the rule
# applies to all servers.
# CRULE
# {
#  server = "servermask";
#  rule = "connectrule";
#  # Setting all to yes makes the rule always apply. Otherwise it only
#  # applies to autoconnects.
#  all = yes;
# };
CRULE
{
 server = "*.US.UnderNet.org";
 rule = "connected(*.US.UnderNet.org)";
};
CRULE
{
 server = "*.EU.UnderNet.org";
 rule = "connected(Amsterdam.NL.EU.*)";
};

# The following block is recommended for leaf servers:
CRULE
{
 server = "*";
 rule = "directcon(*)";
};

# [Operator]
#
# Inevitably, you have reached the part about "IRC Operators". Oper status
# grants some special privileges to a user, like the power to make the
# server break or (try to) establish a connection with another server,
# and to "kill" users off IRC.
# I can write many pages about this; I will restrict myself to saying that
# if you want to appoint somebody as IRC Operator on your server, that
# person should be aware of his/her responsibilities, and that you, being
# the admin, will be held accountable for their actions.
#
# There are two sorts of IRC Operators: "local" and "global". Local opers
# can squit, connect and kill - but only locally: their +o user mode
# is not not passed along to other servers. On Undernet, this prevents
# them from using Uworld as well.
#
# More than one host = "mask"; entry may be present in one block; this
# has the same effect as one Operator block for each host entry, but
# makes it easier to update operator nicks, passwords, classes, and
# privileges.
#
# Operator {
#  host = "host/IP mask";
#  name = "opername";
#  password = "encryptedpass";
#  class = "classname";
#  # You can also set any operator privilege; see the Class block
#  # documentation for details.  A privilege defined for a single
#  # Operator will override the privilege settings for the Class
#  # and the default setting.
# };
#
# By default, the password is hashed using the system's native crypt()
# function.  Other password mechanisms are available; the umkpasswd
# utility from the ircd directory can hash passwords using those
# mechanisms.  If you use a password format that is NOT generated by
# umkpasswd, ircu will not recognize the oper's password.
#
# All privileges are shown with their default values; if you wish to
# override defaults, you should set only those privileges for the
# operator.  Listing defaulted privileges just makes things harder to
# find.
Operator {
 local = no;
 host = "*@*.cs.vu.nl";
 password = "VRKLKuGKn0jLt";
 name = "Niels";
 class = "Local";
};
Operator {
 host = "*@*.uu.net";
 password = "$PLAIN$notencryptedpass";
 name = "Niels";
 class = "Opers";
};

# Note that the <connection class> is optional, but leaving it away
# puts the opers in class "default", which usually only accepts one
# connection at a time.  If you want users to Oper up more then once per
# block, then use a connection class that allows more then one connection,
# for example (using class Local as in the example above):
#
# Once you OPER your connection class changes no matter where you are or
# your previous connection classes.  If the defined connection class is
# Local for the operator block, then your new connection class is Local.

# [Port]
# When your server gets more full, you will notice delays when trying to
# connect to your server's primary listening port. It is possible via the
# Port lines to specify additional ports for the ircd to listen to.
# De facto ports are: 6667 - standard; 6660-6669 - additional client
# ports;
# Undernet uses 4400 for server listener ports.
# These are just hints, they are in no way official IANA or IETF policies.
# IANA says we should use port 194, but that requires us to run as root,
# so we don't do that.
#
#
# Port {
#  port = [ipv4] [ipv6] number;
#  mask = "ipmask";
#  # Use this to control the interface you bind to.
#  vhost = [ipv4] [ipv6] "virtualhostip";
#  # You can specify both virtual host and port number in one entry.
#  vhost = [ipv4] [ipv6] "virtualhostip" number;
#  # Setting to yes makes this server only.
#  server = yes;
#  # Setting to yes makes the port "hidden" from stats.
#  hidden = yes;
#  # Setting to yes makes the port to handle incoming connection as SSL connections
#  secure = no;
# };
#
# The port and vhost lines allow you to specify one or both of "ipv4"
# and "ipv6" as address families to use for the port.  The default is
# to listen on both IPv4 and IPv6.
#
# The mask setting allows you to specify a range of IP addresses that
# you will allow connections from. This should only contain IP addresses
# and '*' if used. This field only uses IP addresses. This does not use
# DNS in any way so you can't use it to allow *.nl or *.uk. Attempting
# to specify anything other than numbers, dots and stars [0-9.*] will result
# in the port allowing connections from anyone.
#
# The interface setting allows multiply homed hosts to specify which
# interface to use on a port by port basis, if an interface is not specified
# the default interface will be used. The interface MUST be the complete
# IP address for a real hardware interface on the machine running ircd.
# If you want to use virtual hosting *YOU* *MUST* *USE* *THIS* otherwise it
# WILL bind to all interfaces - not what most people seem to expect.
#
Port {
 server = yes;
 port = 4400;
};

# This is an IPv4-only Server port that is Hidden
Port {
 server = yes;
 hidden = yes;
 port = ipv4 4401;
};

# The following are normal client ports
Port { port = 6667; };
Port { port = 6668; };
Port {
 # This only accepts clients with IPs like 192.168.*.
 mask = "192.168.*";
 port = 6666;
};

#SSL Port
Port {
 port = 6697;
 secure = yes;
};

# This is a hidden client port, listening on 168.8.21.107.
Port {
 vhost = "168.8.21.107";
 hidden = yes;
 port = 7000;
};

# More than one vhost may be present in a single Port block; in this case,
# we recommend listing the port number on the vhost line for clarity.
Port {
 vhost = "172.16.0.1" 6667;
 vhost = "172.16.3.1" 6668;
 hidden = no;
};

# Quarantine blocks disallow operators from using OPMODE and CLEARMODE
# on certain channels.  Opers with the force_opmode (for local
# channels, force_local_opmode) privilege may override the quarantine
# by prefixing the channel name with an exclamation point ('!').
# Wildcards are NOT supported; the channel name must match exactly.
Quarantine {
  "#shells" = "Thou shalt not support the h4><0rz";
  "&kiddies" = "They can take care of themselves";
};

# This is a server-implemented alias to send a message to a service.
# The string after Pseudo is the command name; the name entry inside
# is the service name, used for error messages.  More than one nick
# entry can be provided; the last one listed has highest priority.
# If the server behind the '@' is not valid or if the nick is not
# on this server, the servername is interpreted as an accountname
# and the nick must have this accountname set and +S as umode to get
# the message relayed.
Pseudo "CHANSERV" {
 name = "X";
 nick = "X@channels.undernet.org";
};

# You can also prepend text before the user's message.
Pseudo "LOGIN" {
 name = "X";
 prepend = "LOGIN ";
 nick = "X@channels.undernet.org";
};

# You can ask a separate server whether to allow users to connect.
# Uncomment this ONLY if you have an iauth helper program.
# If required is set to yes, then all clients are rejected when
# the iauth helper program could not be started/queried/timed-out.
# IAuth {
#  program = "../path/to/iauth" "-n" "options go here";
#  required = no;
# };

# [features]
# IRC servers have a large number of options and features.  Most of these
# are set at compile time through the use of #define's--see "make config"
# for more details--but we are working to move many of these into the
# configuration file.  Features let you configure these at runtime.
# You only need one feature block in which you use
# "featurename" = "value1" , "value2", ..., "valuen-1", "valuen";
#
# The entire purpose of F:lines are so that you do not have to recompile
# the IRCD everytime you want to change a feature.  All of the features
# are listed below, and at the bottom is how to set logging.
#
# A Special Thanks to Kev for writing the documentation of F:lines.  It can
# be found at doc/readme.features and the logging documentation can be
# found at doc/readme.log.  The defaults used by the Undernet network are
# below.
#
features
{
# These log features are the only way to get certain error messages
# (such as when the server dies from being out of memory).  For more
# explanation of how they work, see doc/readme.log.
 "LOG" = "SYSTEM" "FILE" "ircd.log";
 "LOG" = "SYSTEM" "LEVEL" "CRIT";
#  "DOMAINNAME"="<obtained from /etc/resolv.conf by ./configure>";
#  "RELIABLE_CLOCK"="FALSE";
#  "BUFFERPOOL"="27000000";
#  "HAS_FERGUSON_FLUSHER"="FALSE";
#  "CLIENT_FLOOD"="1024";
#  "SERVER_PORT"="4400";
#  "NODEFAULTMOTD"="TRUE";
#  "MOTD_BANNER"="TRUE";
#  "KILL_IPMISMATCH"="FALSE";
#  "IDLE_FROM_MSG"="TRUE";
#  "HUB"="FALSE";
#  "WALLOPS_OPER_ONLY"="FALSE";
#  "NODNS"="FALSE";
#  "RANDOM_SEED"="<you should set one explicitly>";
#  "DEFAULT_LIST_PARAM"="TRUE";
#  "NICKNAMEHISTORYLENGTH"="800";
#  "NETWORK"="UnderNet";
#  "HOST_HIDING"="FALSE";
#  "HIDDEN_HOST"="users.undernet.org";
#  "HIDDEN_IP"="127.0.0.1";
#  "KILLCHASETIMELIMIT"="30";
#  "MAXCHANNELSPERUSER"="10";
#  "NICKLEN" = "12";
#  "AVBANLEN"="40";
#  "MAXBANS"="30";
#  "MAXSILES"="15";
#  "HANGONGOODLINK"="300";
# "HANGONRETRYDELAY" = "10";
# "CONNECTTIMEOUT" = "90";
# "MAXIMUM_LINKS" = "1";
# "PINGFREQUENCY" = "120";
# "CONNECTFREQUENCY" = "600";
# "DEFAULTMAXSENDQLENGTH" = "40000";
# "GLINEMAXUSERCOUNT" = "20";
# "MPATH" = "ircd.motd";
# "RPATH" = "remote.motd";
# "PPATH" = "ircd.pid";
# "TOS_SERVER" = "0x08";
# "TOS_CLIENT" = "0x08";
# "POLLS_PER_LOOP" = "200";
# "IRCD_RES_TIMEOUT" = "4";
# "IRCD_RES_RETRIES" = "2";
# "AUTH_TIMEOUT" = "9";
# "IPCHECK_CLONE_LIMIT" = "4";
# "IPCHECK_CLONE_PERIOD" = "40";
# "IPCHECK_CLONE_DELAY" = "600";
# "CHANNELLEN" = "200";
# "CONFIG_OPERCMDS" = "FALSE";
# "OPLEVELS" = "TRUE";
# "ZANNELS" = "TRUE";
# "LOCAL_CHANNELS" = "TRUE";
# "ANNOUNCE_INVITES" = "FALSE";
#  These were introduced by Undernet CFV-165 to add "Head-In-Sand" (HIS)
#  behavior to hide most network topology from users.
#  "HIS_SNOTICES" = "TRUE";
#  "HIS_SNOTICES_OPER_ONLY" = "TRUE";
#  "HIS_DEBUG_OPER_ONLY" = "TRUE";
#  "HIS_WALLOPS" = "TRUE";
#  "HIS_MAP" = "TRUE";
#  "HIS_LINKS" = "TRUE";
#  "HIS_TRACE" = "TRUE";
#  "HIS_STATS_a" = "TRUE";
#  "HIS_STATS_c" = "TRUE";
#  "HIS_STATS_d" = "TRUE";
#  "HIS_STATS_e" = "TRUE";
#  "HIS_STATS_f" = "TRUE";
#  "HIS_STATS_g" = "TRUE";
#  "HIS_STATS_i" = "TRUE";
#  "HIS_STATS_j" = "TRUE";
#  "HIS_STATS_J" = "TRUE";
#  "HIS_STATS_k" = "TRUE";
#  "HIS_STATS_l" = "TRUE";
#  "HIS_STATS_L" = "TRUE";
#  "HIS_STATS_m" = "TRUE";
#  "HIS_STATS_M" = "TRUE";
#  "HIS_STATS_o" = "TRUE";
#  "HIS_STATS_p" = "TRUE";
#  "HIS_STATS_q" = "TRUE";
#  "HIS_STATS_r" = "TRUE";
#  "HIS_STATS_R" = "TRUE";
#  "HIS_STATS_t" = "TRUE";
#  "HIS_STATS_T" = "TRUE";
#  "HIS_STATS_u" = "FALSE";
#  "HIS_STATS_U" = "TRUE";
#  "HIS_STATS_v" = "TRUE";
#  "HIS_STATS_w" = "TRUE";
#  "HIS_STATS_x" = "TRUE";
#  "HIS_STATS_y" = "TRUE";
#  "HIS_STATS_z" = "TRUE";
#  "HIS_STATS_IAUTH" = "TRUE";
#  "HIS_WHOIS_SERVERNAME" = "TRUE";
#  "HIS_WHOIS_IDLETIME" = "TRUE";
#  "HIS_WHOIS_LOCALCHAN" = "TRUE";
#  "HIS_WHO_SERVERNAME" = "TRUE";
#  "HIS_WHO_HOPCOUNT" = "TRUE";
#  "HIS_MODEWHO" = "TRUE";
#  "HIS_BANWHO" = "TRUE";
#  "HIS_KILLWHO" = "TRUE";
#  "HIS_REWRITE" = "TRUE";
#  "HIS_REMOTE" = "TRUE";
#  "HIS_NETSPLIT" = "TRUE";
#  "ERR_CHANNELISFULL" = "Cannot join channel, channel is full (+l)";
#  "ERR_INVITEONLYCHAN" = "Cannot join channel, you must be invited (+i)";
#  "ERR_BANNEDFROMCHAN" = "Cannot join channel, you are banned (+b)";
#  "ERR_BADCHANNELKEY" = "Cannot join channel, you need the correct key (+k)";
#  "ERR_NEEDREGGEDNICK" = "Cannot join channel, you must be authed to join (+r)";
#  "ERR_JOINACCESS" = "Cannot join channel, you don't have enough ChanServ access (+a)";
#  "HIS_SERVERNAME" = "*.undernet.org";
#  "HIS_SERVERINFO" = "The Undernet Underworld";
#  "HIS_URLSERVERS" = "http://www.undernet.org/servers.php";
#  "LOC_ENABLE" = "FALSE";
#  "LOC_TARGET" = "somenick";
#  "CHMODE_A_ENABLE" = "TRUE";
#  "CHMODE_A_TARGET" = "ChanServ";
#  "CHMODE_A_NOSET" = "TRUE"; # Mode is not settable by normal users (only services chan set it)
#  "CHMODE_F_ENABLE" = "TRUE";
#  "UNKNOWN_CMD_ENABLE" = "TRUE";
#  "UNKNOWN_CMD_TARGET" = "OpServ";
#  "NOAMSG_TIME" = "0";
#  "NOAMSG_NUM" = "1";
};

# Well, you have now reached the end of this sample configuration
# file. If you have any questions, feel free to mail
# <coder-com@undernet.org>.  If you are interested in linking your
# server to the Undernet IRC network visit
# http://www.routing-com.undernet.org/, and if there are any
# problems then contact <routing-com@undernet.org> asking for
# information. Upgrades of the Undernet ircd can be found on
# http://coder-com.undernet.org/.
#
# For the rest:  Good Luck!
#
#       -- Niels.