Author: aredridel Date: Mon Apr 23 18:37:31 2007 GMT Module: SOURCES Tag: HEAD ---- Log message: - added
---- Files affected: SOURCES: inspircd.conf (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/inspircd.conf diff -u /dev/null SOURCES/inspircd.conf:1.1 --- /dev/null Mon Apr 23 20:37:31 2007 +++ SOURCES/inspircd.conf Mon Apr 23 20:37:26 2007 @@ -0,0 +1,2033 @@ +######################################################################## +# # +# ___ ___ ____ ____ _ # +# |_ _|_ __ ___ _ __|_ _| _ \ / ___|__| | # +# | || '_ \/ __| '_ \| || |_) | | / _` | # +# | || | | \__ \ |_) | || _ <| |__| (_| | # +# |___|_| |_|___/ .__/___|_| \_\\____\__,_| # +# |_| # +# ____ __ _ _ _ # +# / ___|___ _ __ / _(_) __ _ _ _ _ __ __ _| |_(_) ___ _ __ # +# | | / _ \| '_ \| |_| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ # +# | |__| (_) | | | | _| | (_| | |_| | | | (_| | |_| | (_) | | | | # +# \____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| # +# |___/ # +# # +##################################||#################################### + #||# +##################################||#################################### +# # +# This is an example of the config file for InspIRCd. # +# Change the options to suit your network # +# # +# Last updated on : 03 Feb 2007 # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# Lines prefixed with READ THIS BIT, as shown above, are IMPORTANT # +# lines, and you REALLY SHOULD READ THEM. Yes, THIS MEANS YOU. Even # +# if you've configured InspIRCd before, these probably indicate # +# something new or different to this version and you SHOULD READ IT. # +# # +######################################################################## +# # +# Unalphabeticalise the modules list at your own risk # +# # +######################################################################## + + +#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#- +# # +# Here is where you enter the information about your server. # +# # +# Syntax is as follows: # +# # +# <server name="server.name" # +# description="Server Description" # +# network="MyNetwork"> # +# # + +<server name="localhost.localdomain" + description="Local IRC Network" + network="Local"> + + +#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-# +# # +# Describes the Server Administrator's real name (optionally), # +# nick, and email address. # +# # +# Syntax is as follows: # +# <admin name="real name" # +# nick="nick name" # +# email="[EMAIL PROTECTED]"> # +# # + +<admin name="Joe Admin" + nick="admin" + email="[EMAIL PROTECTED]"> + + +#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# Enter the port and address bindings here. # +# # +# bind address - specifies which address ports bind to. Leaving this # +# field blank binds the port to all IPs available. # +# # +# port - The port number to bind to. You may specify a port # +# range here, e.g. "6667-6669,7000,7001". If you do # +# this, the server will count each port within your # +# range as a seperate binding, making the above # +# example equivalent to five seperate bind tags. # +# A failure on one port in the range does not prevent # +# the entire range from being bound, just that one # +# port number. # +# # +# type - can be 'clients' or 'servers'. The clients type is # +# a standard tcp based socket, the servers type is a # +# also a TCP based connection but of a different # +# format. SSL support is provided by modules, to # +# enable SSL support, please read the module section # +# of this configuration file. # +# # +# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so # +# modules, you must define this value to use ssl on # +# that port. valid values are 'gnutls' or 'openssl' # +# respectively. If the module is not loaded, this # +# setting is ignored. # +# # +# transport - If you have m_spanningtree.so loaded, along with # +# either of the SSL modules (m_ssl_gnutls or # +# m_ssl_openssl) or m_ziplinks.so, then you may make # +# use of this value. # +# setting it to 'openssl' or 'gnutls' or 'zip' # +# indicates that the port should accept connections # +# using the given transport name. Transports are # +# layers which sit on top of a socket and change the # +# way data is sent and received, e.g. encryption, # +# compression, and other such things. Because this # +# may not be limited in use to just encryption, # +# the 'ssl' value used for client ports does not # +# exist for servers, and this value is used instead. # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# If you want to link servers to InspIRCd you must load the # +# m_spanningtree module! Please see the modules list below for # +# information on how to load this module! If you do not load this # +# module, server ports will NOT be bound! # +# # +# Leaving address empty binds to all available interfaces # +# # +# Syntax is as follows: # +# # +# <bind address="ip address" port="port" type="clients"> # +# <bind address="ip address" port="port" type="servers"> # +# # +# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, # +# then you can specify IPV4 ip addresses here to bind. You may also # +# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPV4 # +# address to bind the port, but as of InspIRCd 1.1.1, this is not # +# required. # +# # +# ------------------------------------------------------------------- # +# # +# PLEASE NOTE: If you have build InspIRCd as an ipv6 server, and you # +# specify an empty bind address, the binding will be bound to ALL THE # +# IPV6 IP ADDRESSES, and not the ipv4 addresses. If you are using an # +# ipv6 enabled InspIRCd and want to bind to multiple IPV4 addresses # +# in this way, you must specify them by hand. If you have built the # +# server for ipv4 connections only, then specifying an empty bind # +# address binds the port to all ipv4 IP addresses, as expected. # +# # + +<bind address="" port="6667" type="clients"> +# <bind address="" port="6660-6669" type="clients" ssl="gnutls"> + +# When linking servers, the openssl and gnutls transports are largely +# link-compatible and can be used alongside each other or either/or +# on each end of the link without any significant issues. + +<bind address="" port="7000,7001" type="servers"> +#<bind address="1.2.3.4" port="7005" type="servers" transport="openssl"> + + +#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- +# # +# You can configure the passwords here which you wish to use for # +# the die and restart commands. Only trusted ircops who will # +# need this ability should know the die and restart password. # +# # +# Syntax is as follows: # +# <power diepass="die password" restartpass="restart password" # +# pause="secs before dying"> # +# # + +# <power diepass="die" restartpass="restart" pause="2"> + + +#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional tag allows you to include another config file # +# allowing you to keep your configuration tidy. The configuration # +# file you include will be treated as part of the configuration file # +# which includes it, in simple terms the inclusion is transparent. # +# # +# All paths to config files are relative to the directory of the main # +# config file inspircd.conf, unless the filename starts with a forward# +# slash (/) in which case it is treated as an absolute path. # +# # +# Syntax is as follows: # +#<include file="file.conf"> # +# # + +#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# This is where you can configure which connections are allowed # +# and denied access onto your server. The password is optional. # +# You may have as many of these as you require. To allow/deny all # +# connections, use a '*' or 0.0.0.0/0. # +# # +# Syntax is as follows: # +# # +# <connect allow="1.2.3.0/24" password="blahblah" # +# timeout="10" timeout="blah" flood="5" # +# threshold="8" pingfreq="120" sendq="99999" # +# revcq="696969" localmax="3" globalmax="3" # +# port="6660"> # +# # +# <connect deny="127.0.0.1" port="6667"> # +# # +# IP masks may be specified in CIDR format or wildcard format, # +# for IPV4 and IPV6. You *cannot* use hostnames in the allow or # +# deny field, as the state is applied before the user's DNS has # +# been resolved. # +# # +# You may optionally include timeout="x" on any allow line, which # +# specifies the amount of time given before an unknown connection # +# is closed if USER/NICK/PASS are not given. This value is in secs # +# # +# You should also include a flood="x" line which indicates # +# the number of lines a user may place into their buffer at once # +# before they are disconnected for excess flood. This feature can # +# not be disabled, however it can be set to extremely high values, # +# rendering it effectively disabled. A recommended value is 10. # +# A counter is maintained for each user which is reset every # +# 'threshold' seconds and specifying this threshold value with # +# threshold="X" indicates how often the counter is reset. For # +# example, with flood="5" and threshold="8", the user may not send # +# more than 5 lines in 8 secs. # +# # +# You may optionally specify the sendq size and ping frequency of # +# each connect:allow line using the pingfreq="X" and sendq="X" # +# settings as shown in the full example below. # +# The ping frequency is specified in seconds, and the sendq size # +# in bytes. It is recommended, although not enforced, that you # +# should never set your sendq size to less than 8k. Send Queues are # +# dynamically allocated and can grow as needed up to the maximum # +# size specified. # +# # +# The optional recvq value is the maximum size which users in this # +# group may grow their receive queue to. This is recommended to be # +# kept pretty low compared to the sendq, as users will always # +# receive more than they send in normal circumstances. The default # +# if not specified is 4096. # +# # +# The sendq is the data waiting to be sent TO THE USER. # +# The recvq is the data being received FROM THE USER. # +# The names sendq and recvq are from the SERVER'S PERSPECTIVE not # +# that of the user... Just to clear up any confusion or complaints # +# that these are backwards :p # +# # +# The localmax and globalmax values can be used to enforce local # +# and global session limits on connections. The session limits are # +# counted against all users, but applied only to users within the # +# class. For example, if you had a class 'A' which has a session # +# limit of 3, and a class 'B' which has a session limit of 5, and # +# somehow, two users managed to get into class B which also match # +# class A, there is only one connection left for this IP now in A, # +# but if they can connect again to B, there are three. You get the # +# idea (i hope). # +# # +# The optional port value determines which port the connect tag is # +# handling. If left out the connect tag covers all bound ports else # +# only incoming connections on the specified port will match. Port # +# tags may be used on connect allow and connect deny tags. # +# # + +# <connect allow="196.12.*" password="secret" port="6667"> + +<connect allow="*" + timeout="60" + flood="20" + threshold="1" + pingfreq="120" + sendq="262144" + recvq="8192" + localmax="3" + globalmax="3"> + +# <connect deny="69.254.*"> +# <connect deny="3ffe::0/32"> + + +#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# Classes are a group of commands which are grouped together # +# and given a unique name. They used to define which commands # +# are available to certain types of Operators. # +# # +# Syntax is as follows: # +# # +# <class name="name" commands="oper commands"> # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# You are not forced to give these classes the names given below. # +# You can create your own named classes, if you want, in fact that # +# is the whole idea of this system! # +# # +# Note: It is possible to make a class which covers all available # +# commands. To do this, specify commands="*". This is not really # +# recommended, as it negates the whole purpose of the class system, # +# however it is provided for fast configuration (e.g. in test nets) # +# # + +<class name="Shutdown" commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD"> +<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256"> +<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE"> +<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES"> +<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT"> + + +#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# +# # +# This is where you specify which types of operators you have on # +# your server, as well as the commands they are allowed to use. # +# This works alongside with the classes specified above. # +# # +# type name - a name for the combined class types # +# a type name cannot contain spaces, however if you # +# put an _ symbol in the name, it will be translated # +# to a space when displayed in a WHOIS. # +# # +# classes - specified above, used for flexibility for the # +# server admin to decide on which operators get # +# what commands. Class names are case sensitive, # +# seperate multiple class names with spaces. # +# # +# host - optional hostmask operators will receive on oper-up. # +# # +# Syntax is as follows: # +# # +# <type name="name" classes="class names" host="oper hostmask"> # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# You are not forced to give these types the names given below. # +# You can create your own named types, if you want, in fact that # +# is the whole idea of this system! # +# # + +<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown ServerLink" host="netadmin.localhost.localdomain"> +<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" host="ircop.localhost.localdomain"> +<type name="Helper" classes="HostCloak" host="helper.localhost.localdomain"> + + +#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# Opers are defined here. This is a very important section. # +# Remember to only make operators out of truthworthy people. # +# # +# name - oper name, This is case sensitive, so it is best to # +# use lower-case. # +# # +# password - password to oper-up, also case sensitive. # +# encryption is supported via modules. You may load # +# modules for MD5 or SHA256 encryption, and if you do, # +# this value will be a hash value, otherwise put a # +# plaintext password in this value. # +# # +# host - hosts of client allowed to oper-up. # +# wildcards accepted, seperate multiple hosts with a # +# space. You may also specify CIDR ip addresses. # +# # +# fingerprint - When using the m_ssl_oper_cert.so module, you may # +# specify a key fingerprint here. This can be obtained # +# using the /fingerprint command whilst the module is # +# loaded, or from the notice given to you when you # +# connect to the ircd using a client certificate, # +# and will lock this oper block to only the user who # +# has that specific key/certificate pair. # +# This enhances security a great deal, however it # +# requires that opers use clients which can send ssl # +# client certificates, if this is configured for that # +# oper. Note that if the m_ssl_oper.so module is not # +# loaded, and/or one of m_ssl_openssl or m_ssl_gnutls # +# is not loaded, this configuration option has no # +# effect and will be ignored. # +# # +# type - Defines the kind of operator. This must match a type # +# tag you defined above, and is case sensitive. # +# # +# Syntax is as follows: # +# <oper name="login" # +# password="pass" # +# host="[EMAIL PROTECTED]" # +# fingerprint="hexsequence" # +# type="oper type"> # +# # + +# <oper name="admin" password="s3cr3t" host="*" type="NetAdmin"> + +#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-# +# # +# Defines which servers can link to this one, and which servers this # +# server may create outbound links to. # +# # +# name - The name is the canocial name of the server, does # +# not have to resolve - but it is expected to be set # +# in the remote servers connection info. # +# # +# ipaddr - Valid host or ip address for remote server. These # +# hosts are resolved on rehash, and cached, if you # +# specify a hostname, so if you find that your server # +# is still trying to connect to an old IP after you # +# have updated your dns, try rehashing and then # +# attempting the connect again. # +# # +# port - The TCP port for the remote server. # +# # +# sendpass - Password to send to create an outbound connection # +# to this server. # +# # +# recvpass - Password to receive to accept an inbound connection # +# from this server. # +# # +# autoconnect - Sets the server to autoconnect. Where x is the num. # +# (optional) of seconds between attempts. e.g. 300 = 5 minutes. # +# # +# transport - If defined, this is a transport name implemented by # +# another module. Transports are layers on top of # +# plaintext connections, which alter them in certain # +# ways. Currently the three supported transports are # +# 'openssl' and 'gnutls' which are types of SSL # +# encryption, and 'zip' which is for compression. # +# If you define a transport, both ends of the # +# connection must use a compatible transport for the # +# link to succeed. OpenSSL and GnuTLS are link- # +# compatible with each other. # +# # +# hidden - When using m_spanningtree.so for linking. you may # +# set this to 'yes', and if you do, the IP address/ # +# hostname of this connection will NEVER be shown to # +# any opers on the network. In /STATS c its address # +# will show as *@<hidden>, and during CONNECT and # +# inbound connections, its IP will show as <hidden> # +# UNLESS the connection fails (e.g. due to a bad # +# password or servername) # +# # +# allowmask - When this is defined, it indicates a range of IP # +# addresses to allow for this link (You may use CIDR # +# or wildcard form for this address). # +# e.g. if your server is going to connect to you from # +# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 # +# into this value. If it is not defined, then only # +# the ipaddr field of the server shall be allowed. # +# # +# failover - If you define this option, it must be the name of a # +# different link tag in your configuration. This # +# option causes the ircd to attempt a connection to # +# the failover link in the event that the connection # +# to this server fails. For example, you could define # +# two hub uplinks to a leaf server, and set an # +# american server to autoconnect, with a european # +# hub as its failover. In this situation, your ircd # +# will only try the link to the european hub if the # +# american hub is unreachable. NOTE that for the # +# intents and purposes of this option, an unreachable # +# server is one which DOES NOT ANSWER THE CONNECTION. # +# If the server answers the connection with accept(), # +# EVEN IF THE CREDENTIALS ARE INVALID, the failover # +# link will not be tried! Failover settings will also # +# apply to autoconnected servers as well as manually # +# connected ones. # +# # +# timeout - If this is defined, then outbound connections will # +# time out if they are not connected within this many # +# seconds. If this is not defined, the default of ten # +# seconds is used. # +# # +# bind - If you specify this value, then when creating an # +# outbound connection to the given server, the IP you # +# place here will be bound to. This is for multi- # +# homed servers which may have multiple IP addresses. # +# If you do not define this value, the first IP that # +# is not empty or localhost from your <bind> tags # +# will be bound to. This is usually acceptable, # +# however if your server has multiple network cards # +# then you may have to manually specify the bind # +# value instead of leaving it to automatic binding. # +# You can usually tell if you need to set this by # +# looking for the error 'Could not assign requested # +# address' in your log when connecting to servers. # +# # +# hidden - If this is set to true, yes, or 1, then the server # +# is completely hidden from non-opers. It does not # +# show in LINKS and it does not show in MAP. Also, # +# any servers which are child servers of this one # +# in the network will *also* be hidden. Use with # +# care! You can use this to 'mask off' sections of # +# the network so that users only see a small portion # +# of a much larger net. It should NOT be relied upon # +# as a security tool, unless it is being used for # +# example to hide a non-client hub, for which clients # +# do not have an IP address or resolvable hostname. # +# # +# to u:line a server (give it extra privilages required for running # +# services, Q, etc) you must include the <uline server> tag as shown # +# in the example below. You can have as many of these as you like. # +# # +# WARNING: Unlike other ircds, u:lining a server allows ALL users on # +# that server to operoverride modes. This should only be used for # +# services and protected oper servers! # +# # +# ------------------------------------------------------------------- # +# # +# NOTE: If you have built your server as an ipv6 server, then when a # +# DNS lookup of a server's host occurs, AAAA records (ipv6) are # +# priorotized over A records (ipv4). Therefore, if the server you are # +# connecting to has both an IPV6 ip address and an IPV4 ip address in # +# its DNS entry, the IPV6 address will *always* be selected. To # +# change this behaviour simply specify the IPV4 IP address rather # +# than the hostname of the server. # +# # +# ------------------------------------------------------------------- # +# # +# ____ _ _____ _ _ ____ _ _ _ # +# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # +# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # +# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # +# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# # +# If you want to link servers to InspIRCd you must load the # +# m_spanningtree module! Please see the modules list below for # +# information on how to load this module! If you do not load this # +# module, server links will NOT work! # +# # +# Also, if you define any transports, you must load the modules for # +# these transports BEFORE you load m_spanningtree, e.g. place them # +# above it in the configuration file. Currently this means the three # +# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on # +# which you choose to use. # +# # + +#<link name="hub.penguin.org" +# ipaddr="penguin.box.com" +# port="7000" +# allowmask="69.58.44.0/24" +# autoconnect="300" +# failover="hub.other.net" +# timeout="15" +# transport="gnutls" +# bind="1.2.3.4" +# hidden="no" +# sendpass="outgoing!password" +# recvpass="incoming!password"> +# +#<link name="services.localhost.localdomain" +# ipaddr="localhost" +# port="7000" +# allowmask="127.0.0.0/8" +# sendpass="penguins" +# recvpass="polarbears"> + + +#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# This tag defines a ulined server. A U-Lined server has special # +# permissions, and should be used with caution. Services servers are # +# usually u-lined in this manner. # +# # +# The 'silent' value if set to yes indicates that this server should # +# not generate quit and connect notices, which can cut down on noise # +# to opers on the network. # +# # +<uline server="services.localhost.localdomain" silent="yes"> + + +#-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# +# # +# These options let you define the path to your motd and rules # +# files. If these are relative paths, they are relative to the # +# configurtion directory. # +# # + +<files motd="inspircd.motd" + rules="inspircd.rules"> + +#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This optional configuration tag lets you define the maximum number # +# of channels that both opers and users may be on at any one time. # +# the default is 20 for user and 60 for opers if this tag is not # +# defined. Remote users are not restricted in any manner. # +# # + <<Diff was trimmed, longer than 597 lines>> _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
