/etc/dancer-ircd/ircd.conf

#   IRC - Internet Relay Chat, doc/example.conf
#   Copyright (C) 1992, Bill Wisner
#
#   Modified by Rodder, Jon Lusky <lusky@blown.net>,
#   at one time, but he didn't credit his changes.
#   Updated Dec 19, 1997 Diane Bruce aka db/Dianora <db@db.net>
#   please also read example.conf.trillian, it covers
#   elements this example misses.
#   -db
#   Updated again July 17, 1998 -db
#   Updated 990102 to take out P: line connection limiting code
#   Updated again July 5, 1999 -db
#   Updated for dancer 2000/08/04 -- asuffield
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 1, or (at your option)
#   any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
#
# IRC example configuration file
#
# This file describes the information that should be present in your IRC
# configuration and how to present it.
#
# M: set your server's name. Fields are, in order, host name (domain style),
#  optional bind address, a text name, and unused.
#
# NOTE:  The "optional bind address" is an address used in binding to a
# local address when we connect outbound.  For example, if your server machine
# is myhost.example.com (192.168.1.5) and you want IRCD to connect to others
# from irc.example.com (192.168.1.250), you'd put 192.168.1.250 in the
# "optional bind address" field.  If left blank, UNIX will choose the primary
# address of the interface closest to the destination.
#
# NOTE:  As of hybrid-6, the port field no longer binds a port by default.
# It is an inoperative and obsolete field.
#
M:localhost.:127.0.0.1:Debian localhost:
# 
# A: administrative information. This line should have three fields, which
#    may contain any arbitrary text. It is printed by the /ADMIN command.
#
A:Example location:My address:Inept server admin <dancer@localhost>

#
# Y: define connection class.  A class must be defined in a Y: line before
#    it is used in a C, N, or I line.  The fields are, in order, class number,
#    ping frequency in seconds, connect frequency in seconds, maximum
#    number of links (used for auto-connecting), and size of sendq.
#    For servers a sendq of at least 4mb is recommended if not more.
#
# N.B. Y lines must be defined before I lines and O lines, since
# both I lines and O lines make reference to Y lines or classes.
#
# For clients, the connect frequency field is used to set the maximum
# number of connects from same IP address. i.e. setting this field to '1'
# will limit every I line using this Y, to one connection per IP address.
# leaving it blank or 0, will disable any such checking.
#
# Class numbers must be positive to ensure future modification of ircd to
# use -1 internally could not be complicated with it's use externally.
#
Y:1:90:0:20:100000
Y:2:90:300:10:4000000

#
# .include lines, insert a file from DPATH directory into the conf
# you could use this to insert a common file between several
# ircd's if you wished. include files are handled after all the
# other lines in the conf file are done. i.e. a .include is always
# as if it was at the end of the conf file.
# 
# This brings in the external O:lines file, if there is one
.include "/etc/dancer-ircd/olines"

#
# I: authorize clients to connect to your server. You can use domains,
#    IP addresses, and asterisk wildcards. The second field can contain a
#    password that the client must use in order to be allowed to connect.
#    The optional fifth field may contain a connection class number.
#
#I:NOMATCH::*.alaska.edu::1
#I:NOMATCH:password:acad3.alaska.edu::1
#
#    If using IDENT, to activate it, you need to place a "user@" in the
#    host segment.
#
#I:*@acad3.alask.edu::*@acad3.alaska.edu::1
#I:root@acad.alask.edu::root@acad.alaska.edu::1
#
# The above are bad examples of I-lines, what really happens is something
# like this:
#

I:NOMATCH::*@*::1

## This is a correct example in hybrid-6, the username 
## is not used for an IP I line (this may be changed, its a simple change
## but EFnet is currently deprecating the use of non resolving client hosts)
## If the IP block has a resolving host name, it will be shown instead
## of the IP address. This just serves to allow on an entire block of ip's
## without needing to specify each individual hostname.
## Note, you must use an 'x' in the name field

#I:128.250.0.0/16::x::1

#
# You can also limit the number of connections from one host
# to any value. This can be used to stop cloners
# This is done using the normally unused confreq line in the Y line.
#
# i.e.
# Allow 100 users in a "bad boy" class, but allow only ONE
# user per IP to connect at a time.
#
#Y:3:90:1:100:100000
#
# Remember to put your "bad boy" I line last in the file, so it
# seen first and matches first before your standard I lines
#
# With hybrid ircd, max connections is taken from the class
# not per I line. i.e. the 3 I lines following will always add
# up to 100 or less, not 100 per I line.
#
#I:NOMATCH::*@*ppp*::3
#I:NOMATCH::*@*slip*::3
#I:NOMATCH::*@*ts*::3
#
# a name pattern in the first field will never cause a match since it's only
# ever matched against an IP# in the form a.b.c.d and a number in the third
# field will never match since a hostname is always compared against this
# field.  The '@' needs to be in the IP# section for ident to be used.

#
## additional prefix characters in I lines are defined
##
## from comstud
##
## 1) There are noticable differences in I: lines now.
##   There are 4 special characters that you can stick in front
##   of a hostname or ip# that do special things.
##   These characers are:
##   -  This will never put a ~ for a user not running identd
##   +  This will force people matching this I: to require identd
##   !  This means to only allow 1 connection per ip# in this I:
##   $  (Not used in hybrid)
##
##  Examples:
##
## a) I:x::!*@*ppp*::class  will only allow X connections per ip# for people
##     who have *ppp* in their hostname where X is given in the Y: line.
##    If there is no ! and you have a limit in your Y: line, then it matches
##      full user@host instead of just host.

## b) I:x::-*@*.cris.com::class will never show a ~, even though they may
##     not be running identd.  (This is equivilent to the old way of not
##    specifying a @ in the I: line).

## Additionally since ircd-hybrid-6
## B/E/F lines were removed and replaced with 3 other special characters
## in I lines
## 
## ^ This will exempt a user from K/G lines, limited protection from D lines
## & User can run bots (old B line)
## > This user is exempt from I line/server side connection limits
##   (old F line)
## _ This user is exempt from G lines
##
## A variant of amm's spoofing code was added
## = Spoof this users IP, normally only used for opers
##
## < This user is exempt from idle restrictions if IDLE_CHECK is defined
##

## Examples
## c) I:NOMATCH::^db@koruna.varner.com::3
##    This user is exempt from k/g lines
## d) I:NOMATCH::&jerdfelt@*mindspring.net::3
##    This user can run a bot, and is also "e lined"
## e) I:NOMATCH::>lusky@*vol.com::3
##    This user is immune from I line limits
## f) I:NOMATCH::^&>mpearce@*varner.com::3
##    This user can run a bot, is exempt
##    from client connect limits.
## g) I:smurfers.are.lame::=dgalas@*somewhere.com::3
##    Show this user as being dgalas@smurfers.are.lame
##    an IP can be used instead as long as the name field does not begin 
##    with an 'x'
##    i.e. 
##    I:192.168.0.0/24::x::3 #this is an IP I line
##    I:192.168.0.0::db@*somesite.com::3 #this is a spoofed IP	
#
# O: authorize operators. Fields are, in order, host name the operator must
#    be logged in from (wildcards allowed), operator's password, operator's
#    nickname.
##

## O:lines are better described in the dancer-oper-guide than here
## The new format for dancer has the 4th field (port) as the allowed umodes,
##  and the 6th field (after the connection class) as the default umodes to
##  be set on OPER.
# Examples:

O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:admin:abcdDfFgGhHkKlLmMnNpPrRsSUvVwWxXyYzZ0123459*:1:acdDfFgGhHkKlRsSUvVWXyYzZ0123459
O:*:$1$nmNi3oKw$/TTB9SfKK3.KPYfKBYLy20:luser::1:

## NOTE: These examples are from hybrid, and are not valid for dancer.
#
# The first example allows me to become an operator from any
#    machine in alaska.edu by typing /oper crunchy frog.
#
#O:*.alaska.edu:frog:crunchy
#
## This example allow this oper, to global kill, do remote squit/connect
## unklines, glines, and use umode +n
##
#O:db@*db.net:-encrypted password-:Dianora:ORUGN:3
#
##
## This example disables this opers use of global kill, unkline, and gline
## The oper can still do remote squits/connects
##
#O:newbie@*some.net:-encrypted password-:newbie:oug:3
##
## This example disables this opers use of global kill, unkline,
## gline and gline and remote squits/connects
## essentially the same permissions as a local oper, but with the "vanity"
## They can still local kill and kline for example.
##
#O:vanity@*some.net:-encrypted password-:vanity:oug:3
##
## you could make someone vantiy even more, by disabling their
## kill/kline privs... note they can still do full traces
## umode +c (watch connections) and do rehash
## But otherwise, this set of flags is not practical for
## a normal oper.
##
#O:vanity@*some.net:-encrypted password-:vanity:nougk:3
#
## a monitor bot could be given the following privs
## k - no kline/kill
## g - make sure no GLINE
## o - no global kill (already taken care of by 'k' flag above)
## r - no remote routing/squits
## N - allow this monitor to use umode +n for nick changes
##
## Some admins do not like remote tcm kills/klines. If this
## tcm oper gets compromised, the best they can do is
## rehash/trace/umode +cn , i.e. no global kills or "fun" for the
## compromised o line. But its still quite usuable for monitoring
## clones and nick flooders.
##
#
#o:tcm@*varner.com:-encrypted password-:tcm:kgorN:3
#
## Of course, leaving out the flags entirely defaults to
## reasonable defaults, so if you don't want to worry about it, then don't.
## You can always add G later for example.
#
## O : Global operator
## No explicit G or G-line flag, no N or allow umode +n flag
##
#O:db@ircd.dianora.com:-encrypted password-:Dianora::3
#
# o : local operator.
#o:trainee@shell.box.com:password:MyNick::3
#
##
## The fifth field of an O line, is the new class this oper will join
##

# C:, N: set up connections to other servers.
#
# C: specifies a server that your server may connect to.
# N: allows a remote server to connect to your own.
#
# The two lines are usually given in pairs.
#
# These lines may contain a password in the second field.  In fact, to
# maintain proper security, *all* IRC server links must have passwords.
#
# If a C: line contains four fields (the fourth being a TCP port number)
# IRC will actively try to connect to that server. You should have at least
# one such line.
#
# If an N: line contains four fields, the fourth should contain a number that
# specifies how many components of your own server's name to strip off the
# front and be replaced with a *.  This is done to implement hostmasking.
# For example, to make hayes.ims.alaska.edu present itself to the world as
# *.alaska.edu, I would use a 2 (to strip off the first two parts).  If you
# use this, be sure to tell the administrator of the servers you link to --
# they must add your hostmasked name to their configuration file or you will
# be unable to connect.
#
# The host part of C/N lines MUST contain a valid hostname or IP address
# The host part in the C:line MUST be identical to the host part in the N:line
# The name part of the C/N lines MUST match the associated H/L line name
# 
# The fifth field may contain a connection class number.
#
# The following two lines tell my server to try connecting to
# byron.u.washington.edu.
#
#C:byron.u.washington.edu:crunchyfrog:byron.u.washington.edu:6667:2
#N:byron.u.washington.edu:crunchyfrog:byron.u.washington.edu:2:2
#
# The following two lines allow a server to connect to my server, but my
# server will not make any attempt to connect to it.  Note that since the
# server is local to me, I am not using hostmasking.
#
#C:kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
#N:kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
#
# C and N lines may also use the "user@" combination in the same way as
# the I-lines.
#
#C:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2
#N:wisner@kaja.gi.alaska.edu:llamas:kaja.gi.alaska.edu::2

## The password in the N:line is usually an MD5 hash, not cleartext
## It must match the password in the C:line on the remote server.
## For serious security, the two servers should have different passwords
##  in their C lines, with each other's hash in their N lines.

#
# K: kill a user automatically upon connecting.  This is used to deny
#    troublesome users access to your server.  The fields are, in order,
#    hostname (wildcards are allowed), time of day, and username.

## Timed k-lines and R: lines are not recommended by the hybrid
## team. They might not even work. Timed-klines made more sense
## for university ircd's but nowadays with so many open irc servers
## around, it just seems pointless.
## -Dianora

# The second example restricts access from acad3.alaska.edu from
# 9:00am to noon, and 2:00pm to 5:00pm.  This form is only supported if
# TIMED_KLINES is defined.
#
#K:*.alaska.edu::FSSPR
#K:acad3.alaska.edu:0900-1200,1400-1700:*

# Note: it is preferable to place and remove K:lines from a running
# ircd, with the KLINE and UNKLINE commands, which write to the kline.conf
# file directly, in order to handle timestampts and distribution
# across the network cleanly.

#
# R: restrict user access.  This is an extended form of the K: line.
#    It looks for a match then runs an outside program that will determine
#    whether the person should be allowed on.  The fields are hostname,
#    program, and username.  A full pathname to the program should be used.
#    The output of the program should be a string of the form "Y <message>"
#    to allow the user, or "N <message>" to block them.  In the first case
#    the message is ignored; in the latter, it is sent as an error message
#    to the user.  R: lines are only functional if activated in config.h.
#
#R:kaja.gi.alaska.edu:/usr/local/lib/irc/does-eric-get-in:ejo
#
## NOTE: L:lines are not really appropriate for centrally maintained
##  networks. It is not recommended that you use them.
#
# L: leaf.  This forces the server listed to act as a leaf.  If such a
#    server allows any other servers to connect to it, its link is
#    dropped. If a port parameter is non-zero, it is used to control the
#    maximum depth that link will allow, where depth is the tree depth of
#    that branch.
#
#L:::kaja.gi.alaska.edu
#L:::cm5.eng.umd.edu:1
#
#    A new extension to the L-line allows you to be selective
#    about which other servers you wish the connecting server to behave as
#    as a leaf towards.  The following would not allow any server connecting
#    with a name that matches *.fi to introduce a server matching *.edu.
#
#L:*.edu::*.fi
#
# H: Hub.  This is required to allow other servers which connect to you as
#    a hub and introduce other servers.
#
#H:*.au:*:*.au
H:*::*
#
# P : port. The port line allows the server to listen on various ports for
#     connections.  Fields in order: unused,
#     address to bind to, unused, port to listen on
#
# NOTE:  As of hybrid-6, you MUST have at least one P: line defining a port
# to listen on, or the server won't do much.
#
P::::6667
#P::209.42.128.252::31337
#
# Listen on port 6665 on all available interfaces. Only allow connections from
# net 128.32. This is checked before existance of other access is available.
# 128.32.* == 128.32.0.0 where 0 is a wildcard.
# Also listen to port 31337 on only 209.42.128.252.  Allow connections from
# anywhere.
#
# D : dump.  Dumps all connect attempts from the matched IP
# without any procesing.
#
#     First arg is target IP and CIDR mask, second is a comment.
#
#D:208.148.84.3:bot host that changes domain names frequently
#D:128.183.0/24:NASA users aren't supposed to be on IRC
#
# d : immunity to D dump
# As in D line , First arg is targe IP and CIDR mask, second is a comment.
#
#d:199.0.154.0/24:Don't D line ais.net:

#
#
# Q lines, not the old server Q lines, but Quarantine lines for
# nicks. Only checked at NICK time, i.e. if added and hashed in
# will not kill users who match this nick.
#
#Q:dcc-*:dcc bots not allowed on this server
#Q:lamestbot:You have to be kidding me
#Q:crush:In memory of Janet Pippin
#Q:cwush:In memory of Janet Pippin
#Q:callas:Only allowed from this host:callas@oper.irc.arpa.com

#
# if JUPE_CHANNEL is defined you can also jupe a channel locally
#
## NOTE: JUPE_CHANNEL is not defined by default. This may change later
##  when it can be arranged for a jupe to propagate across all servers
##  more effectively.
#
# i.e. no one on your server can join this channel.
# You need the backslash to escape the # in the channel
#
#Q:\#packet:I am tired of the packet fights for this channel
#
# X lines.
# Used to match gecos fields and prohibit users or warn about users
# who have matching strings in those fields from getting on the server.
#
# All X line matches are sent to opers in +r user mode
# On an X line, a non 0 value for port exits that client
# a 0 value, only warns on +r
#
# These three examples only warn
#X:*www*:Possible spambot warning 1::0
#X:*http*:Possible spambot warning 2::0
#X:*sex*:Possible spambot warning 3::0
#
# These two examples reject the client
# use this to reject IPHONE users
#X:* vc:IPHONE user::1
# This is a very probable spambot
#X:*see me at*:This has GOT to be a spambot::1
#X:*hi baby*:This has GOT to be a spambot::1
dancer-ircd 1.0.36-8ubuntu1 / etc / dancer-ircd / ircd.conf
