/* Configuration file for UnrealIRCd 5 * * Simply copy this file to your conf/ directory, call it * 'unrealircd.conf' and walk through it line by line (edit it!) * * Important: All lines, except { and } end with an ; * This is very important, if you miss a ; somewhere then the * configuration file parser will complain and the file will not * be processed correctly! * If this is your first experience with an UnrealIRCd configuration * file then we really recommend you to read a little about the syntax, * this only takes a few minutes and will help you a lot: * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax * * UnrealIRCd 5 documentation (very extensive!): * https://www.unrealircd.org/docs/UnrealIRCd_5_documentation * * Frequently Asked Questions: * https://www.unrealircd.org/docs/FAQ * */ /* This is a comment, all text here is ignored (comment type #1) */ // This is also a comment, this line is ignored (comment type #2) # This is also a comment, again this line is ignored (comment type #3) /* UnrealIRCd makes heavy use of modules. Modules allow you to completely * customize the featureset you wish to enable in UnrealIRCd. * See: https://www.unrealircd.org/docs/Modules * * By using the include below we instruct the IRCd to read the file * 'modules.default.conf' which will load more than 150 modules * shipped with UnrealIRCd. In other words: this will simply load * all the available features in UnrealIRCd. * If you are setting up UnrealIRCd for the first time we suggest you * use this. Then, when everything is up and running you can come * back later to customize the list (if you wish). */ include "modules.default.conf"; /* Now let's include some other files as well: * - help/help.conf for our on-IRC /HELPOP system * - badwords.conf for channel and user mode +G * - spamfilter.conf as an example for spamfilter usage * (commented out) * - operclass.default.conf contains some good operclasses which * you can use in your oper blocks. */ include "help/help.conf"; include "badwords.conf"; //include "spamfilter.conf"; include "operclass.default.conf"; /* This is the me { } block which basically says who we are. * It defines our server name, some information line and an unique "sid". * The server id (sid) must start with a digit followed by two digits or * letters. The sid must be unique for your IRC network (each server should * have it's own sid). */ me { name "irc.example.org"; info "ExampleNET Server"; sid "001"; } /* The admin { } block defines what users will see if they type /ADMIN. * It normally contains information on how to contact the administrator. */ admin { "Bob Smith"; "bob"; "email@example.org"; } /* Clients and servers are put in class { } blocks, we define them here. * Class blocks consist of the following items: * - pingfreq: how often to ping a user / server (in seconds) * - connfreq: how often we try to connect to this server (in seconds) * - sendq: the maximum queue size for a connection * - recvq: maximum receive queue from a connection (flood control) */ /* Client class with good defaults */ class clients { pingfreq 90; maxclients 1000; sendq 200k; recvq 8000; } /* Special class for IRCOps with higher limits */ class opers { pingfreq 90; maxclients 50; sendq 1M; recvq 8000; } /* Server class with good defaults */ class servers { pingfreq 60; connfreq 15; /* try to connect every 15 seconds */ maxclients 10; /* max servers */ sendq 20M; } /* Allow blocks define which clients may connect to this server. * This allows you to add a server password or restrict the server to * specific IP's only. You also configure the maximum connections * allowed per IP here. * See also: https://www.unrealircd.org/docs/Allow_block */ /* Allow everyone in, but only 3 connections per IP */ allow { mask *; class clients; maxperip 3; } /* Example of a special allow block on a specific IP: * Requires users on that IP to connect with a password. If the password * is correct then it permits 20 connections on that IP. */ allow { mask 192.0.2.1; class clients; password "somesecretpasswd"; maxperip 20; } /* Oper blocks define your IRC Operators. * IRC Operators are people who have "extra rights" compared to others, * for example they may /KILL other people, initiate server linking, * /JOIN channels even though they are banned, etc. * * For more information about becoming an IRCOp and how to do admin * tasks, see: https://www.unrealircd.org/docs/IRCOp_guide * * For details regarding the oper { } block itself, see * https://www.unrealircd.org/docs/Oper_block */ /* Here is an example oper block for 'bobsmith' with password 'test'. * You MUST change this!! */ oper bobsmith { class opers; mask *@*; password "test123"; /* Oper permissions are defined in an 'operclass' block. * See https://www.unrealircd.org/docs/Operclass_block * UnrealIRCd ships with a number of default blocks, see * the article for a full list. We choose 'netadmin' here. */ operclass netadmin; swhois "is a Network Administrator"; vhost netadmin.example.org; } /* Listen blocks define the ports where the server should listen on. * In other words: the ports that clients and servers may use to * connect to this server. * * Syntax: * listen { * { * ip ; * port ; * options { * ; * } * } */ /* Standard IRC port 6667 */ listen { ip *; port 6667; } /* Standard IRC SSL/TLS port 6697 */ listen { ip *; port 6697; options { tls; } } /* Special SSL/TLS servers-only port for linking */ listen { ip *; port 6900; options { tls; serversonly; } } /* NOTE: If you are on an IRCd shell with multiple IP's and you use * the above listen { } blocks then you will likely get an * 'Address already in use' error and the ircd won't start. * This means you MUST bind to a specific IP instead of '*' like: * listen { ip 1.2.3.4; port 6667; } * Of course, replace the IP with the IP that was assigned to you. */ /* * Link blocks allow you to link multiple servers together to form a network. * See https://www.unrealircd.org/docs/Tutorial:_Linking_servers */ link hub.example.org { incoming { mask *@something; } outgoing { bind-ip *; /* or explicitly an IP */ hostname hub.example.org; port 6900; options { tls; } } /* We use the SPKI fingerprint of the other server for authentication. * Run './unrealircd spkifp' on the other side to get it. */ password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; } class servers; } /* The link block for services is usually much simpler. * For more information about what Services are, * see https://www.unrealircd.org/docs/Services */ link services.example.org { incoming { mask 127.0.0.1; } password "changemeplease"; class servers; } /* U-lines give other servers (even) more power/commands. * If you use services you must add them here. * NEVER put the name of an UnrealIRCd server here!!! */ ulines { services.example.org; } /* Here you can add a password for the IRCOp-only /DIE and /RESTART commands. * This is mainly meant to provide a little protection against accidental * restarts and server kills. */ drpass { restart "restart"; die "die"; } /* The log block defines what should be logged and to what file. * See also https://www.unrealircd.org/docs/Log_block */ /* This is a good default, it logs everything */ log "ircd.log" { flags { oper; connects; server-connects; kills; errors; flood; sadmin-commands; chg-commands; oper-override; tkl; spamfilter; } } /* With "aliases" you can create an alias like /SOMETHING to send a message to * some user or bot. They are usually used for services. * * We have a number of pre-set alias files, check out the alias/ directory. * As an example, here we include all aliases used for anope services. */ include "aliases/anope.conf"; /* Ban nick names so they cannot be used by regular users */ ban nick { mask "*C*h*a*n*S*e*r*v*"; reason "Reserved for Services"; } /* Ban ip. * Note that you normally use /KLINE, /GLINE and /ZLINE for this. */ ban ip { mask 195.86.232.81; reason "Hate you"; } /* Ban server - if we see this server linked to someone then we delink */ ban server { mask eris.berkeley.edu; reason "Get out of here."; } /* Ban user - just as an example, you normally use /KLINE or /GLINE for this */ ban user { mask *tirc@*.saturn.bbn.com; reason "Idiot"; } /* Ban realname allows you to ban clients based on their 'real name' * or 'gecos' field. */ ban realname { mask "Swat Team"; reason "mIRKFORCE"; } ban realname { mask "sub7server"; reason "sub7"; } /* Ban and TKL exceptions. Allows you to exempt users / machines from * KLINE, GLINE, etc. * If you are an IRCOp with a static IP (and no untrusted persons on that IP) * then we suggest you add yourself here. That way you can always get in * even if you accidentally place a *LINE ban on yourself. */ /* except ban protects you from KLINE and ZLINE */ except ban { mask *@192.0.2.1; // you may add more mask entries here.. } /* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */ except ban { mask *@192.0.2.1; type all; } /* With deny dcc blocks you can ban filenames for DCC */ deny dcc { filename "*sub7*"; reason "Possible Sub7 Virus"; } /* deny channel allows you to ban a channel (mask) entirely */ deny channel { channel "*warez*"; reason "Warez is illegal"; class "clients"; } /* VHosts (Virtual Hosts) allow users to acquire a different host. * See https://www.unrealircd.org/docs/Vhost_block */ /* Example vhost which you can use. On IRC type: /VHOST test test * NOTE: only people with an 'unrealircd.com' host may use it so * be sure to change the vhost::mask before you test. */ vhost { vhost i.hate.microsefrs.com; mask *@unrealircd.com; login "test"; password "test"; } /* Blacklist blocks will query an external DNS Blacklist service * whenever a user connects, to see if the IP address is known * to cause drone attacks, is a known hacked machine, etc. * Documentation: https://www.unrealircd.org/docs/Blacklist_block * Or just have a look at the blocks below. */ /* DroneBL, probably the most popular blacklist used by IRC Servers. * See https://dronebl.org/ for their documentation and the * meaning of the reply types. At time of writing we use types: * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone, * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain, * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers, * 14: Open Wingate Proxy, 15: Compromised router / gateway, * 16: Autorooting worms. */ blacklist dronebl { dns { name dnsbl.dronebl.org; type record; reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; } } action gline; ban-time 24h; reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details."; } /* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation * and the meaning of the reply types. * At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding. * * NOTE: If you want to permit TOR proxies on your server, then * you need to remove the '4;' below in the reply section. */ blacklist efnetrbl { dns { name rbl.efnetrbl.org; type record; reply { 1; 4; 5; } } action gline; ban-time 24h; reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details."; } /* You can include other configuration files */ /* include "klines.conf"; */ /* Network configuration */ set { network-name "ExampleNET"; default-server "irc.example.org"; services-server "services.example.org"; stats-server "stats.example.org"; help-channel "#Help"; hiddenhost-prefix "Clk"; prefix-quit "Quit"; /* Cloak keys should be the same at all servers on the network. * They are used for generating masked hosts and should be kept secret. * The keys should be 3 random strings of 50-100 characters * and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9). * HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let * UnrealIRCd generate 3 random strings for you. */ cloak-keys { "aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW"; "aoAr1HnR6gl3sJ7hVz4Zb7x4Yw11"; "aoAr1HnR6gl3sJ7hVz4Zb7x4Yw22"; } } /* Server specific configuration */ set { kline-address "help@stuzer.link"; /* e-mail or URL shown when a user is banned */ modes-on-connect "+ixw"; /* when users connect, they will get these user modes */ modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */ modes-on-join "+nt"; /* default channel modes when a new channel is created */ oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */ options { hide-ulines; /* hide U-lines in /MAP and /LINKS */ show-connect-info; /* show "looking up your hostname" messages on connect */ } maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */ /* The minimum time a user must be connected before being allowed to * use a QUIT message. This will hopefully help stop spam. */ anti-spam-quit-message-time 10s; /* Or simply set a static quit, meaning any /QUIT reason is ignored */ /* static-quit "Client quit"; */ /* static-part does the same for /PART */ /* static-part yes; */ /* Flood protection: * There are lots of settings for this and most have good defaults. * See https://www.unrealircd.org/docs/Set_block#set::anti-flood */ anti-flood { } /* Settings for spam filter */ spamfilter { ban-time 1d; /* default duration of a *LINE ban set by spamfilter */ ban-reason "Spam/Advertising"; /* default reason */ virus-help-channel "#help"; /* channel to use for 'viruschan' action */ /* except "#help"; channel to exempt from Spamfilter */ } /* Restrict certain commands. * See https://www.unrealircd.org/docs/Set_block#set::restrict-commands */ restrict-commands { list { connect-delay 60; exempt-identified yes; exempt-reputation-score 24; } invite { connect-delay 120; exempt-identified yes; exempt-reputation-score 24; } /* In addition to the ability to restrict any command, * such as shown above. There are also 4 special types * that you can restrict. These are "private-message", * "private-notice", "channel-message" and "channel-notice". * They are commented out (disabled) in this example: */ //private-message { // connect-delay 10; //} //private-notice { // connect-delay 10; //} } } /* * The following will configure connection throttling of "unknown users". * * When UnrealIRCd detects a high number of users connecting from IP addresses * that have not been seen before, then connections from new IP's are rejected * above the set rate. For example at 10:60 only 10 users per minute can connect * that have not been seen before. Known IP addresses can always get in, * regardless of the set rate. Same for users who login using SASL. * * See also https://www.unrealircd.org/docs/Connthrottle for details. * Or just keep reading the default configuration settings below: */ set { connthrottle { /* First we must configure what we call "known users". * By default these are users on IP addresses that have * a score of 24 or higher. A score of 24 means that the * IP was connected to this network for at least 2 hours * in the past month (or minimum 1 hour if registered). * The sasl-bypass option is another setting. It means * that users who authenticate to services via SASL * are considered known users as well. * Users in the "known-users" group (either by reputation * or by SASL) are always allowed in by this module. */ known-users { minimum-reputation-score 24; sasl-bypass yes; } /* New users are all users that do not belong in the * known-users group. They are considered "new" and in * case of a high number of such new users connecting * they are subject to connection rate limiting. * By default the rate is 20 new local users per minute * and 30 new global users per minute. */ new-users { local-throttle 20:60; global-throttle 30:60; } /* This configures when this module will NOT be active. * The default settings will disable the module when: * - The reputation module has been running for less than * a week. If running less than 1 week then there is * insufficient data to consider who is a "known user". * - The server has just been booted up (first 3 minutes). */ disabled-when { reputation-gathering 1w; start-delay 3m; } } } /* Finally, you may wish to have a MOTD (Message of the Day), this can be * done by creating an 'ircd.motd' text file in your conf/ directory. * This file will be shown to your users on connect. * For more information see https://www.unrealircd.org/docs/MOTD_and_Rules */ /* * Problems or need more help? * 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation * 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions! * 3) If you are still having problems then you can get support: * - Forums: https://forums.unrealircd.org/ * - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support * Note that we require you to read the documentation and FAQ first! */