/* Configuration file for UnrealIRCd 5
*
* Simply copy this file to your conf/ directory, call it
* 'unrealircd.conf' and walk through it line by line (edit it!)
*
* Important: All lines, except { and } end with an ;
* This is very important, if you miss a ; somewhere then the
* configuration file parser will complain and the file will not
* be processed correctly!
* If this is your first experience with an UnrealIRCd configuration
* file then we really recommend you to read a little about the syntax,
* this only takes a few minutes and will help you a lot:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* UnrealIRCd 5 documentation (very extensive!):
* https://www.unrealircd.org/docs/UnrealIRCd_5_documentation
*
* Frequently Asked Questions:
* https://www.unrealircd.org/docs/FAQ
*
*/
/* This is a comment, all text here is ignored (comment type #1) */
// This is also a comment, this line is ignored (comment type #2)
# This is also a comment, again this line is ignored (comment type #3)
/* UnrealIRCd makes heavy use of modules. Modules allow you to completely
* customize the featureset you wish to enable in UnrealIRCd.
* See: https://www.unrealircd.org/docs/Modules
*
* By using the include below we instruct the IRCd to read the file
* 'modules.default.conf' which will load more than 150 modules
* shipped with UnrealIRCd. In other words: this will simply load
* all the available features in UnrealIRCd.
* If you are setting up UnrealIRCd for the first time we suggest you
* use this. Then, when everything is up and running you can come
* back later to customize the list (if you wish).
*/
include "modules.default.conf";
/* Now let's include some other files as well:
* - help/help.conf for our on-IRC /HELPOP system
* - badwords.conf for channel and user mode +G
* - spamfilter.conf as an example for spamfilter usage
* (commented out)
* - operclass.default.conf contains some good operclasses which
* you can use in your oper blocks.
*/
include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
/* This is the me { } block which basically says who we are.
* It defines our server name, some information line and an unique "sid".
* The server id (sid) must start with a digit followed by two digits or
* letters. The sid must be unique for your IRC network (each server should
* have it's own sid).
*/
me {
name "irc.example.org";
info "ExampleNET Server";
sid "001";
}
/* The admin { } block defines what users will see if they type /ADMIN.
* It normally contains information on how to contact the administrator.
*/
admin {
"Bob Smith";
"bob";
"email@example.org";
}
/* Clients and servers are put in class { } blocks, we define them here.
* Class blocks consist of the following items:
* - pingfreq: how often to ping a user / server (in seconds)
* - connfreq: how often we try to connect to this server (in seconds)
* - sendq: the maximum queue size for a connection
* - recvq: maximum receive queue from a connection (flood control)
*/
/* Client class with good defaults */
class clients
{
pingfreq 90;
maxclients 1000;
sendq 200k;
recvq 8000;
}
/* Special class for IRCOps with higher limits */
class opers
{
pingfreq 90;
maxclients 50;
sendq 1M;
recvq 8000;
}
/* Server class with good defaults */
class servers
{
pingfreq 60;
connfreq 15; /* try to connect every 15 seconds */
maxclients 10; /* max servers */
sendq 20M;
}
/* Allow blocks define which clients may connect to this server.
* This allows you to add a server password or restrict the server to
* specific IP's only. You also configure the maximum connections
* allowed per IP here.
* See also: https://www.unrealircd.org/docs/Allow_block
*/
/* Allow everyone in, but only 3 connections per IP */
allow {
mask *;
class clients;
maxperip 3;
}
/* Example of a special allow block on a specific IP:
* Requires users on that IP to connect with a password. If the password
* is correct then it permits 20 connections on that IP.
*/
allow {
mask 192.0.2.1;
class clients;
password "somesecretpasswd";
maxperip 20;
}
/* Oper blocks define your IRC Operators.
* IRC Operators are people who have "extra rights" compared to others,
* for example they may /KILL other people, initiate server linking,
* /JOIN channels even though they are banned, etc.
*
* For more information about becoming an IRCOp and how to do admin
* tasks, see: https://www.unrealircd.org/docs/IRCOp_guide
*
* For details regarding the oper { } block itself, see
* https://www.unrealircd.org/docs/Oper_block
*/
/* Here is an example oper block for 'bobsmith' with password 'test'.
* You MUST change this!!
*/
oper bobsmith {
class opers;
mask *@*;
password "test123";
/* Oper permissions are defined in an 'operclass' block.
* See https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd ships with a number of default blocks, see
* the article for a full list. We choose 'netadmin' here.
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.example.org;
}
/* Listen blocks define the ports where the server should listen on.
* In other words: the ports that clients and servers may use to
* connect to this server.
*
* Syntax:
* listen {
* {
* ip <ip>;
* port <port>;
* options {
* <options....>;
* }
* }
*/
/* Standard IRC port 6667 */
listen {
ip *;
port 6667;
}
/* Standard IRC SSL/TLS port 6697 */
listen {
ip *;
port 6697;
options { tls; }
}
/* Special SSL/TLS servers-only port for linking */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
/* NOTE: If you are on an IRCd shell with multiple IP's and you use
* the above listen { } blocks then you will likely get an
* 'Address already in use' error and the ircd won't start.
* This means you MUST bind to a specific IP instead of '*' like:
* listen { ip 1.2.3.4; port 6667; }
* Of course, replace the IP with the IP that was assigned to you.
*/
/*
* Link blocks allow you to link multiple servers together to form a network.
* See https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.example.org
{
incoming {
mask *@something;
}
outgoing {
bind-ip *; /* or explicitly an IP */
hostname hub.example.org;
port 6900;
options { tls; }
}
/* We use the SPKI fingerprint of the other server for authentication.
* Run './unrealircd spkifp' on the other side to get it.
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
class servers;
}
/* The link block for services is usually much simpler.
* For more information about what Services are,
* see https://www.unrealircd.org/docs/Services
*/
link services.example.org
{
incoming {
mask 127.0.0.1;
}
password "changemeplease";
class servers;
}
/* U-lines give other servers (even) more power/commands.
* If you use services you must add them here.
* NEVER put the name of an UnrealIRCd server here!!!
*/
ulines {
services.example.org;
}
/* Here you can add a password for the IRCOp-only /DIE and /RESTART commands.
* This is mainly meant to provide a little protection against accidental
* restarts and server kills.
*/
drpass {
restart "restart";
die "die";
}
/* The log block defines what should be logged and to what file.
* See also https://www.unrealircd.org/docs/Log_block
*/
/* This is a good default, it logs everything */
log "ircd.log" {
flags {
oper;
connects;
server-connects;
kills;
errors;
flood;
sadmin-commands;
chg-commands;
oper-override;
tkl;
spamfilter;
}
}
/* With "aliases" you can create an alias like /SOMETHING to send a message to
* some user or bot. They are usually used for services.
*
* We have a number of pre-set alias files, check out the alias/ directory.
* As an example, here we include all aliases used for anope services.
*/
include "aliases/anope.conf";
/* Ban nick names so they cannot be used by regular users */
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Reserved for Services";
}
/* Ban ip.
* Note that you normally use /KLINE, /GLINE and /ZLINE for this.
*/
ban ip {
mask 195.86.232.81;
reason "Hate you";
}
/* Ban server - if we see this server linked to someone then we delink */
ban server {
mask eris.berkeley.edu;
reason "Get out of here.";
}
/* Ban user - just as an example, you normally use /KLINE or /GLINE for this */
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Idiot";
}
/* Ban realname allows you to ban clients based on their 'real name'
* or 'gecos' field.
*/
ban realname {
mask "Swat Team";
reason "mIRKFORCE";
}
ban realname {
mask "sub7server";
reason "sub7";
}
/* Ban and TKL exceptions. Allows you to exempt users / machines from
* KLINE, GLINE, etc.
* If you are an IRCOp with a static IP (and no untrusted persons on that IP)
* then we suggest you add yourself here. That way you can always get in
* even if you accidentally place a *LINE ban on yourself.
*/
/* except ban protects you from KLINE and ZLINE */
except ban {
mask *@192.0.2.1;
// you may add more mask entries here..
}
/* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
except ban {
mask *@192.0.2.1;
type all;
}
/* With deny dcc blocks you can ban filenames for DCC */
deny dcc {
filename "*sub7*";
reason "Possible Sub7 Virus";
}
/* deny channel allows you to ban a channel (mask) entirely */
deny channel {
channel "*warez*";
reason "Warez is illegal";
class "clients";
}
/* VHosts (Virtual Hosts) allow users to acquire a different host.
* See https://www.unrealircd.org/docs/Vhost_block
*/
/* Example vhost which you can use. On IRC type: /VHOST test test
* NOTE: only people with an 'unrealircd.com' host may use it so
* be sure to change the vhost::mask before you test.
*/
vhost {
vhost i.hate.microsefrs.com;
mask *@unrealircd.com;
login "test";
password "test";
}
/* Blacklist blocks will query an external DNS Blacklist service
* whenever a user connects, to see if the IP address is known
* to cause drone attacks, is a known hacked machine, etc.
* Documentation: https://www.unrealircd.org/docs/Blacklist_block
* Or just have a look at the blocks below.
*/
/* DroneBL, probably the most popular blacklist used by IRC Servers.
* See https://dronebl.org/ for their documentation and the
* meaning of the reply types. At time of writing we use types:
* 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
* 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
* 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
* 14: Open Wingate Proxy, 15: Compromised router / gateway,
* 16: Autorooting worms.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
}
/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
* and the meaning of the reply types.
* At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
*
* NOTE: If you want to permit TOR proxies on your server, then
* you need to remove the '4;' below in the reply section.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
}
/* You can include other configuration files */
/* include "klines.conf"; */
/* Network configuration */
set {
network-name "ExampleNET";
default-server "irc.example.org";
services-server "services.example.org";
stats-server "stats.example.org";
help-channel "#Help";
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Cloak keys should be the same at all servers on the network.
* They are used for generating masked hosts and should be kept secret.
* The keys should be 3 random strings of 50-100 characters
* and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9).
* HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let
* UnrealIRCd generate 3 random strings for you.
*/
cloak-keys {
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"aoAr1HnR6gl3sJ7hVz4Zb7x4Yw11";
"aoAr1HnR6gl3sJ7hVz4Zb7x4Yw22";
}
}
/* Server specific configuration */
set {
kline-address "help@stuzer.link"; /* e-mail or URL shown when a user is banned */
modes-on-connect "+ixw"; /* when users connect, they will get these user modes */
modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */
modes-on-join "+nt"; /* default channel modes when a new channel is created */
oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */
options {
hide-ulines; /* hide U-lines in /MAP and /LINKS */
show-connect-info; /* show "looking up your hostname" messages on connect */
}
maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */
/* The minimum time a user must be connected before being allowed to
* use a QUIT message. This will hopefully help stop spam.
*/
anti-spam-quit-message-time 10s;
/* Or simply set a static quit, meaning any /QUIT reason is ignored */
/* static-quit "Client quit"; */
/* static-part does the same for /PART */
/* static-part yes; */
/* Flood protection:
* There are lots of settings for this and most have good defaults.
* See https://www.unrealircd.org/docs/Set_block#set::anti-flood
*/
anti-flood {
}
/* Settings for spam filter */
spamfilter {
ban-time 1d; /* default duration of a *LINE ban set by spamfilter */
ban-reason "Spam/Advertising"; /* default reason */
virus-help-channel "#help"; /* channel to use for 'viruschan' action */
/* except "#help"; channel to exempt from Spamfilter */
}
/* Restrict certain commands.
* See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
connect-delay 60;
exempt-identified yes;
exempt-reputation-score 24;
}
invite {
connect-delay 120;
exempt-identified yes;
exempt-reputation-score 24;
}
/* In addition to the ability to restrict any command,
* such as shown above. There are also 4 special types
* that you can restrict. These are "private-message",
* "private-notice", "channel-message" and "channel-notice".
* They are commented out (disabled) in this example:
*/
//private-message {
// connect-delay 10;
//}
//private-notice {
// connect-delay 10;
//}
}
}
/*
* The following will configure connection throttling of "unknown users".
*
* When UnrealIRCd detects a high number of users connecting from IP addresses
* that have not been seen before, then connections from new IP's are rejected
* above the set rate. For example at 10:60 only 10 users per minute can connect
* that have not been seen before. Known IP addresses can always get in,
* regardless of the set rate. Same for users who login using SASL.
*
* See also https://www.unrealircd.org/docs/Connthrottle for details.
* Or just keep reading the default configuration settings below:
*/
set {
connthrottle {
/* First we must configure what we call "known users".
* By default these are users on IP addresses that have
* a score of 24 or higher. A score of 24 means that the
* IP was connected to this network for at least 2 hours
* in the past month (or minimum 1 hour if registered).
* The sasl-bypass option is another setting. It means
* that users who authenticate to services via SASL
* are considered known users as well.
* Users in the "known-users" group (either by reputation
* or by SASL) are always allowed in by this module.
*/
known-users {
minimum-reputation-score 24;
sasl-bypass yes;
}
/* New users are all users that do not belong in the
* known-users group. They are considered "new" and in
* case of a high number of such new users connecting
* they are subject to connection rate limiting.
* By default the rate is 20 new local users per minute
* and 30 new global users per minute.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* This configures when this module will NOT be active.
* The default settings will disable the module when:
* - The reputation module has been running for less than
* a week. If running less than 1 week then there is
* insufficient data to consider who is a "known user".
* - The server has just been booted up (first 3 minutes).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* Finally, you may wish to have a MOTD (Message of the Day), this can be
* done by creating an 'ircd.motd' text file in your conf/ directory.
* This file will be shown to your users on connect.
* For more information see https://www.unrealircd.org/docs/MOTD_and_Rules
*/
/*
* Problems or need more help?
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
* 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions!
* 3) If you are still having problems then you can get support:
* - Forums: https://forums.unrealircd.org/
* - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support
* Note that we require you to read the documentation and FAQ first!
*/