<sect1 id="configlines">
<title>Specific blocks and directives</title>
<para>
- Not all configuration blocks and directives are listed here, only the most common ones. More blocks and directives will
- be documented in later revisions of this manual.
+ Not all configuration blocks and directives are listed here, only the most common ones. More blocks and directives will
+ be documented in later revisions of this manual.
</para>
<sect2>
<title>loadmodule directive</title>
<synopsis>
serverinfo {
name = "<replaceable>text</replaceable>";
- use_ts6 = <replaceable>boolean</replaceable>;
sid = "<replaceable>text</replaceable>";
description = "<replaceable>text</replaceable>";
network_name = "<replaceable>text</replaceable>";
</para>
</listitem>
</varlistentry>
- <varlistentry>
- <term>use_ts6</term>
- <listitem>
- <para>
- A boolean which defines whether or not you want to use the new TS6 protocol, which provides
- many improvements over the old protocol, TS5, which is used in Hyperion.
- </para>
- </listitem>
- </varlistentry>
<varlistentry>
<term>sid</term>
<listitem>
<para>
- A unique ID which describes the server. This is required regardless of whether you are using
- TS6 or not.
+ A unique ID which describes the server.
This consists of one digit and two characters which can be
digits or letters.
</para>
<varlistentry>
<term>user</term>
<listitem>
- <para>A hostmask (user@host) that the auth{} block is matched against. You can have multiple user entries.</para>
+ <para>
+ A hostmask (user@host) that the auth {} block applies to.
+ It is matched against the hostname and IP address (using ::
+ shortening for IPv6 and prepending a 0 if it starts with
+ a colon) and can also use CIDR masks.
+ You can have multiple user entries.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term>spoof</term>
<listitem>
- <para>An optional fake hostname (or user@host) to apply to users authenticated to this auth{} block.</para>
+ <para>An optional fake hostname (or user@host) to apply to users authenticated to this auth{} block. In STATS i and TESTLINE, an equals sign (=) appears before the user@host and the spoof is shown.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>flags</term>
<listitem>
- <para>A list of flags to apply to this auth{} block. They are listed below.</para>
+ <para>A list of flags to apply to this auth{} block. They are listed below. Some of the flags appear as a special character, parenthesized in the list, before the user@host in STATS i and TESTLINE.</para>
</listitem>
</varlistentry>
<varlistentry>
</listitem>
</varlistentry>
<varlistentry>
- <term>exceed_limit</term>
+ <term>exceed_limit (>)</term>
<listitem>
<para>Users in this auth{} block can exceed class-wide limitations.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>dnsbl_exempt</term>
+ <term>dnsbl_exempt ($)</term>
<listitem>
<para>Users in this auth{} block are exempted from DNS blacklist checks. However, they will still be warned if they are listed.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>kline_exempt</term>
+ <term>kline_exempt (^)</term>
<listitem>
- <para>Users in this auth{} block are exempted from DNS blacklists, k:lines, g:lines and x:lines, and will not be disconnected because of d:lines.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>gline_exempt</term>
- <listitem>
- <para>Users in this auth{} block are exempted from g:lines.</para>
+ <para>Users in this auth{} block are exempted from DNS blacklists, k:lines and x:lines.</para>
</listitem>
</varlistentry>
<varlistentry>
</listitem>
</varlistentry>
<varlistentry>
- <term>flood_exempt</term>
+ <term>flood_exempt (|)</term>
<listitem>
<para>
Users in this auth{} block may send arbitrary amounts of
</listitem>
</varlistentry>
<varlistentry>
- <term>no_tilde</term>
+ <term>no_tilde (-)</term>
<listitem>
<para>Users in this auth{} block will not have a tilde added to their username if they do not run identd.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>need_ident</term>
+ <term>need_ident (+)</term>
<listitem>
<para>Users in this auth{} block must have identd, otherwise they will be rejected.</para>
</listitem>
ip = "<replaceable>ip</replaceable>";
};</synopsis>
<para>
- An exempt block specifies IP addresses which are exempt from D:lines.
+ An exempt block specifies IP addresses which are exempt from D:lines
+ and throttling.
Multiple addresses can be specified in one block.
Clients coming from these addresses can still be K/G/X:lined or
banned by a DNS blacklist unless
<listitem>
<para>
A listing of privileges granted to operators using this block.
- By default, the operwall and remoteban privileges are granted;
- use ~operwall and ~remoteban to disable them if necessary.
+ By default, the mass_notice, operwall, remoteban and resv privileges are granted;
+ use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary.
</para>
<para>
In addition, a flag designating if the password is encrypted is here.
<listitem>
<para>The hostname or IP to connect to.</para>
<note><para>
- Charybdis uses solely DNS for all hostname/address lookups
- (no <filename>/etc/hosts</filename> or anything else).
Furthermore, if a hostname is used, it must have an A or AAAA
record (no CNAME) and it must be the primary
hostname for inbound connections to work.
+ </para><para>
+ IPv6 addresses must be in :: shortened form; addresses which
+ then start with a colon must be prepended with a zero,
+ for example 0::1.
</para></note>
</listitem>
</varlistentry>
<term>topicburst</term>
<listitem>
<para>Topics should be bursted to this server.</para>
+ <para>This is enabled by default.</para>
</listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term>all</term>
<listitem>
- <para>All of the above; this does not include locops or rehash</para>
+ <para>All of the above; this does not include locops, rehash, dline, tdline or undline.</para>
</listitem>
</varlistentry>
<varlistentry>
<para>REHASH commands; all options can be used</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>dline (D)</term>
+ <listitem>
+ <para>Permanent and temporary D:lines</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>tdline (d)</term>
+ <listitem>
+ <para>Temporary D:lines</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>undline (E)</term>
+ <listitem>
+ <para>D:line removals</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>none</term>
<listitem>
</variablelist>
</sect2>
</sect1>
+ <sect1>
+ <title>Hostname resolution (DNS)</title>
+ <para>
+ Charybdis uses solely DNS for all hostname/address lookups
+ (no <filename>/etc/hosts</filename> or anything else).
+ The DNS servers are taken from <filename>/etc/resolv.conf</filename>.
+ If this file does not exist or no valid IP addresses are listed in it,
+ the local host (127.0.0.1) is used. (Note that the latter part
+ did not work in older versions of Charybdis.)
+ </para>
+ <para>
+ IPv4 as well as IPv6 DNS servers are supported, but it is not
+ possible to use both IPv4 and IPv6 in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+ <para>
+ For both security and performance reasons, it is recommended
+ that a caching nameserver such as BIND be run on the same machine
+ as Charybdis and that <filename>/etc/resolv.conf</filename> only
+ list 127.0.0.1.
+ </para>
+ </sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
projects / irc / rqf / shadowircd.git / blobdiff