X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/cda8e9b8db4e4c46b4270c915724b288924bc173..341504a70230b034cb36b0d24c5824be29e6b496:/doc/sgml/oper-guide/config.sgml?ds=sidebyside
diff --git a/doc/sgml/oper-guide/config.sgml b/doc/sgml/oper-guide/config.sgml
index 0163a43..fc44fb7 100644
--- a/doc/sgml/oper-guide/config.sgml
+++ b/doc/sgml/oper-guide/config.sgml
@@ -25,8 +25,8 @@
Specific blocks and directives
- Not all configuration blocks and directives are listed here, only the most common ones. More blocks and directives will
- be documented in later revisions of this manual.
+ Not all configuration blocks and directives are listed here, only the most common ones. More blocks and directives will
+ be documented in later revisions of this manual.
loadmodule directive
@@ -69,8 +69,7 @@ serverinfo {
sid
- A unique ID which describes the server. This is required regardless of whether you are using
- TS6 or not.
+ A unique ID which describes the server.
This consists of one digit and two characters which can be
digits or letters.
@@ -293,7 +292,13 @@ auth {
user
- A hostmask (user@host) that the auth{} block is matched against. You can have multiple user entries.
+
+ A hostmask (user@host) that the auth {} block applies to.
+ It is matched against the hostname and IP address (using ::
+ shortening for IPv6 and prepending a 0 if it starts with
+ a colon) and can also use CIDR masks.
+ You can have multiple user entries.
+
@@ -309,13 +314,13 @@ auth {
spoof
- An optional fake hostname (or user@host) to apply to users authenticated to this auth{} block.
+ An optional fake hostname (or user@host) to apply to users authenticated to this auth{} block. In STATS i and TESTLINE, an equals sign (=) appears before the user@host and the spoof is shown.
flags
- A list of flags to apply to this auth{} block. They are listed below.
+ A list of flags to apply to this auth{} block. They are listed below. Some of the flags appear as a special character, parenthesized in the list, before the user@host in STATS i and TESTLINE.
@@ -340,27 +345,21 @@ auth {
- exceed_limit
+ exceed_limit (>)
Users in this auth{} block can exceed class-wide limitations.
- dnsbl_exempt
+ dnsbl_exempt ($)
Users in this auth{} block are exempted from DNS blacklist checks. However, they will still be warned if they are listed.
- kline_exempt
+ kline_exempt (^)
- Users in this auth{} block are exempted from DNS blacklists, k:lines, g:lines and x:lines, and will not be disconnected because of d:lines.
-
-
-
- gline_exempt
-
- Users in this auth{} block are exempted from g:lines.
+ Users in this auth{} block are exempted from DNS blacklists, k:lines and x:lines.
@@ -389,7 +388,7 @@ auth {
- flood_exempt
+ flood_exempt (|)
Users in this auth{} block may send arbitrary amounts of
@@ -400,13 +399,13 @@ auth {
- no_tilde
+ no_tilde (-)
Users in this auth{} block will not have a tilde added to their username if they do not run identd.
- need_ident
+ need_ident (+)
Users in this auth{} block must have identd, otherwise they will be rejected.
@@ -515,8 +514,8 @@ operator "name" {
A listing of privileges granted to operators using this block.
- By default, the operwall and remoteban privileges are granted;
- use ~operwall and ~remoteban to disable them if necessary.
+ By default, the mass_notice, operwall, remoteban and resv privileges are granted;
+ use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary.
In addition, a flag designating if the password is encrypted is here.
@@ -550,11 +549,13 @@ connect "name" {
The hostname or IP to connect to.
- Charybdis uses solely DNS for all hostname/address lookups
- (no /etc/hosts or anything else).
Furthermore, if a hostname is used, it must have an A or AAAA
record (no CNAME) and it must be the primary
hostname for inbound connections to work.
+
+ IPv6 addresses must be in :: shortened form; addresses which
+ then start with a colon must be prepended with a zero,
+ for example 0::1.
@@ -650,6 +651,7 @@ connect "name" {
topicburst
Topics should be bursted to this server.
+ This is enabled by default.
@@ -1014,7 +1016,7 @@ shared {
all
- All of the above; this does not include locops or rehash
+ All of the above; this does not include locops, rehash, dline, tdline or undline.
@@ -1032,6 +1034,24 @@ shared {
REHASH commands; all options can be used
+
+ dline (D)
+
+ Permanent and temporary D:lines
+
+
+
+ tdline (d)
+
+ Temporary D:lines
+
+
+
+ undline (E)
+
+ D:line removals
+
+
none
@@ -1072,6 +1092,28 @@ service {
+
+ Hostname resolution (DNS)
+
+ Charybdis uses solely DNS for all hostname/address lookups
+ (no /etc/hosts or anything else).
+ The DNS servers are taken from /etc/resolv.conf.
+ If this file does not exist or no valid IP addresses are listed in it,
+ the local host (127.0.0.1) is used. (Note that the latter part
+ did not work in older versions of Charybdis.)
+
+
+ IPv4 as well as IPv6 DNS servers are supported, but it is not
+ possible to use both IPv4 and IPv6 in
+ /etc/resolv.conf.
+
+
+ For both security and performance reasons, it is recommended
+ that a caching nameserver such as BIND be run on the same machine
+ as Charybdis and that /etc/resolv.conf only
+ list 127.0.0.1.
+
+