#loadmodule "extensions/sno_globalkline.so";
#loadmodule "extensions/sno_globaloper.so";
#loadmodule "extensions/sno_whois.so";
+#loadmodule "extensions/override.so";
/*
* IP cloaking extensions: use ip_cloaking_4.0
name = "hades.arpa";
sid = "42X";
description = "charybdis test server";
- network_name = "AthemeNET";
+ network_name = "StaticBox";
network_desc = "Your IRC network.";
hub = yes;
#vhost6 = "3ffe:80e8:546::2";
/* ssl_private_key: our ssl private key */
- ssl_private_key = "etc/test.key";
+ ssl_private_key = "etc/ssl.key";
/* ssl_cert: certificate for our ssl server */
- ssl_cert = "etc/test.cert";
+ ssl_cert = "etc/ssl.cert";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
* /quote set maxclients <limit>
*/
default_max_clients = 1024;
+
+ /* nicklen: enforced nickname length (for this server only; must not
+ * be longer than the maximum length set while building).
+ */
+ nicklen = 30;
};
admin {
name = "Lazy admin (lazya)";
- description = "AthemeNET client server";
+ description = "StaticBox client server";
email = "nobody@127.0.0.1";
};
*/
#host = "192.169.0.1";
port = 5000, 6665 .. 6669;
- sslport = 9999;
+ sslport = 6697;
/* Listen on IPv6 (if you used host= above). */
#host = "3ffe:1234:a:b:c::d";
- #port = 5000, 6665 .. 6669;
- #sslport = 9999;
+ #port = 5000, 6665 .. 6669;
+ #sslport = 9999;
};
/* auth {}: allow users to connect to the ircd (OLD I:)
* specify a host or a user@host to spoof to. This is free-form,
* just do everyone a favour and dont abuse it. (OLD I: = flag)
*/
- spoof = "I.still.hate.packets";
+ spoof = "I.still.hate.packets";
/* Possible flags in auth:
*
* jupe_exempt | exempt this user from generating
* warnings joining juped channels
* resv_exempt | exempt this user from resvs
- * flood_exempt | exempt this user from flood limits
- * USE WITH CAUTION.
+ * flood_exempt | exempt this user from flood limits
+ * USE WITH CAUTION.
* no_tilde (old - flag) | don't prefix ~ to username if no ident
* need_ident (old + flag) | require ident for user in this class
* need_ssl | require SSL/TLS for user in this class
*
* encrypted: the password above is encrypted [DEFAULT]
* need_ssl: must be using SSL/TLS to oper up
- */
+ */
flags = encrypted;
/* privset: privileges set to grant */
class = "server";
flags = compressed, topicburst;
+ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
+
/* If the connection is IPv6, uncomment below.
* Use 0::1, not ::1, for IPv6 localhost. */
#aftype = ipv6;
channel {
use_invex = yes;
use_except = yes;
- use_knock = yes;
use_forward = yes;
+ use_knock = yes;
knock_delay = 5 minutes;
knock_delay_channel = 1 minute;
max_chans_per_user = 15;
- max_bans = 100;
- max_bans_large = 500;
+ max_bans = 100;
+ max_bans_large = 500;
default_split_user_count = 0;
default_split_server_count = 0;
no_create_on_split = no;
kick_on_split_riding = no;
only_ascii_channels = no;
resv_forcepart = yes;
+ channel_target_change = yes;
+ disable_local_channels = no;
};
serverhide {
flatten_links = yes;
links_delay = 5 minutes;
- hidden = no;
+ hidden = no;
disable_hidden = no;
};
* They are used in pairs of one host/rejection reason.
*
* These settings should be adequate for most networks, and are (presently)
- * required for use on AthemeNet.
+ * required for use on StaticBox.
*
* Word to the wise: Do not use blacklists like SPEWS for blocking IRC
* connections.
*
- * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
+ * As of charybdis 2.2, you can do some keyword substitution on the rejection
* reason. The available keyword substitutions are:
*
* ${ip} - the user's IP
* ${nick} - the user's nickname
* ${network-name} - the name of the network
*
+ * As of charybdis 3.4, a type parameter is supported, which specifies the
+ * address families the blacklist supports. IPv4 and IPv6 are supported.
+ * IPv4 is currently the default as few blacklists support IPv6 operation
+ * as of this writing.
+ *
* Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
* contacted, via email, at admins@2mbit.com before using these BLs.
* See <http://www.ahbl.org/services.php> for more information.
*/
blacklist {
- host = "dnsbl.dronebl.org";
- reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
+ host = "rbl.efnetrbl.org";
+ type = ipv4;
+ reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
# host = "ircbl.ahbl.org";
+# type = ipv4;
# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
#
# host = "tor.ahbl.org";
+# type = ipv4;
# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
+#
+ /* Example of a blacklist that supports both IPv4 and IPv6 */
+# host = "foobl.blacklist.invalid";
+# type = ipv4, ipv6;
+# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
};
alias "NickServ" {
default_adminstring = "is a Server Administrator";
servicestring = "is a Network Service";
disable_fake_channels = no;
- tkline_expire_notices = no;
- default_floodcount = 10;
+ tkline_expire_notices = no;
+ default_floodcount = 10;
failed_oper_notice = yes;
dots_in_ident=2;
min_nonwildcard = 4;
min_nonwildcard_simple = 3;
- max_accept = 100;
+ max_accept = 100;
max_monitor = 100;
anti_nick_flood = yes;
max_nick_time = 20 seconds;
max_nick_changes = 5;
- anti_spam_exit_message_time = 5 minutes;
+ anti_spam_exit_message_time = 5 minutes;
ts_warn_delta = 30 seconds;
ts_max_delta = 5 minutes;
client_exit = yes;
stats_P_oper_only=no;
stats_i_oper_only=masked;
stats_k_oper_only=masked;
- map_oper_only = no;
+ map_oper_only = no;
operspy_admin_only = no;
operspy_dont_care_user_info = no;
caller_id_wait = 1 minute;
short_motd = no;
ping_cookie = no;
connect_timeout = 30 seconds;
- ident_timeout = 5;
+ default_ident_timeout = 5;
disable_auth = no;
no_oper_flood = yes;
max_targets = 4;
- client_flood = 20;
- use_whois_actually = no;
+ client_flood_max_lines = 20;
+ use_whois_actually = no;
oper_only_umodes = operwall, locops, servnotice;
oper_umodes = locops, servnotice, operwall, wallop;
oper_snomask = "+s";
- burst_away = yes;
+ burst_away = yes;
nick_delay = 0 seconds; # 15 minutes if you want to enable this
reject_ban_time = 1 minute;
reject_after_count = 3;
reject_duration = 5 minutes;
throttle_duration = 60;
throttle_count = 4;
+ max_ratelimit_tokens = 30;
};
modules {
projects / solanum.git / blobdiff