#loadmodule "extensions/extb_server.so";
#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/hurt.so";
-#loadmodule "extensions/ip_cloaking.so";
#loadmodule "extensions/m_findforwards.so";
#loadmodule "extensions/m_identify.so";
#loadmodule "extensions/no_oper_invis.so";
#loadmodule "extensions/sno_globalkline.so";
#loadmodule "extensions/sno_globaloper.so";
#loadmodule "extensions/sno_whois.so";
+#loadmodule "extensions/override.so";
+
+/*
+ * IP cloaking extensions: use ip_cloaking_4.0
+ * if you're linking 3.2 and later, otherwise use
+ * ip_cloaking.so, for compatibility with older 3.x
+ * releases.
+ */
+
+#loadmodule "extensions/ip_cloaking_4.0.so";
+#loadmodule "extensions/ip_cloaking.so";
serverinfo {
name = "hades.arpa";
#vhost6 = "3ffe:80e8:546::2";
/* ssl_private_key: our ssl private key */
- ssl_private_key = "etc/test.key";
+ ssl_private_key = "etc/ssl.key";
/* ssl_cert: certificate for our ssl server */
- ssl_cert = "etc/test.cert";
+ ssl_cert = "etc/ssl.cert";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
- /* ssld_count: number of ssld processes you want to start, if you have a really busy
- * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
+ /* ssld_count: number of ssld processes you want to start, if you
+ * have a really busy server, using N-1 where N is the number of
+ * cpu/cpu cores you have might be useful. A number greater than one
+ * can also be useful in case of bugs in ssld and because ssld needs
+ * two file descriptors per SSL connection.
*/
ssld_count = 1;
*/
class "users" {
ping_time = 2 minutes;
- number_per_ident = 2;
- number_per_ip = 3;
- number_per_ip_global = 5;
+ number_per_ident = 10;
+ number_per_ip = 10;
+ number_per_ip_global = 50;
cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64;
- number_per_cidr = 4;
+ number_per_cidr = 200;
max_number = 3000;
sendq = 400 kbytes;
};
*/
#host = "192.169.0.1";
port = 5000, 6665 .. 6669;
- sslport = 9999;
+ sslport = 6697;
/* Listen on IPv6 (if you used host= above). */
#host = "3ffe:1234:a:b:c::d";
privset "server_bot" {
extends = "local_op";
- privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
+ privs = oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
*/
#umodes = locops, servnotice, operwall, wallop;
+ /* fingerprint: if specified, the oper's client certificate
+ * fingerprint will be checked against the specified fingerprint
+ * below.
+ */
+ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
+
/* snomask: specific server notice mask on oper up.
* If this is specified an oper will not be given oper_snomask.
*/
class = "server";
flags = compressed, topicburst;
+ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
+
/* If the connection is IPv6, uncomment below.
* Use 0::1, not ::1, for IPv6 localhost. */
#aftype = ipv6;
no_join_on_split = no;
burst_topicwho = yes;
kick_on_split_riding = no;
+ only_ascii_channels = no;
+ resv_forcepart = yes;
+ channel_target_change = yes;
+ disable_local_channels = no;
};
serverhide {
/* These are the blacklist settings.
* You can have multiple combinations of host and rejection reasons.
- * They are used in pairs of one host/rejection reason, or multiple hosts/rejection reason.
+ * They are used in pairs of one host/rejection reason.
*
* These settings should be adequate for most networks, and are (presently)
* required for use on AthemeNet.
* Word to the wise: Do not use blacklists like SPEWS for blocking IRC
* connections.
*
- * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
+ * As of charybdis 2.2, you can do some keyword substitution on the rejection
* reason. The available keyword substitutions are:
*
* ${ip} - the user's IP
* ${nick} - the user's nickname
* ${network-name} - the name of the network
*
+ * As of charybdis 3.4, a type parameter is supported, which specifies the
+ * address families the blacklist supports. IPv4 and IPv6 are supported.
+ * IPv4 is currently the default as few blacklists support IPv6 operation
+ * as of this writing.
+ *
* Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
* contacted, via email, at admins@2mbit.com before using these BLs.
* See <http://www.ahbl.org/services.php> for more information.
*/
blacklist {
- host = "dnsbl.dronebl.org";
- reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
+ host = "rbl.efnetrbl.org";
+ type = ipv4;
+ reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
# host = "ircbl.ahbl.org";
+# type = ipv4;
# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
#
# host = "tor.ahbl.org";
+# type = ipv4;
# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
+#
+ /* Example of a blacklist that supports both IPv4 and IPv6 */
+# host = "foobl.blacklist.invalid";
+# type = ipv4, ipv6;
+# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
};
alias "NickServ" {
/*
* default_umodes: umodes to enable on connect.
- * If you have enabled the ip_cloaking module, and you want
+ * If you have enabled the new ip_cloaking_4.0 module, and you want
+ * to make use of it, add +x to this option, i.e.:
+ * default_umodes = "+ix";
+ *
+ * If you have enabled the old ip_cloaking module, and you want
* to make use of it, add +h to this option, i.e.:
* default_umodes = "+ih";
*/
identify_command = "IDENTIFY";
non_redundant_klines = yes;
warn_no_nline = yes;
+ use_propagated_bans = yes;
stats_e_disabled = no;
stats_c_oper_only=no;
stats_h_oper_only=no;
short_motd = no;
ping_cookie = no;
connect_timeout = 30 seconds;
+ default_ident_timeout = 5;
disable_auth = no;
no_oper_flood = yes;
max_targets = 4;
projects / solanum.git / blobdiff