X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/bf176248cf917223bb17e7de2ce6c6b05c9c7419..7a618bd33900d1b831925eb4d00785682af7ace0:/doc/sgml/oper-guide/config.sgml
diff --git a/doc/sgml/oper-guide/config.sgml b/doc/sgml/oper-guide/config.sgml
index 3db34de9..91b868bc 100644
--- a/doc/sgml/oper-guide/config.sgml
+++ b/doc/sgml/oper-guide/config.sgml
@@ -170,7 +170,8 @@ class "name" {
number_per_ident = number;
number_per_ip = number;
number_per_ip_global = number;
- cidr_bitlen = number;
+ cidr_ipv4_bitlen = number;
+ cidr_ipv6_bitlen = number;
number_per_cidr = number;
max_number = number;
sendq = size;
@@ -219,15 +220,22 @@ class "name" {
- cidr_bitlen
+ cidr_ipv4_bitlen
- The netblock length to use with CIDR-based client limiting for this class.
+ The netblock length to use with CIDR-based client limiting for IPv4 users in this class (between 0 and 32).
+
+
+
+ cidr_ipv6_bitlen
+
+ The netblock length to use with CIDR-based client limiting for IPv6 users in this class (between 0 and 128).
number_per_cidr
The amount of clients which may be connected from a single netblock.
+ If this needs to differ between IPv4 and IPv6, make different classes for IPv4 and IPv6 users.
@@ -410,6 +418,12 @@ auth {
Users in this auth{} block must have identd, otherwise they will be rejected.
+
+ need_ssl
+
+ Users in this auth{} block must be connected via SSL/TLS, otherwise they will be rejected.
+
+
need_sasl
@@ -442,6 +456,33 @@ exempt {
+
+ privset {} block
+
+privset {
+ extends = "name";
+ privs = list;
+};
+
+ A privset (privilege set) block specifies a set of
+ operator privileges.
+
+
+ privset {} variables
+
+ extends
+
+ An optional privset to inherit. The new privset will have all privileges that the given privset has.
+
+
+
+ privs
+
+ Privileges to grant to this privset. These are described in the operator privileges section.
+
+
+
+
operator {} block
@@ -510,19 +551,35 @@ operator "name" {
- flags
+ privset
- A listing of privileges granted to operators using this block.
- By default, the mass_notice, operwall, remoteban and resv privileges are granted;
- use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary.
-
-
- In addition, a flag designating if the password is encrypted is here.
- Privileges are documented elsewhere in this guide.
+ The privilege set granted to successfully opered clients.
+ This must be defined before this operator{} block.
+
+ flags
+
+ A list of flags to apply to this operator{} block. They are listed below.
+
+
+
+
+ operator {} flags
+
+ encrypted
+
+ The password used has been encrypted. This is enabled by default, use ~encrypted to disable it.
+
+
+
+ need_ssl
+
+ Restricts use of this operator{} block to SSL/TLS connections only.
+
+
@@ -549,8 +606,6 @@ connect "name" {
The hostname or IP to connect to.
- Charybdis uses solely DNS for all hostname/address lookups
- (no /etc/hosts or anything else).
Furthermore, if a hostname is used, it must have an A or AAAA
record (no CNAME) and it must be the primary
hostname for inbound connections to work.
@@ -1018,7 +1073,7 @@ shared {
all
- All of the above; this does not include locops or rehash
+ All of the above; this does not include locops, rehash, dline, tdline or undline.
@@ -1036,6 +1091,24 @@ shared {
REHASH commands; all options can be used
+
+ dline (D)
+
+ Permanent and temporary D:lines
+
+
+
+ tdline (d)
+
+ Temporary D:lines
+
+
+
+ undline (E)
+
+ D:line removals
+
+
none
@@ -1076,6 +1149,28 @@ service {
+
+ Hostname resolution (DNS)
+
+ Charybdis uses solely DNS for all hostname/address lookups
+ (no /etc/hosts or anything else).
+ The DNS servers are taken from /etc/resolv.conf.
+ If this file does not exist or no valid IP addresses are listed in it,
+ the local host (127.0.0.1) is used. (Note that the latter part
+ did not work in older versions of Charybdis.)
+
+
+ IPv4 as well as IPv6 DNS servers are supported, but it is not
+ possible to use both IPv4 and IPv6 in
+ /etc/resolv.conf.
+
+
+ For both security and performance reasons, it is recommended
+ that a caching nameserver such as BIND be run on the same machine
+ as Charybdis and that /etc/resolv.conf only
+ list 127.0.0.1.
+
+