X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/f105844aadcf9fe3a7aa7d103b6e9d63e184f036..34b88b65713bdc5b4c02aee31fcf1035a005735b:/doc/reference.conf diff --git a/doc/reference.conf b/doc/reference.conf index cc7968b9..5d37ed5e 100644 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -367,8 +367,10 @@ auth { * encrypted | password is encrypted with mkpasswd * spoof_notice | give a notice when spoofing hosts * exceed_limit (old > flag) | allow user to exceed class user limits - * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls + * kline_exempt (old ^ flag) | exempt this user from k/g/xlines, + * | dnsbls, and proxies * dnsbl_exempt | exempt this user from dnsbls + * proxy_exempt | exempt this user from proxies * spambot_exempt | exempt this user from spambot checks * shide_exempt | exempt this user from serverhiding * jupe_exempt | exempt this user from generating @@ -895,6 +897,67 @@ blacklist { # reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect"; }; +/* These are the OPM settings. + * This is similar to the functionality provided by BOPM. It will scan incoming + * connections for open proxies by connecting to clients and attempting several + * different open proxy handshakes. If they connect back to us (via a dedicated + * listening port), and send back the data we send them, they are considered + * an open proxy. For politeness reasons (users may be confused by the incoming + * connection attempts if they are logging incoming connections), the user is + * notified upon connect if they are being scanned. + * + * WARNING: + * These settings are considered experimental, and as of this writing, the + * Charybdis scanner is not as comprehensive as the one available in HOPM. Only + * basic SOCKS4 and SOCKS5 scanning is performed on a few well-known ports. You + * may disable the open proxy scanning feature by deleting this block if you are + * uncomfortable with this. + */ +opm { + /* IPv4 address to listen on. This must be a publicly facing IP address + * to be effective. + * If omitted, it defaults to serverinfo::vhost. + */ + #listen_ipv4 = "127.0.0.1"; + + /* IPv4 port to listen on. + * This should not be the same as any existing listeners. + */ + #port_ipv4 = 32000; + + /* IPv6 address to listen on. This must be a publicly facing IP address + * to be effective. + * If omitted, it defaults to serverinfo::vhost6. + */ + #listen_ipv6 = "0::1"; + + /* IPv6 port to listen on. + * This should not be the same as any existing listeners. + */ + #port_ipv6 = 32000; + + /* You can also set a port directive which will set both the IPv4 and + * IPv6 ports at once. + */ + port = 32000; + + /* These are the ports to scan for SOCKS4 proxies on. They may overlap + * with other scan types. Sensible defaults are given below. + */ + socks4_ports = 80, 443, 1080, 8000, 8080, 10800; + + /* These are the ports to scan for SOCKS5 proxies on. They may overlap + * with other scan types. Sensible defaults are given below. + */ + socks5_ports = 80, 443, 1080, 8000, 8080, 10800; + + /* These are the ports to scan for HTTP connect proxies on (plaintext). + * They may overlap with other scan types. Sensible defaults are given + * below. + */ + httpconnect_ports = 80, 8080, 8000; +}; + /* * Alias blocks allow you to define custom commands. (Old m_sshortcut.c) * They send PRIVMSG to the given target. A real command takes