1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
|
# IRC - Internet Relay Chat, doc/example.conf
# Copyright (C) 1994, Helen Rose
#
# $Id: example.conf,v 1.11 1999/07/14 16:17:23 kalt Exp $
#
# some changes for 295 and cleaning, delta, Sat Jun 13 01:09:25 MES 1998
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 1, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This is an example configuration file for the IRC server.
# It's highly suggested that you also read INSTALL.* in doc/ and talk with
# your uplinks if linking to an already existent IRC network.
#
# You only need an ircd.conf (IRC server configuration file) if you are
# running an IRC server. If you are running a standalone client this file
# is not necessary.
#
# This file will explain the various lines in the IRC server
# configuration file. Not all lines are mandatory. You can check to make
# sure that your configuration file is correct by using the program
# "chkconf", provided in the server distribution (and when you do "make
# install" this program will be installed in the same directory as the irc
# server).
#
# The options for whether a line is needed or not are:
# MANDATORY: you absolutely MUST have this line
# NETWORKED: you must have this line if you are connecting this irc
# server to any other server (servers can run standalone).
# SUGGESTED: it is HIGHLY suggested that you use this line
# OPTIONAL: it's completely up to you whether to define this or not
# DISCOURAGED: you really really should not use this line if at all
# possible.
# NOT NECESSARY: an old or out of date line that isn't needed.
#
#
# ========================================================================
# NOTE! this entire configuration file is read UPSIDE-DOWN! So if you have
# to put something in a specific order (for example, client-connection
# lines), put them in reverse order!
# ========================================================================
#
#
############################
# M: [MANDATORY]. This line sets your server's name, description and port
# the server listens for UDP pings (used to determine the fastest link in a
# class when autoconnecting)
#
# M:<Server NAME>:<YOUR Internet IP#>:<Geographic Location>:<Port>
#
# Note that 'server name' refers to the name of the irc-server which needs
# not to be the same as the hostname of the machine it's running on.
#
# this let's ircd use the primary ip of your host to establish connections
M:csa.bu.edu::Boston University Computer Science Department:6667
#
# this let's ircd use the ip 128.197.13.20 to establish connections, useful
# if you're running virtual interfaces
#M:csa.bu.edu:128.197.13.20:Boston University Computer Science Department:6667
#
#
############################
# A: [MANDATORY]. This line lists your administrative information
# (contact address, etc). To view this information, /admin (server) will
# show it to you.
#
# A:<Your Name/Location>:<Your Electronic Mailing Addr>:<other information>::
#
A:Boston University CS Department:Helen Rose <hrose@cs.bu.edu>:Client Server::
#
#
############################
# P: [MANDATORY]. This field allows the server to listen on various ports
# for connections. Any internet domain port that is below 1024 means the
# ircd has to be run as root, or from inetd. The server can listen to ports
# in the UNIX domain or the internet domain. If you wish to create a port
# in the UNIX domain you must compile with UNIXPORT defined in config.h.
#
# P:<YOUR Internet IP#>:<*>:<Internet IP Mask>:<Port>:
# P:<Directory>:<*>:<*>:<Port>:
#
# Note that it's a good idea to open some more ports than 6667 for
# server-server connections and local clients in case some running wild
# client blocks the default 6667.
#
# the default, an internet domain socket on port 6667 listening on all
# ip addresses of the machine running ircd
P::::6667:
#
# an internet domain socket listening on port 6668 on address 206.252.192.20
# (again useful if you're running virtual interfaces)
P:206.252.192.20:::6668:
#
# an internet domain socket listening on port 6669 for connections from
# addresses matching 147.210.18.* :
P:::147.210.18.*:6669:
#
# This line is an example of a UNIX domain socket in /tmp
P:/tmp/.ircd:*:*:6666:
#
#
############################
# Y: [SUGGESTED]. These lines define connection classes. Connection
# classes allow you to fine-tune your client and server connections.
# Since the fields have different meanings for server and client classes
# you shouldn't mix them, and if you have lots of server connections (if
# you do have lots of servers you shouldn't be reading this file :-) each
# set of servers (defined arbitrarily by you) should have its own class.
# If you have clients coming in from lots of different sites, you may want
# to seperate them out into classes. For instance, you may want to put
# local users in one class, with remote users in another class. You may also
# want to put limits on some client classes (one client only for indials
# for example). In any larger network you definitely want to do this.
#
# For SERVER CLASSES, the fields are:
# Y:<Class>:<Ping Frequency>:<Connect freq>:<Max Links>:<SendQ>::
# 1 2 3 4 5 67
# 1 class number
# 2 ping frequency (in seconds)
# 3 connect frequency (in seconds)
# 4 maximum number of automatically initiated links in this class
# 5 sendq (this overrides any MAXSENDQLENGTH set in config.h)
# 6 unused for server classes
# 7 unused for server classes
#
# The class numbers are not arbitrary. In auto-connecting servers -- that is,
# servers that you have a port number (e.g. 6667) on the end of the C: line
# (see below) the higher the number the higher the priority in auto-connecting.
#
# Note that it is a good idea to have ping frequency the same at both ends
# of the link.
#
# this is a normal server connection (normal as of October, 1997)
# Y:<Class>:<Ping Frequencys>:<Connect freq>:<Max Links>:<SendQ>::
Y:2:90:300:1:4000000
#
#
# For CLIENT CLASSES, the fields are:
# Y:<Class>:<Ping Frequency>::<Max Links>:<SendQ>:<Local Limit>:<Global Limit>
# 1 2 3 4 5 6 7
# 1 class number
# 2 ping frequency (in seconds)
# 3 unused for client classes
# 4 maximum number of links in this class (per I line)
# 5 sendQ for each client
# 6 maximum number of links from this [user@]host on the server
# 7 maximum number of links from this [user@]host on the net
#
# local and global limits have the format <x>.<y> where x defines the maximum
# number of clients from the same host (IP) whereas y defines the maximum
# number of clients from the same user@host (IP) allowed to connect. the
# latter uses the identd replies to identify a user, falling back to an
# @host limit if no identd runs on the client and fails for identds generating
# dynamical answers.
#
# Note that any unset values default to zero which means 'unlimited'.
#
# Y:<Class>:<Ping Frequency>::<Max Links>:<SendQ>:<Local Limit>:<Global Limit>
# this is a class for multiuser systems allowing 10 local clients per host
Y:10:90::100:512000:10:32
#
# this is a class for multiuser systems running a trustworthy identd
Y:11:90::100:512000:0.1:0.2
#
# this is a class for single user systems (PCs, most indials, ...)
Y:12:90::100:512000:1:3
#
# this is a class for remote systems you want to allow as fallback only
# (if you run an open server in a net you might really want this)
Y:13:90::100:512000:1:1
#
#
############################
# i/I: [MANDATORY]. The I: lines are client-authorization lines. Without
# these lines, no clients will be able to connect to your server.
# Wildcards ("*") are permitted. Passwords are also possible (clients can
# be configured to send passwords) but optional. 'I' allows full access,
# 'i' sets restricted mode which forbids nick changes and channel op status.
#
# I:<TARGET Host Addr>:<Password>:<TARGET Hosts NAME>:<Port>:<Class>
# i:<TARGET Host Addr>:<Password>:<TARGET Hosts NAME>:<Port>:<Class>
#
# NOTE that ircd matches on the *right-most* match and doesn't stop matching
# after the <TARGET Hosts NAME> didn't match (see also examples below).
#
# Not that if <TARGET Hosts NAME> is empty ircd will show clients matching
# the <TARGET Host Addr> and do resolve as user@host. if an I:-line has both
# NAME and Addr defined and a client matches only the Addr part it will be
# shown as user@ip-address regardless if it does resolv or not.
#
# this would allow access for any client reaching this line which doesn't
# already have at least one connection to the net. if you run an open server
# in a net this might be the right choice, talk to your uplinks first anyway.
# resolving clients matching this line would be shown as user@host since
# the field <TARGET Hosts NAME> is empty.
# Note listing this i: line first, it will be read *last*, meaning it is
# the "fall-through".
#i:*@*::::13
# With the password 'foobar'
#i:*@*:foobar:::13
# Note that I:*::*.bu.edu:10 would also allow _all_ clients regardless
# if they're from *.bu.edu or not since ircd doesn't stop matching after the
# <TARGET Hosts NAME> didn't match.
#
# this would allow access for any client coming from *.net, *.org, *.com or
# other 3 char TLD
#i:::*@*.???:13
#
# this allows access for any client from the ip block 192.168.0.0/16
# regardless of its domain. if it's resolvable it will be shown as
# user@host since the field <TARGET Hosts NAME> is empty (useful to
# allow whole provider's blocks).
I:*@192.168.*::::12
#
# This is a standard vanilla I: line which will permit anyone with an IP
# address starting with 128.197 OR with a hostname ending in .bu.edu to
# connect to the server. NOTE, the ircd matches on the *right-most* match,
# so if I connect as hrose@csa.bu.edu (which is hrose@128.197.10.3) I will
# show up on irc as hrose@csa.bu.edu since that is the first match it
# found. (Even though the second match is valid).
I:*@128.197.*::*@*.bu.edu::10
#
# and you can even specify just certain usernames as long as the client's
# site is running a trustworthy ident daemon:
I:::hrose@csa.bu.edu::10
#
# this will limit access for indials to one client per host
I:::*@ppp*.bu.edu::12
I:::*@indial*.bu.edu::12
#
#
############################
# O: [OPTIONAL]. These lines define operator access. You do not need to
# have an operator to run a server. A well configured leaf site should not
# need an operator online, if it's connections are well defined, the irc
# administrator can use 'kill -HUP' on the ircd to reload the configuration
# file.
#
# O:<TARGET Host NAME>:<Password>:<Nickname>:<Port>:<Class>
#
# If the person in "Nickname" is not coming from the hostname defined in
# the first field then the person will get the error message "No O: lines
# for your host".
#
# Note that you don't need to use 'Nickname' to become operator, if you're
# using some other nick at that moment '/op Nickname' will do also.
#
O:*.bu.edu:Zaphod:Trillian::10
#
# and this line forces ident match:
O:hrose@csa.bu.edu:Zaphod:Trillian::10
#
# This line is a "local operator", it is specified with a lower-case "o"
#
# this line permits the nickname "jhs" with the password of "ITBites" to
# be a local operator only (be able to issue commands locally -- can /kill
# and /squit and /connect -- but *only* locally)
#
o:*.bu.edu:ITBites:jhs::10
#
# a crypted password line (NOTE that if you have crypted passwords, *all*
# of you passwords must be crypted! In fact, if you are getting an error
# "Incorrect Password" it may well be because crypted passwords are
# defined and you have used plaintext. So my example of plaintext and
# crypted strings in the same IRC server configuration file is an
# impossibility (but it is just theoretical, which is why I explained both).
#
O:rocker@csa.bu.edu:T0eiVgHrqeKTQ:Rocker::10
#
#
############################
# c/C: [NETWORKED]. These lines define what servers your server tries to
# connect to. 'c' means your server will support compression for this link
# if you've compiled with zlib, 'C' will enforce an uncompressed link.
# N: [NETWORKED]. These lines define what servers your server permits
# to connect.
#
# c/N lines MUST be used in pairs. You cannot have one without the other.
#
# C:<TARGET Host Addr>:<Password>:<TARGET Server NAME>:<TARGET PORT>:<Class>
# c:<TARGET Host Addr>:<Password>:<TARGET Server NAME>:<TARGET PORT>:<Class>
#
# if the target server listens on different ports you can use for <TARGET PORT>
# <port_to_connect_to>.<port_target_server_listens_for_udp_pings>.
# <TARGET Host Addr> can be also an ip address or CNAME.
#
# N:<TARGET Host Addr>:<Password>:<TARGET Server NAME>:<Domain Mask>:<Class>
#
# "domain mask" is the number of parts in *your* hostname to mask to. For
# instance, with my servername being "csa.bu.edu", if I wanted to present
# my servername to be "*.bu.edu" I would have a host-mask portion of "1".
#
# it is *strongly* advised that your c/N line passwords be different for
# security's sake.
#
# ident is allowed in the server's hostname part of the field.
# these lines tell the server to automatically (note the port number, that
# means automatic connection) connect to cs-ftp.bu.edu:
C:hrose@cs-ftp.bu.edu:bigspark:cs-ftp.bu.edu:6667:2
N:hrose@cs-ftp.bu.edu:bigalpha:cs-ftp.bu.edu::2
#
# This server's connection lines are more vanilla, masking the host to
# *.bu.edu (as described above):
C:irc-2.mit.edu:camelsrk00l:irc-2.mit.edu::2
N:irc-2.mit.edu:andsoarellamas:irc-2.mit.edu:1:2
#
# If you have defined ZIP_LINKS and wish the connection to irc-2.mit.edu to
# be compressed, you need to use a lowercase c. If the other server refuses
# or doesn't support compression it will fall back to an uncompressed link.
c:irc-2.mit.edu:camelsrk00l:irc-2.mit.edu::2
N:irc-2.mit.edu:andsoarellamas:irc-2.mit.edu:1:2
#
#
############################
# K: [OPTIONAL]. These lines define user@host patterns to be banned from
# this particular server (with an optional time field). Note that K: lines
# are *not* global, and if you ban a user they can still use any other IRC
# server (unless they have specifically been banned there as well).
# 'K' uses the the type unix reply from the client's identd if available or
# the USER information supplied by the client if not. 'k' uses the reply from
# the client's identd also if it's type other (it's prefixed with '-' then).
#
# K:<Host Name or IP>:<time interval(s)|comment>:<User>:<port>:
# k:<Host Name or IP>:<time interval(s)|comment>:<Auth>:<port>:
#
# wildcards are permitted in any one of the fields, in other words, you can
# K:*::* if you wanted (but your server wouldn't be used much ;-)
#
# Note that if you specify an IP address, or IP mask, it will match clients
# connecting from the matching addresses, no matter if they resolve or not.
# You can prefix an IP address or IP mask by '=' in which case only non
# resolving matching hosts will be banned.
#
# This k: line bans the username "FSSPR" (the wildcard is used to make
# sure that any ident-checking character will match) on any machine from
# the University of Alaska.
k:*.alaska.edu::*FSSPR:0
#
# This K: line bans any users from acs*.bu.edu between the hours of 8am
# and 12pm and 1pm and 5pm (the time is always the server's local time):
# Note that 24 hour time is used (no "AM" or "PM").
K:acs*.bu.edu:0800-1200,1300-1700:*:0
#
# This K: line bans any users from *foo.edu sending them the notice
# "Use server irc.bar" instead of the default notice
# "You are not welcome to this server"
K:*foo.edu:Use server irc.bar:*:0
#
# This K: line bans any users from *toto.fr from using the port 6667,
# and tells them to use port 6666 instead.
K:*toto.fr:Use port 6666:*:6667:
#
# This K: line bans any user from 129.69.0.0/16 as long the host doesn't run
# identd (no matter if it replies type unix or other) from all ports.
k:129.69.*:identd (rfc1413) required:unknown::
#
# This does the same but only for unresolvable clients
k:=129.69.*:identd (rfc1413) required:unknown::
#
#
############################
# L: [OPTIONAL]. These lines "Leaf" specified servers. They are only
# useful if you are a non-leaf site yourself. There are two ways you can
# use L: lines. The first will limit one particular site to a particular
# tree depth (including 0, which would mean the server has to connect with
# no servers linked behind it otherwise the connection will fail). The
# second will allow you to be selective about which other servers you wish
# the connecting server to behave as a leaf towards.
#
# The fields are as follows:
# L:disallow connections to this hostmask::server name:depth
# For example, this will force kaja.gi.alaska.edu to connect only as a
# leaf (if it is not a leaf, the link will be dropped):
L:::kaja.gi.alaska.edu::
# This line will force cm5.eng.umd.edu to have a depth of only 1 below it
# (that is, it is allowed to have only leaves connected to it):
L:::cm5.eng.umd.edu:1:
#
# This line will prohibit anything matching *.edu to be connected behind
# any server matching *.au:
L:*.edu::*.au::
#
#
############################
# H: [OPTIONAL]. These lines define who you permit to act as a "hub" to
# you (that is, who you permit to connect non-leafed servers to you).
#
# the first field may use wildcards, the third field *must* be an exact
# match for a server's name (NOT a server's hostname, if they differ, the
# server's name must be used). If the servername is a wildcard (e.g. *.au)
# that is an acceptable name for the third field.
#
# The fields are as follows:
# H:servers which are permitted entry::hub server
#
# Example, permit cs-ftp.bu.edu to allow any servers behind it to connect:
H:*::cs-ftp.bu.edu::
#
# Example, permit irc-2.mit.edu to allow any MIT servers behind it to
# connect:
H:*.mit.edu::irc-2.mit.edu::
#
#
############################
# D: [OPTIONAL]. Control how auto connections are done. This will be mostly
# useful for networks with complex configurations.
#
# D:<Denied Server Mask>:<Denied Class>:<Server Mask>:<Server Class>:
# 1 2 3 4
#
# If a server matching <Denied Server Mask> or a server in <Denied Class>
# is present ircd won't auto connect to any server matching <Server Mask>
# or being in <Server Class> although auto connect for those is active.
#
# Example, don't auto connect to *.fi if some server of *.edu is already
# linked
D:*.edu::*.fi::
#
# Example, don't auto connect to *.fi or any server in class '3' if a
# server from our class '2' is already present
D::2:*.fi:3:
#
#
############################
# V: [OPTIONAL]. These lines define restrictions on servers connecting to
# you.
#
# The first and third fields accept wildcards. The fields are as follow:
# V:<Version Mask>:<Flags>:<Server Mask>::
#
# Example, you believe 2.9.1 is a really old version, and you want your
# peers to upgrade:
V:020901*::*::
#
# If you are running a production network, you most likely don't want to
# allow servers compiled in DEBUGMODE which is a threat for the net
# as well as for the privacy of the users:
V:*:D:*::
#
# Finally, you don't want *.edu servers to be version 2.9.2 *OR* to be
# compiled with remote oper kills enabled:
V:020902*:K:*.edu::
#
#
############################
# B: [SUGGESTED]. These lines define the alternate servers that the users
# will be redirected to if your server is full.
#
# The fiels are as follow:
# B:<Class|Host Mask>::<Server Name>:<Port>:
#
# For example, if you want to redirect your users to irc.stealth.net on port
# 6667 when your server is full, use:
B:-1::irc.stealth.net:6667:
#
# To redirect *.fi users when your server cannot accept any new user with
# a hostname matching *.fi, use:
B:*.fi::irc.funet.fi:6667:
#
#
############################
# S: [OPTIONAL]. These lines define services allowed to connect to your
# server. Each service needs a separate line which only allows him to
# connect once. Remember to compile the ircd with #define USE_SERVICES
# in config.h, otherwise you can't use services.
#
# The fields are as follow:
# S:<TARGET Host Mask>:<Password>:<Service Name>:<Service Type>:<Class>
#
# Example, you want to allow a local information service:
S:eep.local.net:thisisapassword:EepInfo:0:1
#
# Another example, ircd versions since 04/10/1999 support also a hex
# mask. This is a temporary kline service (tkserv) as you can find it in
# contrib/tkserv :
S:eep.local.net:thisisapassword:TkEep:0x2000000:1
#
#
############################
# U: [NOT NECESSARY]. This line defines the default server for the IRC
# client that ships with the server -- the default client is in irc/irc
# You should not use U: lines but instead use the UPHOST definition in
# config.h
U:csa.bu.edu:foobar:csa.bu.edu
#
#
############################
# R: [DISCOURAGED]. These lines restrict user access based on a more
# stringent checking system than is available in the K: line. It looks for
# a match (based on hostname and username) and then runs an outside
# program (which MUST be specified using a full pathname). The output of
# the program should be a string in the form "Y <message>" (which permits
# access for the user) or "N <message>" (which denies access for the
# user). If "Y <message>" is received by the server, the server ignores
# the message and permits access for the user. If "N <message>" is
# returned, the server tells the user that he/she is not permitted to
# access that irc server, and gives the reason.
#
# Again, like K: lines, R: lines are local and thus not very effective in
# blocking certain machines from having IRC access.
#
# Use of R: requires that you have defined R_LINES in config.h
#
# The fields are as follows:
# R:hostmask:/full/path/to/program:username
# you can use wildcards in either the hostmask or username portion
#
R:csl.bu.edu:/home/hrose/bin.sun3/sun3access:*::
#
#
############################
# Q: [DISCOURAGED]. These lines "quarantine" specified servers. Because
# of the way they operates, the same Q: lines MUST be installed by
# everyone or the net will keep breaking. I CANNOT EMPHASIZE THIS ENOUGH.
# Do NOT use Q: lines lightly!
#
# The fields are as follows:
# Q:*:reason why quarantine is in place:servername
#
Q::this server is too slow and lags the net:cm5.eng.umd.edu::
|