1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
|
########################################################################
# #
# ___ ___ ____ ____ _ #
# |_ _|_ __ ___ _ __|_ _| _ \ / ___|__| | #
# | || '_ \/ __| '_ \| || |_) | | / _` | #
# | || | | \__ \ |_) | || _ <| |__| (_| | #
# |___|_| |_|___/ .__/___|_| \_\\____\__,_| #
# |_| #
# ____ __ _ _ _ #
# / ___|___ _ __ / _(_) __ _ _ _ _ __ __ _| |_(_) ___ _ __ #
# | | / _ \| '_ \| |_| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ #
# | |__| (_) | | | | _| | (_| | |_| | | | (_| | |_| | (_) | | | | #
# \____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| #
# |___/ #
# #
##################################||####################################
#||#
##################################||####################################
# #
# This is an example of the config file for InspIRCd. #
# Change the options to suit your network. #
# #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# Lines prefixed with READ THIS BIT, as shown above, are IMPORTANT #
# lines, and you REALLY SHOULD READ THEM. Yes, THIS MEANS YOU. Even #
# if you've configured InspIRCd before, these probably indicate #
# something new or different to this version and you SHOULD READ IT. #
# #
########################################################################
#-#-#-#-#-#-#-#-#-# CONFIGURATION FORMAT #-#-#-#-#-#-#-#-#-#-#-#-#-#-
# #
# In order to maintain compatibility with older configuration files, #
# you can change the configuration parser to parse as it did in #
# previous releases. When using the "compat" format, you need to use #
# C++ escape sequences (e.g. \n) instead of XML ones (e.g. &nl;) and #
# can not use <define> to create macros. #
#<config format="compat">
#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional tag allows you to include another config file #
# allowing you to keep your configuration tidy. The configuration #
# file you include will be treated as part of the configuration file #
# which includes it, in simple terms the inclusion is transparent. #
# #
# All paths to config files are relative to the config directory. #
# #
# You may also include an executable file, in which case if you do so #
# the output of the executable on the standard output will be added #
# to your config at the point of the include tag. #
# #
# Syntax is as follows: #
#<include file="file.conf"> #
#<include directory="modules"> #
#<include executable="/path/to/executable parameters"> #
# #
# Executable include example: #
#<include executable="/usr/bin/wget -q -O - https://example.com/inspircd.conf">
# #
#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#
# #
# You can define variables that will be substituted later in the #
# configuration file. This can be useful to allow settings to be #
# easily changed, or to parameterize a remote includes. #
# #
# Variables may be redefined and may reference other variables. #
# Value expansion happens at the time the tag is read. #
<define name="bindip" value="1.2.2.3">
<define name="localips" value="&bindip;/24">
#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
# #
# Here is where you enter the information about your server. #
# #
<server
# name: Hostname of your server. Does not need to resolve, but
# does need to be correct syntax (something.somethingelse.tld).
name="penguin.omega.example.org"
# description: Server description. Spaces are allowed.
description="Waddle World"
# id: The SID to use for this server. This should not be uncommented
# unless there is a SID conflict. This must be three characters long.
# The first character must be a digit [0-9], the remaining two chars
# may be letters [A-Z] or digits.
#id="97K"
# network: Network name given on connect to clients.
# Should be the same on all servers on the network.
network="Omega">
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
# Describes the Server Administrator's real name (optionally), #
# nick, and email address. #
# #
<admin
# name: Real Name
name="Johnny English"
# nick: Nickname (preferably what you use on the network)
nick="MI5"
# email: email address. Does not have to be valid
# but should be for the users to be able to contact you.
email="MI5@the.best.secret.agent">
#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# Configure the port and address bindings here. #
# #
# TLS (SSL) listener that binds on a TCP/IP endpoint:
<bind
# address: IP address to bind to if the box that you are hosting
# on has more than one IP, else the ircd will try to bind to all
# IP's on the box if this is not defined.
address=""
# port: Port for users or servers to be able to connect to.
# you can select multiple ports by separating them
# with a - character like the example below.
port="6697"
# type: Type of bind block this is. It can either be clients or
# servers. Whichever you select will be the only type able to connect
# to this bind section.
type="clients"
# ssl: If you want the port(s) in this bind tag to use TLS (SSL), set this
# to the name of a custom <sslprofile> tag that you have defined. See the
# docs page for the TLS (SSL) module you are using for more details:
#
# GnuTLS: https://docs.inspircd.org/3/modules/ssl_gnutls#sslprofile
# mbedTLS: https://docs.inspircd.org/3/modules/ssl_mbedtls#sslprofile
# OpenSSL: https://docs.inspircd.org/3/modules/ssl_openssl#sslprofile
#
# You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls
# for GnuTLS and ssl_mbedtls for mbedTLS.
ssl="Clients"
# defer: When this is non-zero, connections will not be handed over to
# the daemon from the operating system before data is ready.
# In Linux, the value indicates the time period we'll wait for a
# connection to come up with data. Don't set it too low!
# In BSD the value is ignored; only zero and non-zero is possible.
# Windows ignores this parameter completely.
# Note: This does not take effect on rehash.
# To change it on a running bind, you'll have to comment it out,
# rehash, comment it in and rehash again.
defer="0"
# free: When this is enabled the listener will be created regardless of
# whether the interface that provides the bind address is available. This
# is useful for if you are starting InspIRCd on boot when the server may
# not have brought the network interfaces up yet.
free="no">
# Plaintext listener that binds on a TCP/IP endpoint:
<bind address="" port="6667" type="clients">
# Listener that binds on a UNIX endpoint (not supported on Windows):
#<bind
# path: The location to store the UNIX socket
#path="/tmp/inspircd.sock"
# type: Type of bind block this is. It can either be clients or
# servers. Whichever you select will be the only type able to connect
# to this bind section.
#type="clients"
# permissions: The octal permissions to set on the UNIX socket after it has
# been created. If you are not familiar with octal permissions you should
# not define this or refer to http://permissions-calculator.org for help.
# Note: This does not take effect on rehash.
# To change it on a running bind, you'll have to comment it out,
# rehash, comment it in and rehash again.
#permissions=""
# replace: if the UNIX socket path already exists then remove it before
# attempting to create the new one. This is strongly recommended as it
# allows InspIRCd to create sockets in cases where it previously did not
# shut down cleanly and left a zombie socket behind.
#replace="yes">
# Listener accepting HTML5 WebSocket connections.
# Requires the websocket module and SHA-1 hashing support (provided by the sha1
# module).
#<bind address="" port="7002" type="clients" hook="websocket">
# You can define a custom <sslprofile> tag which defines the TLS (SSL) configuration
# for these listeners. See the docs page for the TLS (SSL) module you are using for
# more details.
#
# Alternatively, you can use one of the default TLS (SSL) profiles which are created
# when you have not defined any:
# "openssl" (requires the ssl_openssl module)
# "gnutls" (requires the ssl_gnutls module)
# "mbedtls" (requires the ssl_mbedtls module)
#
# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are
# completely link-compatible and can be used alongside each other on each end
# of the link without any significant issues.
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you can configure which connections are allowed #
# and denied access onto your server. The password is optional. #
# You may have as many of these as you require. To allow/deny all #
# connections, use a '*' or 0.0.0.0/0. #
# #
# -- It is important to note that connect tags are read from the -- #
# TOP DOWN. This means that you should have more specific deny #
# and allow tags at the top, progressively more general, followed #
# by a <connect allow="*"> (should you wish to have one). #
# #
# Connect blocks are searched twice for each user - once when the TCP #
# connection is accepted, and once when the user completes their #
# registration. Most of the information (hostname, ident response, #
# password, TLS (SSL) when using STARTTLS, etc) is only available #
# during the second search. If you are trying to make a closed server #
# you will probably need a connect block just for user registration. #
# This can be done by using <connect registered="no"> #
# To enable IRCCloud on your network uncomment this:
#<include file="examples/providers/irccloud.conf.example">
# A connect class with <connect:deny> set denies connections from the specified host/IP range.
<connect
# deny: Will not let people connect if they have specified host/IP.
deny="3ffe::0/32"
# reason: The message that users will see if they match a deny block.
reason="The 6bone address space is deprecated">
# A connect class with <connect:allow> set allows c from the specified host/IP range.
<connect
# name: Name to use for this connect block. Mainly used for
# connect class inheriting.
name="secret"
# parent: This setting is to specify if this connect class
# inherits settings from any other. Put the other class's name
# in here to use its settings as a template - for example, if
# you only want to adjust sendq and a password
parent="main"
# allow: The IP address or hostname of clients that can use this
# class. You can specify either an exact match, a glob match, or
# a CIDR range here.
allow="203.0.113.*"
# hash: the hash function this password is hashed with. Requires the
# module for the selected function (bcrypt, md5, sha1, or sha256) and
# the password hashing module (password_hash) to be loaded.
#
# You may also use any of the above other than bcrypt prefixed with
# either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module).
# Create hashed passwords with: /MKPASSWD <hashtype> <plaintext>
#hash="bcrypt"
# password: Password to use for this block/user(s)
password="secret"
# maxchans: Maximum number of channels a user in this class
# can be in at one time.
maxchans="20"
# timeout: How long the server will wait before disconnecting
# a user if they do not do anything on connect.
# (Note, this is a client-side thing, if the client does not
# send /NICK, /USER or /PASS)
timeout="20"
# localmax: Maximum local connections per IP (or CIDR mask, see below).
localmax="3"
# globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below).
globalmax="3"
# maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to yes)
maxconnwarn="no"
# resolvehostnames: If disabled, no DNS lookups will be performed on connecting users
# in this class. This can save a lot of resources on very busy servers.
resolvehostnames="yes"
# usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes.
# This setting only has effect when the dnsbl module is loaded.
#usednsbl="yes"
# useident: Defines if users in this class MUST respond to a ident query or not.
useident="no"
# usests: Whether a STS policy should be advertised to users in this class.
# This setting only has effect when the ircv3_sts module is loaded.
#usests="no"
# webirc: Restricts usage of this class to the specified WebIRC gateway.
# This setting only has effect when the cgiirc module is loaded.
#webirc="name"
# limit: How many users are allowed in this class
limit="5000"
# modes: User modes that are set on users in this block on connect.
# Enabling this option requires that the conn_umodes module be loaded.
# This entry is highly recommended to use for/with IP cloaking/masking.
# For the example to work, this also requires that the cloaking
# module be loaded as well.
modes="+x"
# requireident: Require that users of this block have a valid ident response.
# Requires the ident module to be loaded.
#requireident="yes"
# requiressl: Require that users of this block use a TLS (SSL) connection.
# This can also be set to "trusted", as to only accept client certificates
# issued by a certificate authority that you can configure in the
# settings of the TLS (SSL) module that you're using.
# Requires the sslinfo module to be loaded.
#requiressl="yes"
# requireaccount: Require that users of this block have authenticated to a
# services account.
# NOTE: You must complete the signon prior to full connection. Currently,
# this is only possible by using SASL authentication; passforward
# and PRIVMSG NickServ happen after your final connect block has been found.
# Requires the services_account module to be loaded.
#requireaccount="yes"
# Alternate MOTD file for this connect class. The contents of this file are
# specified using <files secretmotd="filename"> or <execfiles ...>
#
# NOTE: the following escape sequences for IRC formatting characters can be
# used in your MOTD:
# Bold: \b
# Color: \c<fg>[,<bg>]
# Italic: \i
# Monospace: \m (not widely supported)
# Reset: \x
# Reverse: \r
# Strikethrough: \s (not widely supported)
# Underline: \u
# See https://defs.ircdocs.horse/info/formatting.html for more information
# on client support for formatting characters.
motd="secretmotd"
# port: What port range this user is allowed to connect on. (optional)
# The ports MUST be set to listen in the bind blocks above.
port="6697,9999">
<connect
# name: Name to use for this connect block. Mainly used for
# connect class inheriting.
name="main"
# allow: The IP address or hostname of clients that can use this
# class. You can specify either an exact match, a glob match, or
# a CIDR range here.
allow="*"
# maxchans: Maximum number of channels a user in this class
# can be in at one time.
maxchans="20"
# timeout: How long the server will wait before disconnecting
# a user if they do not do anything on connect.
# (Note, this is a client-side thing, if the client does not
# send /NICK, /USER or /PASS)
timeout="20"
# pingfreq: How often the server tries to ping connecting clients.
pingfreq="2m"
# hardsendq: maximum amount of data allowed in a client's send queue
# before they are dropped. Keep this value higher than the length of
# your network's /LIST or /WHO output, or you will have lots of
# disconnects from sendq overruns!
# Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc.
hardsendq="1M"
# softsendq: amount of data in a client's send queue before the server
# begins delaying their commands in order to allow the sendq to drain
softsendq="10240"
# recvq: amount of data allowed in a client's queue before they are dropped.
# Entering "10K" is equivalent to "10240", see above.
recvq="10K"
# threshold: This specifies the amount of command penalty a user is allowed to have
# before being quit or fakelagged due to flood. Normal commands have a penalty of 1,
# ones such as /OPER have penalties up to 10.
#
# If you are not using fakelag, this should be at least 20 to avoid excess flood kills
# from processing some commands.
threshold="10"
# commandrate: This specifies the maximum rate that commands can be processed.
# If commands are sent more rapidly, the user's penalty will increase and they will
# either be fakelagged or killed when they reach the threshold
#
# Units are millicommands per second, so 1000 means one line per second.
commandrate="1000"
# fakelag: Use fakelag instead of killing users for excessive flood
#
# Fake lag stops command processing for a user when a flood is detected rather than
# immediately killing them; their commands are held in the recvq and processed later
# as the user's command penalty drops. Note that if this is enabled, flooders will
# quit with "RecvQ exceeded" rather than "Excess Flood".
fakelag="yes"
# localmax: Maximum local connections per IP.
localmax="3"
# globalmax: Maximum global (network-wide) connections per IP.
globalmax="3"
# resolvehostnames: If disabled, no DNS lookups will be performed on connecting users
# in this class. This can save a lot of resources on very busy servers.
resolvehostnames="yes"
# useident: Defines if users in this class must respond to a ident query or not.
useident="no"
# usests: Whether a STS policy should be advertised to users in this class.
# This setting only has effect when the ircv3_sts module is loaded.
#usests="no"
# limit: How many users are allowed in this class
limit="5000"
# modes: User modes that are set on users in this block on connect.
# Enabling this option requires that the conn_umodes module be loaded.
# This entry is highly recommended to use for/with IP cloaking/masking.
# For the example to work, this also requires that the cloaking
# module be loaded as well.
modes="+x">
#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# CIDR configuration allows detection of clones and applying of #
# throttle limits across a CIDR range. (A CIDR range is a group of #
# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
# represented as 192.168.1.0/24). This means that abuse across an ISP #
# is detected and curtailed much easier. Here is a good chart that #
# shows how many IPs the different CIDRs correspond to: #
# https://en.wikipedia.org/wiki/IPv4_subnetting_reference #
# https://en.wikipedia.org/wiki/IPv6_subnetting_reference #
# #
<cidr
# ipv4clone: specifies how many bits of an IP address should be
# looked at for clones. The default only looks for clones on a
# single IP address of a user. You do not want to set this
# extremely low. (Values are 0-32).
ipv4clone="32"
# ipv6clone: specifies how many bits of an IP address should be
# looked at for clones. The default only looks for clones on a
# single IP address of a user. You do not want to set this
# extremely low. (Values are 0-128).
ipv6clone="128">
# This file has all the information about oper classes, types and o:lines.
# You *MUST* edit it.
#<include file="examples/opers.conf.example">
# This file has all the information about server links and ulined servers.
# You *MUST* edit it if you intend to link servers.
#<include file="examples/links.conf.example">
#-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
# Files block - contains files whose contents are used by the ircd
#
# motd - displayed on connect and when a user executes /MOTD
# Modules can also define their own files
<files motd="examples/motd.txt.example">
# Example of an executable file include. Note this will be read on rehash,
# not when the command is run.
#<execfiles motd="wget -O - https://www.example.com/motd.txt">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# If these values are not defined, InspIRCd uses the default DNS resolver
# of your system.
<dns
# server: DNS server to use to attempt to resolve IP's to hostnames.
# in most cases, you won't need to change this, as inspircd will
# automatically detect the nameserver depending on /etc/resolv.conf
# (or, on Windows, your set nameservers in the registry.)
# Note that this must be an IP address and not a hostname, because
# there is no resolver to resolve the name until this is defined!
#
# server="127.0.0.1"
# timeout: time to wait to try to resolve DNS/hostname.
timeout="5">
# An example of using an IPv6 nameserver
#<dns server="::1" timeout="5">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Define the path to the PID file here. The PID file can be used to #
# rehash the ircd from the shell or to terminate the ircd from the #
# shell using shell scripts, perl scripts, etc... and to monitor the #
# ircd's state via cron jobs. If this is a relative path, it will be #
# relative to the runtime directory, and if it is not defined, the #
# default of 'inspircd.pid' is used. #
# #
#<pid file="/path/to/inspircd.pid">
#-#-#-#-#-#-#-#-#-#-#-#-#- LIST MODE LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The <maxlist> tag is used customise the maximum number of each list #
# mode that can be set on a channel. #
# The tags are read from top to bottom and the list mode limit from #
# the first tag found which matches the channel name and mode type is #
# applied to that channel. #
# It is advisable to put an entry with the channel as '*' at the #
# bottom of the list. If none are specified or no maxlist tag is #
# matched, the banlist size defaults to 100 entries. #
# #
# Allows #largechan to have up to 200 ban entries.
#<maxlist mode="ban" chan="#largechan" limit="200">
# Allows #largechan to have up to 200 ban exception entries.
#<maxlist mode="e" chan="#largechan" limit="200">
# Allows all channels and list modes not previously matched to have
# up to 100 entries.
<maxlist chan="*" limit="100">
#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Settings to define which features are usable on your server. #
# #
<options
# prefixquit: What (if anything) users' quit messages
# should be prefixed with.
prefixquit="Quit: "
# suffixquit: What (if anything) users' quit messages
# should be suffixed with.
suffixquit=""
# prefixpart: What (if anything) users' part messages
# should be prefixed with.
prefixpart="""
# NOTE: Use "\"" instead of """ if not using <config format="xml">
# suffixpart: What (if anything) users' part message
# should be suffixed with.
suffixpart="""
# fixedquit: Set all users' quit messages to this value.
#fixedquit=""
# fixedpart: Set all users' part messages in all channels
# to this value.
#fixedpart=""
# syntaxhints: If enabled, if a user fails to send the correct parameters
# for a command, the ircd will give back some help text of what
# the correct parameters are.
syntaxhints="no"
# casemapping: This sets the case mapping method to be used by the
# server. This MUST be the same on all servers. Possible values are:
# "ascii" (recommended)
# "rfc1459" (default, required for linking to 2.0 servers)
# NOTE: if you are using the nationalchars module this setting will be
# ignored. You should use <nationalchars:casemapping> instead.
casemapping="ascii"
# cyclehostsfromuser: If enabled, the source of the mode change for
# cyclehosts will be the user who cycled. This can look nicer, but
# triggers anti-takeover mechanisms of some obsolete bots.
cyclehostsfromuser="no"
# announcets: If set to yes, when the timestamp on a channel changes, all users
# in the channel will be sent a NOTICE about it.
announcets="yes"
# allowmismatch: Setting this option to yes will allow servers to link even
# if they don't have the same "optionally common" modules loaded. Setting this to
# yes may introduce some desyncs and unwanted behaviour.
allowmismatch="no"
# defaultbind: Sets the default for <bind> tags without an address. Choices are
# ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
# falling back to IPv4 otherwise.
defaultbind="auto"
# hostintopic: If enabled, channels will show the host of the topic setter
# in the topic. If set to no, it will only show the nick of the topic setter.
hostintopic="yes"
# pingwarning: If a server does not respond to a ping within this period,
# it will send a notice to opers with snomask +l informing that the server
# is about to ping timeout.
pingwarning="15"
# serverpingfreq: How often pings are sent between servers.
serverpingfreq="1m"
# splitwhois: Whether to split private/secret channels from normal channels
# in WHOIS responses. Possible values for this are:
# 'no' - list all channels together in the WHOIS response regardless of type.
# 'split' - split private/secret channels to a separate WHOIS response numeric.
# 'splitmsg' - the same as split but also send a message explaining the split.
splitwhois="no"
# defaultmodes: What modes are set on a empty channel when a user
# joins it and it is unregistered.
defaultmodes="not"
# xlinemessage: This is the text that is sent to a user when they are
# banned from the server.
xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help."
# allowzerolimit: If enabled then allow a limit of 0 to be set on channels.
# This is non-standard behaviour and should only be enabled if you need to
# link with servers running 2.0. Defaults to yes.
allowzerolimit="no"
# modesinlist: If enabled then the current channel modes will be shown
# in the /LIST response. Defaults to yes.
modesinlist="no"
# exemptchanops: Allows users with with a status mode to be exempt
# from various channel restrictions. Possible restrictions are:
# - anticaps Channel mode +B - blocks messages with too many capital
# letters (requires the anticaps module).
# - auditorium-see Permission required to see the full user list of
# a +u channel (requires the auditorium module).
# - auditorium-vis Permission required to be visible in a +u channel
# (requires the auditorium module).
# - blockcaps Channel mode +B - blocks messages with too many capital
# letters (requires the blockcaps module).
# - blockcolor Channel mode +c - blocks messages with formatting codes
# (requires the blockcolor module).
# - censor Channel mode +G - censors messages based on the network
# configuration (requires the censor module).
# - filter Channel mode +g - blocks messages containing the given
# glob mask (requires the chanfilter module).
# - flood Channel mode +f - kicks (and bans) on text flood of a
# specified rate (requires the messageflood module).
# - nickflood Channel mode +F - blocks nick changes after a specified
# rate (requires the nickflood module).
# - noctcp Channel mode +C - blocks any CTCPs to the channel
# (requires the noctcp module).
# - nonick Channel mode +N - prevents users on the channel from
# changing nicks (requires the nonicks module).
# - nonotice Channel mode +T - blocks /NOTICEs to the channel
# (requires the nonotice module).
# - regmoderated Channel mode +M - blocks unregistered users from
# speaking (requires the services account module).
# - stripcolor Channel mode +S - strips formatting codes from
# messages (requires the stripcolor module).
# - topiclock Channel mode +t - limits changing the topic to (half)ops
# You can also configure this on a per-channel basis with a channel mode and
# even negate the configured exemptions below.
# See exemptchanops in modules.conf.example for more details.
exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o"
# invitebypassmodes: This allows /INVITE to bypass other channel modes.
# (Such as +k, +j, +l, etc.)
invitebypassmodes="yes"
# nosnoticestack: This prevents snotices from 'stacking' and giving you
# the message saying '(last message repeated X times)'. Defaults to no.
nosnoticestack="no">
#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
# #
<performance
# netbuffersize: Size of the buffer used to receive data from clients.
# The ircd may only read this amount of text in 1 go at any time.
netbuffersize="10240"
# somaxconn: The maximum number of connections that may be waiting
# in the accept queue. This is *NOT* the total maximum number of
# connections per server. Some systems may only allow this to be up
# to 5, while others (such as Linux and *BSD) default to 128.
# Setting this above the limit imposed by your OS can have undesired
# effects.
somaxconn="128"
# softlimit: This optional feature allows a defined softlimit for
# connections. If defined, it sets a soft max connections value.
softlimit="12800"
# clonesonconnect: If this is set to no, we won't check for clones
# on initial connection, but only after the DNS check is done.
# This can be useful where your main class is more restrictive
# than some other class a user can be assigned after DNS lookup is complete.
# Turning this option off will make the server spend more time on users we may
# potentially not want. Normally this should be negligible, though.
# Default value is yes
clonesonconnect="yes"
# timeskipwarn: The time period that a server clock can jump by before
# operators will be warned that the server is having performance issues.
timeskipwarn="2s"
# quietbursts: When syncing or splitting from a network, a server
# can generate a lot of connect and quit messages to opers with
# +C and +Q snomasks. Setting this to yes squelches those messages,
# which makes it easier for opers, but degrades the functionality of
# bots like BOPM during netsplits.
quietbursts="yes">
#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
<security
# allowcoreunload: If this value is set to yes, Opers will be able to
# unload core modules (e.g. core_privmsg).
allowcoreunload="no"
# announceinvites: This option controls which members of the channel
# receive an announcement when someone is INVITEd. Available values:
# 'none' - don't send invite announcements
# 'all' - send invite announcements to all members
# 'ops' - send invite announcements to ops and higher ranked users
# 'dynamic' - send invite announcements to halfops (if available) and
# higher ranked users. This is the recommended setting.
announceinvites="dynamic"
# hideulines: If this value is set to yes, U-lined servers will
# be hidden from non-opers in /LINKS and /MAP.
hideulines="no"
# flatlinks: If this value is set to yes, /MAP and /LINKS will
# be flattened when shown to non-opers.
flatlinks="no"
# hideserver: When defined, the given text will be used in place
# of the server name in public messages. As with <server:name> this
# does not need to resolve but does need to be a valid hostname.
#
# NOTE: enabling this will cause users' idle times to only be shown
# when a remote whois (/WHOIS <nick> <nick>) is used.
#hideserver="*.example.com"
# hidebans: If this value is set to yes, when a user is banned ([KGZ]-lined)
# only opers will see the ban message when the user is removed
# from the server.
hidebans="no"
# hidekills: If defined, replaces who executed a /KILL with a custom string.
hidekills=""
# hideulinekills: Hide kills from clients of ulined servers from server notices.
hideulinekills="yes"
# hidesplits: If enabled, non-opers will not be able to see which
# servers split in a netsplit, they will only be able to see that one
# occurred (If their client has netsplit detection).
hidesplits="no"
# maxtargets: Maximum number of targets per command.
# (Commands like /NOTICE, /PRIVMSG, /KICK, etc)
maxtargets="20"
# customversion: A custom message to be displayed in the comments field
# of the VERSION command response. This does not hide the InspIRCd version.
customversion=""
# runasuser: If this is set, InspIRCd will attempt to switch
# to run as this user, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasuser=""
# runasgroup: If this is set, InspIRCd will attempt to switch
# to run as this group, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasgroup=""
# restrictbannedusers: If this is set to yes, InspIRCd will not allow users
# banned on a channel to change nickname or message channels they are
# banned on. This can also be set to silent to restrict the user but not
# notify them.
restrictbannedusers="yes"
# genericoper: Setting this value to yes makes all opers on this server
# appear as 'is a server operator' in their WHOIS, regardless of their
# oper type, however oper types are still used internally. This only
# affects the display in WHOIS.
genericoper="no"
# userstats: /STATS commands that users can run (opers can run all).
userstats="Pu">
#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# This configuration tag defines the maximum sizes of various types #
# on IRC, such as the maximum length of a channel name, and the #
# maximum length of a channel. These values should match network-wide #
# otherwise issues will occur. #
# #
# The highest safe value you can set any of these options to is 500, #
# but it is recommended that you keep them somewhat #
# near their defaults (or lower). #
<limits
# maxnick: Maximum length of a nickname.
maxnick="30"
# maxchan: Maximum length of a channel name.
maxchan="64"
# maxmodes: Maximum number of mode changes per line.
maxmodes="20"
# maxident: Maximum length of a ident/username.
maxident="10"
# maxhost: Maximum length of a hostname.
maxhost="64"
# maxquit: Maximum length of a quit message.
maxquit="255"
# maxtopic: Maximum length of a channel topic.
maxtopic="307"
# maxkick: Maximum length of a kick message.
maxkick="255"
# maxreal: Maximum length of a real name.
maxreal="128"
# maxaway: Maximum length of an away message.
maxaway="200">
#-#-#-#-#-#-#-#-#-#-#-#-# PATHS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This configuration tag defines the location that InspIRCd stores #
# various types of files such as configuration files, log files and #
# modules. You will probably not need to change these from the values #
# set when InspIRCd was built unless you are using a binary package #
# where you do not have the ability to set build time configuration. #
#<path configdir="conf" datadir="data" logdir="logs" moduledir="modules">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Logging
# -------
#
# Logging is covered with the <log> tag, which you may use to change
# the behaviour of the logging of the IRCd.
#
# An example log tag would be:
# <log method="file" type="OPER" level="default" target="opers.log">
# which would log all information on /OPER (failed and successful) to
# a file called opers.log.
#
# There are many different types which may be used, and modules may
# generate their own. A list of useful types:
# - USERS - information relating to user connection and disconnection
# - OPER - successful and failed oper attempts
# - KILL - kill related messages
# - FILTER - messages related to filter matches (filter module)
# - CONFIG - configuration related messages
# - COMMAND - die and restart messages, and messages related to unknown user types
# - SOCKET - socket engine informational/error messages
# - MODULE - module related messages
# - STARTUP - messages related to starting up the server
#
# You may also log *everything* by using a type of *, and subtract things out
# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
#
# Useful levels are:
# - default (general messages, including errors)
# - sparse (misc error messages)
# - debug (debug messages)
#
# Some types only produce output in the debug level, those are:
# - BANCACHE - ban cache debug messages
# - CHANNELS - information relating to joining/creating channels
# - CULLLIST - debug messages related to issues with removing users
# - RESOLVER - DNS related debug messages
# - CONNECTCLASS - Connection class debug messages
# - USERINPUT
# - USEROUTPUT
#
# If your server is producing a high levels of log messages you can also set the
# flush="[positive number]" attribute to specify how many log messages should be
# buffered before flushing to disk. You should probably not specify this unless
# you are having problems.
#
# The following log tag is highly default and uncustomised. It is recommended you
# sort out your own log tags. This is just here so you get some output.
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="ircd.log">
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag lets you define the behaviour of the /WHOWAS command of #
# your server. #
# #
<whowas
# groupsize: Maximum entries per nick shown when performing
# a /WHOWAS <nick>.
groupsize="10"
# maxgroups: Maximum number of nickgroups that can be added to
# the list so that /WHOWAS does not use a lot of resources on
# large networks.
maxgroups="100000"
# maxkeep: Maximum time a nick is kept in the whowas list
# before being pruned. Time may be specified in seconds,
# or in the following format: 1y2w3d4h5m6s. Minimum is
# 1 hour.
maxkeep="3d">
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The ban tags define nick masks, host masks and ip ranges which are #
# banned from your server. All details in these tags are local to #
# Your server. #
# #
<badip
# ipmask: IP range to ban. Wildcards and CIDR can be used.
ipmask="192.0.2.69"
# reason: Reason to display when user is disconnected.
reason="No porn here thanks.">
<badnick
# nick: Nick to disallow. Wildcards are supported.
nick="Tr0ll123"
# reason: Reason to display on /NICK.
reason="Don't use this nick.">
<badhost
# host: ident@hostname to ban.
# Wildcards and CIDR (if you specify an IP) can be used.
host="*@banneduser.example.net"
# reason: Reason to display when user is disconnected
reason="Evading Bans">
<badhost host="root@*" reason="Don't IRC as root!">
<badhost host="*@198.51.100.0/24" reason="This subnet is bad.">
# exception: Hosts that are exempt from [KGZ]-lines.
<exception
# host: ident@hostname to exempt.
# Wildcards and CIDR (if you specify an IP) can be used.
host="*@serverop.example.com"
# reason: Reason for exception. Only shown in /STATS e.
reason="Oper's hostname">
#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional tag allows you to specify how wide a G-line, E-line, #
# K-line, Z-line or Q-line can be before it is forbidden from being #
# set. By setting hostmasks="yes", you can allow all G-, K-, E-lines, #
# no matter how many users the ban would cover. This is not #
# recommended! By setting ipmasks="yes", you can allow all Z-lines, #
# no matter how many users these cover too. Needless to say we #
# don't recommend you do this, or, set nickmasks="yes", which will #
# allow any Q-line. #
# #
<insane
# hostmasks: Allow bans with insane hostmasks. (over-reaching bans)
hostmasks="no"
# ipmasks: Allow bans with insane ipmasks. (over-reaching bans)
ipmasks="no"
# nickmasks: Allow bans with insane nickmasks. (over-reaching bans)
nickmasks="no"
# trigger: What percentage of users on the network to trigger
# specifying an insane ban as. The default is 95.5%, which means
# if you have a 1000 user network, a ban will not be allowed if it
# will be banning 955 or more users.
trigger="95.5">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# MODULES #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# Well done, you've reached the end of the basic configuration, your #
# ircd should now start if you want to try it out! (./inspircd start) #
# #
# We now suggest you read and edit modules.conf, as modules are what #
# provide almost all the features of InspIRCd. :) #
# #
# The default does nothing -- we include it for simplicity for you. #
#<include file="examples/modules.conf.example">
#-#-#-#-#-#-#-#-#-#-#-# SERVICES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# If you use services you will probably want to include one of the #
# following files which set up aliases, nick reservations and filter #
# exemptions for services pseudoclients: #
#
# Anope users should uncomment this:
#<include file="examples/services/anope.conf.example">
#
# Atheme users should uncomment this:
#<include file="examples/services/atheme.conf.example">
#
# Users of other services should uncomment this:
#<include file="examples/services/generic.conf.example">
#########################################################################
# #
# - InspIRCd Development Team - #
# https://www.inspircd.org #
# #
#########################################################################
|