unrealircd

- supernets unrealircd source & configuration
git clone git://git.acid.vegas/unrealircd.git
Log | Files | Refs | Archive | README | LICENSE

unrealircd.remote.conf (7507B)

      1 @define $VOID "8,4   E N T E R   T H E   V O I D   ";
      2 
      3 admin {
      4 	"4Administrator: Brandon Brown      14(aka MRCHATS)  6branbran89@supernets.org";
      5 	"    4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org";
      6 	"        4Sales: Branthony Bronson  14(aka pyrex)    6showercaphandgun@supernets.org";
      7 	"";
      8 	"Feel free to chat with us in #5000 for network help & support!";
      9 }
     10 
     11 alias botserv { type services; }
     12 alias bs { target botserv; type services; }
     13 alias chanserv { type services; }
     14 alias cs { target chanserv; type services; }
     15 alias hostserv { type services; }
     16 alias hs { target hostserv; type services; }
     17 alias nickserv { type services; }
     18 alias ns { target nickserv; type services; }
     19 alias operserv { type services; }
     20 alias os { target operserv; type services; }
     21 
     22 class clients { pingfreq 120; maxclients  100; sendq  25M; recvq 32k; }
     23 class known   { pingfreq 120; maxclients  250; sendq  50M; recvq 32k; }
     24 class local   { pingfreq 300; maxclients 1000; sendq  50M; options { nofakelag; } }
     25 class tor     { pingfreq 300; maxclients  100; sendq  25M; }
     26 class servers { pingfreq 300; maxclients   20; sendq 100M; connfreq 15; }
     27 
     28 allow { mask *;                              class clients; maxperip 2;    global-maxperip 2; }
     29 allow { mask { security-group known-users; } class known;   maxperip 3;    global-maxperip 3; }
     30 allow { mask { 127.0.0.1; ::1;             } class local;   maxperip 1000; global-maxperip 1000; password "simpsonsfan"; }
     31 allow { mask { 127.0.0.2;                  } class tor;     maxperip 100;  global-maxperip 100; }
     32 
     33 listen { ip *; port 6660–6669; options { clientsonly;      } }
     34 listen { ip *; port 7000;      options { clientsonly;      } }
     35 listen { ip *; port REDACTED;  options { serversonly; tls; } }
     36 
     37 #require authentication {
     38 #	mask { *@127.0.0.2; }
     39 #	reason "$VOID";
     40 #}
     41 
     42 deny channel { channel "#help";     reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
     43 deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange";  redirect "#exchange";  }
     44 
     45 link irc.supernets.org {
     46 	incoming { mask REDACTED; }
     47 	outgoing {
     48 		bind-ip *;
     49 		hostname REDACTED;
     50 		port REDACTED;
     51 		options { tls; autoconnect; }
     52 	}
     53 	password "REDACTED" { spkifp; }
     54 	class servers;
     55 }
     56 
     57 log {
     58 	source { error; fatal; warn; }
     59 	destination { file "ircd.log" { maxsize 5M; } }
     60 }
     61 
     62 log {
     63 	source { !debug; all; }
     64 	destination { channel "#syslog"; }
     65 }
     66 
     67 tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
     68 
     69 ulines { services.supernets.org; }
     70 
     71 blacklist dronebl {
     72 	dns {
     73 		name dnsbl.dronebl.org;
     74 		type record;
     75 		reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
     76 	}
     77 	action gzline;
     78 	ban-time 30d;
     79 	reason "$VOID";
     80 }
     81 
     82 blacklist efnetrbl {
     83 	dns {
     84 		name rbl.efnetrbl.org;
     85 		type record;
     86 		reply { 1; 4; 5; }
     87 	}
     88 	action gzline;
     89 	ban-time 30d;
     90 	reason "$VOID";
     91 }
     92 
     93 blacklist torbl {
     94 	dns {
     95 		name torexit.dan.me.uk;
     96 		type record;
     97 		reply { 100; }
     98 	}
     99 	action gzline;
    100 	ban-time 30d;
    101 	reason "$VOID";
    102 }
    103 
    104 set {
    105 	kline-address "enterthevoid@supernets.org";
    106 	gline-address "enterthevoid@supernets.org";
    107 	modes-on-connect "+iIpTx";
    108 	modes-on-oper "+Hq";
    109 	snomask-on-oper "+o";
    110 	modes-on-join "+ns";
    111 	level-on-join "op";
    112 	restrict-usermodes "ips";
    113 	restrict-channelmodes "nLpPs";
    114 	restrict-commands {
    115 		channel-message { except { connect-time 5;   identified yes; reputation-score 100; } }
    116 		channel-notice  { except { connect-time 15;  identified yes; reputation-score 100; } }
    117 		invite          { except { connect-time 300; identified yes; reputation-score 100; } }
    118 		join            { except { connect-time 5;   identified yes; reputation-score 100; } }
    119 		list            { except { connect-time 5;   identified yes; reputation-score 100; } }
    120 		private-message { except { connect-time 300; identified yes; reputation-score 100; } }
    121 		private-notice  { except { connect-time 300; identified yes; reputation-score 100; } }
    122 	}
    123 	oper-auto-join "#syslog";
    124 	who-limit 1;
    125 	nick-length 20;
    126 	maxchannelsperuser 10;
    127 	channel-command-prefix "`!@$.";
    128 	topic-setter nick;
    129 	ban-setter nick;
    130 	options { hide-ulines; flat-map; identd-check; }
    131 	network-name "SuperNETs";
    132 	default-server "irc.supernets.org";
    133 	services-server "services.supernets.org";
    134 	sasl-server "services.supernets.org";
    135 	help-channel "#superbowl";
    136 	cloak-method ip;
    137 	cloak-keys {
    138 		"REDACTED";
    139 		"REDACTED";
    140 		"REDACTED";
    141 	}
    142 	cloak-prefix "SUPER";
    143 	plaintext-policy {
    144 		user warn;
    145 		oper deny;
    146 		server deny;
    147 		user-message "4WARNING: You are not on a secure TLS connection";
    148 		oper-message "Network operators must be on a secure TLS connection";
    149 	}
    150 	outdated-tls-policy {
    151 		user warn;
    152 		oper deny;
    153 		server deny;
    154 		user-message "4WARNING: You are using an outdated TLS protocol or cipher";
    155 		oper-message "Network operators must be using an up-to-date TLS protocol & cipher";
    156 	}
    157 	anti-flood {
    158 		channel {
    159 			profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
    160 			boot-delay 75;
    161 			split-delay 75;
    162 		}
    163 		everyone {
    164 			connect-flood 3:60;
    165 			handshake-data-flood {
    166 				amount 4k;
    167 				ban-action kill;
    168 			}
    169 		}
    170 		known-users {
    171 			away-flood    10:300;
    172 			invite-flood  10:300;
    173 			knock-flood   10:300;
    174 			join-flood	  10:300;
    175 			nick-flood    10:300;
    176 			max-concurrent-conversations { users 5; new-user-every 60s; }
    177 			lag-penalty 10; # update?
    178 			lag-penalty-bytes 0;
    179 		}
    180 		unknown-users {
    181 			away-flood    3:300;
    182 			invite-flood  3:300;
    183 			knock-flood   3:300;
    184 			join-flood    3:300;
    185 			nick-flood    3:300;
    186 			max-concurrent-conversations { users 2; new-user-every 120s; }
    187 			lag-penalty 25;
    188 			lag-penalty-bytes 90;
    189 		}
    190 	}
    191 	default-bantime 30d;
    192 	modef-default-unsettime 5;
    193 	spamfilter {
    194 		ban-time 30d;
    195 		ban-reason "$VOID";
    196 		utf8 yes;
    197 		except "#anythinggoes";
    198 	}
    199 	max-targets-per-command { kick 1; part 1; privmsg 1; }
    200 	hide-ban-reason yes;
    201 	reject-message {
    202 		gline                "$VOID";
    203 		kline                "$VOID";
    204 		password-mismatch    "$VOID";
    205 		server-full          "$VOID";
    206 		too-many-connections "$VOID";
    207 		unauthorized         "$VOID";
    208 	}
    209 	antimixedutf8 {
    210 		score 8;
    211 		ban-action block;
    212 		ban-reason "$VOID";
    213 	}
    214 	connthrottle {
    215 		except        { reputation-score 100; identified yes; webirc yes; }
    216 		new-users     { local-throttle 20:60; global-throttle 30:60;      }
    217 		disabled-when { reputation-gathering 1w; start-delay 3m;          }
    218 		reason "$VOID";
    219 	}
    220 	history {
    221 		channel {
    222 			playback-on-join { lines 1000; time 1d; }
    223 			max-storage-per-channel {
    224 				registered   { lines 1000; time 1d; } 
    225 				unregistered { lines 100;  time 1h; } 
    226 			}
    227 		}
    228 	}
    229 	manual-ban-target ip;
    230 	hide-idle-time { policy always; }
    231 	whois-details {
    232 		bot         { everyone none; self full; oper full; } 
    233 		channels    { everyone none; self full; oper full; }
    234 		oper        { everyone none; self full; oper full; } 
    235 		reputation  { everyone full; self full; oper full; }
    236 		server      { everyone none; self full; oper full; }
    237 		swhois      { everyone full; self full; oper full; }
    238 	}
    239 }
    240 
    241 hideserver {
    242 	disable-map yes;
    243 	disable-links yes;
    244 	map-deny-message "$VOID";
    245 	links-deny-message "$VOID";
    246 }
    247 
    248 security-group known-users {
    249 	identified yes;
    250 	reputation-score 10000;
    251 }
    252 
    253 security-group tor {
    254 	ip 127.0.0.2;
    255 }
    256 
    257 set known-users {
    258 	auto-join "#superbowl";
    259 }
    260 
    261 set unknown-users {
    262 	auto-join "#blackhole";
    263 	static-quit "EMO-QUIT";
    264 	static-part "EMO-PART";
    265 }
    266 
    267 set tor {
    268 	auto-join "#tor";
    269 	static-quit "EMO-QUIT";
    270 	static-part "EMO-PART";
    271 }
    272 
    273 ban nick {
    274 	mask "*ac*d*v*ga*";
    275 	reason "$VOID"	
    276 }
    277 
    278 ban nick {
    279 	mask "MemoServ"
    280 	reason "$VOID";
    281 }