diff --git a/doc/conf/except.conf b/doc/conf/except.conf index 54bf9cf..85fae4b 100644 --- a/doc/conf/except.conf +++ b/doc/conf/except.conf @@ -6,13 +6,26 @@ except ban { type { all; } } +# Tor Hidden Service +except ban { + mask { ip 127.0.0.2; } + type { blacklist; connect-flood; maxperip; handshake-data-flood; } +} + # Local except ban { mask { - ip { 127.0.0.1; ::1; } - #ip { 0.0.0.0; } - ip { 37.187.119.203; 51.75.161.177; 135.125.132.246; 151.80.60.156; } - ip { 2001:41d0:801:2000::1099; 2001:41d0:302:2200::43c; 2001:41d0:701:1100::5772; } + ip { 127.0.0.1; ::1; } + ip { 198.251.80.56; } # blackhole + ip { 149.202.251.251; } # blackflag + ip { 54.36.102.218; } # contra + ip { 45.61.188.116; } # darpa + ip { 51.89.151.158; } # gator + ip { 198.98.52.138; } # nutty + ip { 45.153.48.83; } # scram + ip { 107.174.158.185; } # shrimp + ip { 65.75.209.67; } # war + ip { 139.144.202.79; } # wildwest } type { all; } } diff --git a/doc/conf/unrealircd.remote.conf b/doc/conf/unrealircd.remote.conf index c91d887..8396221 100644 --- a/doc/conf/unrealircd.remote.conf +++ b/doc/conf/unrealircd.remote.conf @@ -22,18 +22,26 @@ alias os { target operserv; type services; } class clients { pingfreq 120; maxclients 100; sendq 25M; recvq 32k; } class known { pingfreq 120; maxclients 250; sendq 50M; recvq 32k; } class local { pingfreq 300; maxclients 1000; sendq 50M; options { nofakelag; } } -class servers { pingfreq 120; maxclients 10; sendq 100M; connfreq 15; } +class tor { pingfreq 300; maxclients 100; sendq 25M; } +class servers { pingfreq 120; maxclients 10; sendq 100M; connfreq 15; } allow { mask *; class clients; maxperip 2; global-maxperip 2; } allow { mask { security-group known-users; } class known; maxperip 3; global-maxperip 3; } allow { mask { 127.0.0.1; ::1; } class local; maxperip 1000; global-maxperip 1000; password "simpsonsfan"; } +allow { mask { 127.0.0.2; } class tor; maxperip 100; global-maxperip 100; } listen { ip *; port 6660–6669; options { clientsonly; } } listen { ip *; port 7000; options { clientsonly; } } listen { ip *; port REDACTED; options { serversonly; tls; } } +#listen { +# file "/etc/tor/unrealircd/tor_ircd.socket"; +# mode 0777; +# spoof-ip 127.0.0.2; +# options { tls; } +#} #require authentication { -# mask { ip *; } +# mask { *@127.0.0.2; } # reason "$VOID"; #} diff --git a/doc/conf/unrealircd.tor.conf b/doc/conf/unrealircd.tor.conf deleted file mode 100644 index 3a93d4d..0000000 --- a/doc/conf/unrealircd.tor.conf +++ /dev/null @@ -1,209 +0,0 @@ -@define $VOID "8,4 E N T E R T H E V O I D "; - -admin { - "4Administrator: Brandon Brown 14(aka MRCHATS) 6branbran89@supernets.org"; - " 4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org"; - " 4Sales: Branthony Bronson 14(aka pyrex) 6showercaphandgun@supernets.org"; - ""; - "Feel free to chat with us in #5000 for network help & support!"; -} - -alias botserv { type services; } -alias bs { target botserv; type services; } -alias chanserv { type services; } -alias cs { target chanserv; type services; } -alias hostserv { type services; } -alias hs { target hostserv; type services; } -alias nickserv { type services; } -alias ns { target nickserv; type services; } -alias operserv { type services; } -alias os { target operserv; type services; } - -class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } } -class servers { pingfreq 120; maxclients 10; sendq 50M; connfreq 15; } - -allow { mask { ip 0.0.0.0; class clients; maxperip 100; global-maxperip 100; } - -listen { ip *; port REDACTED; options { serversonly; tls; } } -listen { file "/etc/tor/unrealircd/tor_ircd.socket"; mode 0777; spoof-ip 127.0.0.2; options { tls; } } - -#require authentication { -# mask { ip 0.0.0.0; } -# reason "$VOID"; -#}; - -deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; } -deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; } -deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; } - -link irc.supernets.org { - incoming { mask REDACTED; } - outgoing { - bind-ip *; - hostname REDACTED; - port REDACTED; - options { tls; autoconnect; } - } - password "REDACTED" { spkifp; } - class servers; -} - -log { - source { error; fatal; warn; } - destination { file "ircd.log" { maxsize 5M; } } -} - -log { - source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; } - destination { channel "#syslog"; } -} - -tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } } - -ulines { services.supernets.org; } - -set { - kline-address "enterthevoid@supernets.org"; # replace with onion address - gline-address "enterthevoid@supernets.org"; # replace with onion address - modes-on-connect "+iIpTx"; - modes-on-oper "+Hq"; - snomask-on-oper "+o"; - modes-on-join "+ns"; - level-on-join "op"; - restrict-usermodes "ips"; - restrict-channelmodes "nLpPs"; - restrict-commands { - channel-message { except { connect-time 15; identified yes; } } - channel-notice { except { connect-time 60; identified yes; } } - invite { except { connect-time 300; identified yes; } } - join { except { connect-time 15; identified yes; } } - list { except { connect-time 30; identified yes; } } - private-message { except { connect-time 300; identified yes; } } - private-notice { except { connect-time 300; identified yes; } } - } - auto-join "#tor"; - who-limit 0; - nick-length 20; - maxchannelsperuser 10; - channel-command-prefix "`!@$."; - topic-setter nick; - ban-setter nick; - options { hide-ulines; flat-map; identd-check; } - network-name "SuperNETs"; - default-server "irc.supernets.org"; - services-server "services.supernets.org"; - sasl-server "services.supernets.org"; - help-channel "#superbowl"; - cloak-method ip; - cloak-keys { - "REDACTED"; - "REDACTED"; - "REDACTED"; - } - cloak-prefix "ONION"; - #tls { - # options { fail-if-no-clientcert; } - #} - outdated-tls-policy { - user warn; - oper deny; - server deny; - user-message "4WARNING: You are using an outdated TLS protocol or cipher"; - oper-message "Network operators must be using an up-to-date TLS protocol & cipher"; - } - anti-flood { - channel { - profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; } - boot-delay 75; - split-delay 75; - } - everyone { - away-flood 3:300; - invite-flood 3:300; - knock-flood 3:300; - handshake-data-flood { - amount 4k; - ban-action gzline; - ban-time 1h; - } - } - known-users { - connect-flood 10:300; - join-flood 10:300; - nick-flood 10:300; - max-concurrent-conversations { users 5; new-user-every 60s; } - lag-penalty 10; # update? - lag-penalty-bytes 0; - } - unknown-users { - connect-flood 3:300; - join-flood 3:300; - nick-flood 3:300; - max-concurrent-conversations { users 2; new-user-every 120s; } - lag-penalty 1000; - lag-penalty-bytes 90; - } - } - default-bantime 30d; - modef-default-unsettime 5; - spamfilter { - ban-time 30d; - ban-reason "$VOID"; - utf8 yes; - except "#anythinggoes"; - } - max-targets-per-command { kick 1; part 1; privmsg 1; } - hide-ban-reason yes; - reject-message { - gline "$VOID"; - kline "$VOID"; - password-mismatch "$VOID"; - server-full "$VOID"; - too-many-connections "$VOID"; - unauthorized "$VOID"; - } - antimixedutf8 { - score 8; - ban-action block; - ban-reason "$VOID"; - } - connthrottle { - except { reputation-score 100; identified yes; webirc yes; } - new-users { local-throttle 20:60; global-throttle 30:60; } - disabled-when { reputation-gathering 1w; start-delay 3m; } - reason "$VOID"; - } - history { - channel { - playback-on-join { lines 1000; time 1d; } - max-storage-per-channel { - registered { lines 1000; time 1d; } - unregistered { lines 100; time 1h; } - } - } - } - manual-ban-target ip; - hide-idle-time { policy always; } - whois-details { - channels { everyone none; self full; oper full; } - reputation { everyone full; } - server { everyone none; self full; oper full; } - swhois { everyone full; } - } -} - -set unknown-users { - static-quit "EMO-QUIT"; - static-part "EMO-PART"; -} - -hideserver { - disable-map yes; - disable-links yes; - map-deny-message "$VOID"; - links-deny-message "$VOID"; -} - -security-group known-users { - identified yes; -} \ No newline at end of file