4
mirror of git://git.acid.vegas/unrealircd.git synced 2024-11-27 10:26:54 +00:00

Hidden service changes

This commit is contained in:
Dionysus 2023-09-30 20:41:45 -04:00
parent e6a345f083
commit d266e652b7
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
3 changed files with 27 additions and 215 deletions

View File

@ -6,13 +6,26 @@ except ban {
type { all; } type { all; }
} }
# Tor Hidden Service
except ban {
mask { ip 127.0.0.2; }
type { blacklist; connect-flood; maxperip; handshake-data-flood; }
}
# Local # Local
except ban { except ban {
mask { mask {
ip { 127.0.0.1; ::1; } ip { 127.0.0.1; ::1; }
#ip { 0.0.0.0; } ip { 198.251.80.56; } # blackhole
ip { 37.187.119.203; 51.75.161.177; 135.125.132.246; 151.80.60.156; } ip { 149.202.251.251; } # blackflag
ip { 2001:41d0:801:2000::1099; 2001:41d0:302:2200::43c; 2001:41d0:701:1100::5772; } ip { 54.36.102.218; } # contra
ip { 45.61.188.116; } # darpa
ip { 51.89.151.158; } # gator
ip { 198.98.52.138; } # nutty
ip { 45.153.48.83; } # scram
ip { 107.174.158.185; } # shrimp
ip { 65.75.209.67; } # war
ip { 139.144.202.79; } # wildwest
} }
type { all; } type { all; }
} }

View File

@ -22,18 +22,26 @@ alias os { target operserv; type services; }
class clients { pingfreq 120; maxclients 100; sendq 25M; recvq 32k; } class clients { pingfreq 120; maxclients 100; sendq 25M; recvq 32k; }
class known { pingfreq 120; maxclients 250; sendq 50M; recvq 32k; } class known { pingfreq 120; maxclients 250; sendq 50M; recvq 32k; }
class local { pingfreq 300; maxclients 1000; sendq 50M; options { nofakelag; } } class local { pingfreq 300; maxclients 1000; sendq 50M; options { nofakelag; } }
class servers { pingfreq 120; maxclients 10; sendq 100M; connfreq 15; } class tor { pingfreq 300; maxclients 100; sendq 25M; }
class servers { pingfreq 120; maxclients 10; sendq 100M; connfreq 15; }
allow { mask *; class clients; maxperip 2; global-maxperip 2; } allow { mask *; class clients; maxperip 2; global-maxperip 2; }
allow { mask { security-group known-users; } class known; maxperip 3; global-maxperip 3; } allow { mask { security-group known-users; } class known; maxperip 3; global-maxperip 3; }
allow { mask { 127.0.0.1; ::1; } class local; maxperip 1000; global-maxperip 1000; password "simpsonsfan"; } allow { mask { 127.0.0.1; ::1; } class local; maxperip 1000; global-maxperip 1000; password "simpsonsfan"; }
allow { mask { 127.0.0.2; } class tor; maxperip 100; global-maxperip 100; }
listen { ip *; port 66606669; options { clientsonly; } } listen { ip *; port 66606669; options { clientsonly; } }
listen { ip *; port 7000; options { clientsonly; } } listen { ip *; port 7000; options { clientsonly; } }
listen { ip *; port REDACTED; options { serversonly; tls; } } listen { ip *; port REDACTED; options { serversonly; tls; } }
#listen {
# file "/etc/tor/unrealircd/tor_ircd.socket";
# mode 0777;
# spoof-ip 127.0.0.2;
# options { tls; }
#}
#require authentication { #require authentication {
# mask { ip *; } # mask { *@127.0.0.2; }
# reason "$VOID"; # reason "$VOID";
#} #}

View File

@ -1,209 +0,0 @@
@define $VOID "8,4 E N T E R T H E V O I D ";
admin {
"4Administrator: Brandon Brown 14(aka MRCHATS) 6branbran89@supernets.org";
" 4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org";
" 4Sales: Branthony Bronson 14(aka pyrex) 6showercaphandgun@supernets.org";
"";
"Feel free to chat with us in #5000 for network help & support!";
}
alias botserv { type services; }
alias bs { target botserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias hostserv { type services; }
alias hs { target hostserv; type services; }
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias operserv { type services; }
alias os { target operserv; type services; }
class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } }
class servers { pingfreq 120; maxclients 10; sendq 50M; connfreq 15; }
allow { mask { ip 0.0.0.0; class clients; maxperip 100; global-maxperip 100; }
listen { ip *; port REDACTED; options { serversonly; tls; } }
listen { file "/etc/tor/unrealircd/tor_ircd.socket"; mode 0777; spoof-ip 127.0.0.2; options { tls; } }
#require authentication {
# mask { ip 0.0.0.0; }
# reason "$VOID";
#};
deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; }
deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; }
link irc.supernets.org {
incoming { mask REDACTED; }
outgoing {
bind-ip *;
hostname REDACTED;
port REDACTED;
options { tls; autoconnect; }
}
password "REDACTED" { spkifp; }
class servers;
}
log {
source { error; fatal; warn; }
destination { file "ircd.log" { maxsize 5M; } }
}
log {
source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; }
destination { channel "#syslog"; }
}
tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
ulines { services.supernets.org; }
set {
kline-address "enterthevoid@supernets.org"; # replace with onion address
gline-address "enterthevoid@supernets.org"; # replace with onion address
modes-on-connect "+iIpTx";
modes-on-oper "+Hq";
snomask-on-oper "+o";
modes-on-join "+ns";
level-on-join "op";
restrict-usermodes "ips";
restrict-channelmodes "nLpPs";
restrict-commands {
channel-message { except { connect-time 15; identified yes; } }
channel-notice { except { connect-time 60; identified yes; } }
invite { except { connect-time 300; identified yes; } }
join { except { connect-time 15; identified yes; } }
list { except { connect-time 30; identified yes; } }
private-message { except { connect-time 300; identified yes; } }
private-notice { except { connect-time 300; identified yes; } }
}
auto-join "#tor";
who-limit 0;
nick-length 20;
maxchannelsperuser 10;
channel-command-prefix "`!@$.";
topic-setter nick;
ban-setter nick;
options { hide-ulines; flat-map; identd-check; }
network-name "SuperNETs";
default-server "irc.supernets.org";
services-server "services.supernets.org";
sasl-server "services.supernets.org";
help-channel "#superbowl";
cloak-method ip;
cloak-keys {
"REDACTED";
"REDACTED";
"REDACTED";
}
cloak-prefix "ONION";
#tls {
# options { fail-if-no-clientcert; }
#}
outdated-tls-policy {
user warn;
oper deny;
server deny;
user-message "4WARNING: You are using an outdated TLS protocol or cipher";
oper-message "Network operators must be using an up-to-date TLS protocol & cipher";
}
anti-flood {
channel {
profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
boot-delay 75;
split-delay 75;
}
everyone {
away-flood 3:300;
invite-flood 3:300;
knock-flood 3:300;
handshake-data-flood {
amount 4k;
ban-action gzline;
ban-time 1h;
}
}
known-users {
connect-flood 10:300;
join-flood 10:300;
nick-flood 10:300;
max-concurrent-conversations { users 5; new-user-every 60s; }
lag-penalty 10; # update?
lag-penalty-bytes 0;
}
unknown-users {
connect-flood 3:300;
join-flood 3:300;
nick-flood 3:300;
max-concurrent-conversations { users 2; new-user-every 120s; }
lag-penalty 1000;
lag-penalty-bytes 90;
}
}
default-bantime 30d;
modef-default-unsettime 5;
spamfilter {
ban-time 30d;
ban-reason "$VOID";
utf8 yes;
except "#anythinggoes";
}
max-targets-per-command { kick 1; part 1; privmsg 1; }
hide-ban-reason yes;
reject-message {
gline "$VOID";
kline "$VOID";
password-mismatch "$VOID";
server-full "$VOID";
too-many-connections "$VOID";
unauthorized "$VOID";
}
antimixedutf8 {
score 8;
ban-action block;
ban-reason "$VOID";
}
connthrottle {
except { reputation-score 100; identified yes; webirc yes; }
new-users { local-throttle 20:60; global-throttle 30:60; }
disabled-when { reputation-gathering 1w; start-delay 3m; }
reason "$VOID";
}
history {
channel {
playback-on-join { lines 1000; time 1d; }
max-storage-per-channel {
registered { lines 1000; time 1d; }
unregistered { lines 100; time 1h; }
}
}
}
manual-ban-target ip;
hide-idle-time { policy always; }
whois-details {
channels { everyone none; self full; oper full; }
reputation { everyone full; }
server { everyone none; self full; oper full; }
swhois { everyone full; }
}
}
set unknown-users {
static-quit "EMO-QUIT";
static-part "EMO-PART";
}
hideserver {
disable-map yes;
disable-links yes;
map-deny-message "$VOID";
links-deny-message "$VOID";
}
security-group known-users {
identified yes;
}