Changeset 807 for trunk/ithildin/modules/ircd/etc/acl.conf

Timestamp:

06/04/07 21:17:16 (5 years ago)

Author:

wd

Message:

The config-files here got nuked somehow (??). Undo the damage, update them
a little, and also update dependencies for the 1459 protocol.

File:

• trunk/ithildin/modules/ircd/etc/acl.conf (modified) (1 diff)

trunk/ithildin/modules/ircd/etc/acl.conf

@@ +1 @@
+// $Id$
+
+/*
+** acl section
+** this section defines access control rules for the server.  access is
+** controlled by host masks.  Hostmasks may have several forms:  they may be
+** in CIDR form (ip/bits), standard pattern form, or 'host' pattern form
+** (see doc/hostmatch.txt).  ACLs are handled in a first matched fashion,
+** and should be added in the order of most specific to least specific in
+** the conf file.  Alternatively, you may give your ACLs rule numbers and
+** order them that way.  Some examples are provided below.
+**
+** ACLs come in three stages:
+** stage one (where former Z:lines and throttles were placed) is evaluated
+** as soon as a socket connection is made.  stage one checks are only valid
+** against IP address, and no username is available.  stage one checks occur
+** before any resources are really allocated to the connection.
+**
+** stage two (not available in previous daemons) is evaluated directly after
+** dns and ident checks have been performed on the connection, but before it
+** is known whether the connection wishes to register as a client or server.
+** these can be useful to block abusive connections from users in a variable
+** IP range trying to register as servers.  it can also be used as a
+** draconian means of forcing EVERY connection to have ident.
+**
+** stage three (I:lines, K:lines, etc) is evaluated when a client attempts
+** to register on the server.  it only effects *clients* (unlike the other
+** two stages), and has several more options.  some examples are listed
+** below.
+*/
+
+/*
+** These two specify the default rule numbers for ACLs.  The first is the
+** default for 'runtime' ACLs (that is, ACLs added from commands the server
+** handles).  The second is the default for 'configured' ACLs (the ACLs in
+** this file).  They are commented out, but have their default values below.
+** Also, when ACLs are added rule numbers *do not* automatically increment.
+** Valid rules are 0-65535.
+*/
+//default-acl-rule 1000;
+//default-acl-conf-rule 2000;
+
+// deny all connections from localhost
+acl {
+    stage 1;                // be sure to check right away
+    host "127.0.0.0/8";
+    access deny;
+    reason "please do not connect from localhost";
+};
+
+// deny connections from the '0::/16' IPv6 prefix (this tends to cause a lot
+// of protocol problems on IRC
+acl {
+    stage 1;
+    host "0::/16";
+    access deny;
+    reason "please do not connect from the 0:: prefix";
+};
+
+// and of course, all other stage one connections are allowed.
+
+// allow users of an internal network to always connect.  do this by placing
+// this ACL at a high rule position (rule 100 here).
+acl 100 {
+    // if no stage is specified, stage 3 is assumed
+    host "*@192.168.42.*";
+    access allow;                // this overrides all other types
+    class ereet;                // the class specification is optional, but
+                                // recommended.  put them in a special class
+};
+
+// deny connections from users who aren't running identd
+acl {
+    host "~*@*";
+    access deny;
+    reason "please enable the auth/ident (rfc1413) service on your computer";
+};
+
+// now make sure to allow all other connections through.  remember to keep
+// broad ACLs such as this at the bottom of the file!
+acl {
+    host "*";
+    access allow;
+    class clients;
+};
+