#!/usr/local/sbin/ezbounce # ^--- replace this with the actual path and give this file execute # permissions so you can do ./sample.conf and run your server # # ################################################## # # ezbounce sample configuration file # # last updated: April 22, 2002 # # # This file lists all the config options available and describes # them and provides examples of their use. # ################################################## # # First some basic options, such as log file and ports # # # Ports # This tells ezbounce what ports to listen on. # You can enter a single number, or seperate multiple ones with commas. listen 6667,6668,57000 # some more examples #listen 6668 #listen 6667,6669,7000,6660,6666,5000 # # If you want to listen for connections on a different interface, try # this: # set listen-vhost my.different.vhost # # Set a logfile. If you really don't want one, you can set it to # something like /dev/null. But they are a good idea. set logfile ezbounce.log # # Write a pid file? If yes, ezbounce will write its pid to a file so # you can use a script like the included ezbchk to see if its # running and restart it if it is not set pidfile ezbounce.pid # # Message of the Day.. it is displayed whenever you connect to ezbounce and # login. set motd-file sample.MOTD # # the user file: this is where users preferences will be stored # on disk set userfile ezb.user # # ezbounce can log users' chats while they are detached. # (this is explained in detail below) # where should we store these log files? set log-dir logs # # How long do we wait for a user to register? # (this is in seconds, is optional and defaults to 45) set max-registration-time 20 # # How many tries do people get at giving the correct password? # (setting this to 0 disables this feature) set max-failed-passwords 3 # # Maximum number of sockets that ezbounce will use. # # This implies that there is now a finite limit on the number of sockets # that ezbounce will use. This is true. This may seem restrictive, but # results in much simpler and faster code in the socket event processing. # # Default is 128, which is enough for most people. Minimum value # permitted is 10. You decide how many you need; keep in mind that each # client will need 2 sockets (one for him, and one for connection to server). set max-sockets 128 ########################################## # SSL Support ########################################## # # ezbounce now supports SSL for both incoming # and outgoing connections. # # Make sure you have SSL support compiled in. # To do this, run ./configure --with-ssl # and re-build ezbounce. # # Read README.SSL for more details # # the cert-file to use for negotiating SSL connections # (this can be generated with the make_key script in # the misc/ directory) # set cert-file ezb.cert # # ports to listen for SSL connection on # ssl-listen 6661, 1450 ########################################## # BANNING PEOPLE ########################################## # # With the deny ruleset, you can ban people from using your proxy # and connecting to certain places. # # the syntax is: # # deny { # from
[on ports] [reason] # to
[on ports] [reason] # } # # Ports and address are same as in the allow ruleset. Reason is the reason # for banning. It is optional, and defaults to # "No reason was given!" # # At least one from or to field required. You do not need both. If you use # both, clients only from the 'from' address will be banned to use # the addresses in the 'to' fields. Examples are below. # # # A basic deny block. Ban people from aol on all ports and compuserve # people on port 6969 deny { from *.aol.com AOL users are not welcome here. from *.compuserve.* on 6969 AOL users are not welcome here. } # # deny ALL users on the proxy from connecting to ports below 1024 # and to irc.badserver.com deny { to * on 0-1024 to irc.badserver.com } # # Here we have a from entry AND a to entry. It # prevents our friends from *.asdf.com and generic-isp.net from # connecting to dalnet servers. deny { from *.asdf.com from *.generic-isp.net to *.dal.net } ######################################################### # User Accounts ######################################################### # # ezbounce 1.0+ is now entirely user-account based ... # # This is the most important part. It lets you control # who get to use the proxy, where they may connect, and other # options like passwords. # # # Let's define a basic user named bob # user bob { # # a few basic options for this user: # # password for the user to log in to the bouncer set password blahblah # (so, to log in as bob, you would connect to ezb and type: # /quote login bob blahblah # ) # Want this user to be an admin? Then set this to 1 set is-admin 0 ######################## # Allow rulesets # # The basic syntax for allow is: # allow { # [number] from
[on ports] # [number] to
[on ports] # } # # The items in []'s are optional, while the ones in <>'s are required. # Here are what the items mean: # # number - how many users to permit to or from
. # defaults to -1, or unlimited. # address - can be an ip address, resolved name; you can use wildcards # or * to specify 'all' # ports - for 'from' fields it controls what ports clients are # allowed to connect on and for 'to' fields # it controls what ports client are allowed to connect to. # Defaults to 'all'. '-' can be used to indicate range. # # Other things: # # * An 'allow' ruleset MUST have at least on from and one to field. # # * The from fields indicate what and how many clients can be allowed and # the to fields specify where and how many of them can connect. # # * ezbounce will do reverse lookups if needed when checking addresses. # for example: if you set it to allow conections to irc.blah.com which # happens to have the ip address 69.69.69.69, # users connecting to the ip address will be allowed to do so. # Example of an allow ruleset: # Allow 5 people from anywhere to connect to irc.* servers on # ports 6660 through 6969, but only two of them may connect at once. allow { 5 from * 2 to irc.* 6660-6969 } # allow an unlimited amount people from *.generic-isp.com # to connect anywhere they want on any port allow { from *.generic-isp.com to * } # you can have multiple from and to fields allow { 5 from *.home.com 1 from 152.168.2.* 17 from localhost from *.blah.com to 199.* 6667 1 to irc.prison.net 6667 to us.undernet.org 7000 } # you can also, of course, ban people from loggin in as this # user: deny { from *.bad.host.net from 129.142.* } # # The detach system is very cool -- You can disconnect from # ezbounce and it will still maintain your IRC session, and log it, # until you reconnect and reattach to it # # # Allow clients to use the 'detach' command? Please see the README file # if you don't know what this does! set enable-detach-command 1 # # automatically detach user at all times. useful for maintaining # conenction # full time. # # user will always be detached unless he uses /quote ezb quit set enable-auto-detach 1 # # Enables or disables the use of the INTERFACE and VHOST command. # Defaults to 1. set enable-vhost-command 1 # # A default vhost to use for this user when making connections. #set default-vhost 127.0.0.1 # # Fake idents: read about it in mdidentd/README # Both default to 0 set enable-fake-idents 1 set auto-fake-idents 1 # # auto-server option, which automatically connects users to an IRC # server as soon as they succesfully connect to the ezbounce proxy. # server: which server to connect to # port: (optional) which port to use # pass: (optional) password to use on IRC server #set auto-server [:port] [pass] # How long can a user remain idle on the proxy before # he connects to an IRC server? set max-idle-time 500 # # If clients lose connections to their IRC servers, should they be disconnected # from ezbounce too? If so, set this to 1. This may cause problems with some # clients (not sure). set drop-on-disconnect 1 ########################### # DCC Proxying ############### # # Read 'README' for all the juicy details. Basically this is transparent # DCC proxying; no special settings required for the client. Ezbounce # intercepts DCC requests and manipulates them so that it acts as a middle # man in the request. # # Enable outgoing? That is, from the ezbounce user client to the outside # world set enable-outgoing-dcc-proxying 0 # Enable incoming DCC proxying? (From the outside world to the folks using # your ezbounce proxy set enable-incoming-dcc-proxying 0 ################################### # Chat Logging ############### # ezbounce can log users' messages while they are detached. # Here are a few options that control this: # # permit logging of private messages # set enable-private-logging 1 # # permit logging of channels set enable-public-logging 1 # # let users store logs in seperate files (that is, one for chan, one for # private) set enable-seperate-logging 1 # # The default log options # # Currently set at: log all, log seperate, time stamp events # # Full list of options: # a - log all (combines p and c) # s - log to seperate files # p - log private # c - log channels # n - log nothing! # t - timestamp events # f - log full addresses always # set default-log-options ast # # This sets the maximum log file size # if '0', then there will not be a limit set max-logfile-size 0 } #################################### # THE ADMIN ACCOUNT ################################## # # To define an admin, you simply need to make # a regular user, and add the line: # set is-admin 1 user murat { set password uberpass allow { from 127.0.0.1 from *.blahblah.com to * } # this is the important line :) set is-admin 1 set enable-detach-command 1 set enable-private-logging 1 set enable-public-logging 1 set default-log-options apcs set enable-incoming-dcc-proxying 1 set enable-outgoing-dcc-proxying 1 set enable-fake-idents 1 # he can use any vhost he wants vhosts { all } } #################################### # VHOSTS #################################### # # If you defined a user with # set enable-vhost-command 1 # # then he can connect to IRC servers on a differnt vhost. # You define the allowed vhosts as follows: vhosts { eleet.vhost.com super.eleet.vhost.com your.mom.likes.to.have.sex.with.your.dad.com } ## you can also do this: # vhosts { # all # } # (this will let you use any vhost on the box) #################################### # More users #################################### # # Define a basic user steve # allow him from anywhere, and let him connect anywhere # let him use dcc proxying, fake idents, and the detach # command # user steve { allow { from * to * } # actually, we don't want him connecting to dalnet :) deny { to *.dal.net DALnet sucks :) } set password afresh set enable-incoming-dcc-proxying 1 set enable-outgoing-dcc-proxying 1 set enable-detach-command 1 set enable-auto-detach 1 set enable-vhost-command 1 set enable-fake-idents 1 } # # one more user # we'll restrict his options a bit user habib { set password blahblah99 allow { 4 from * to irc.* on 6667 } deny { to *.undernet.org } set enable-fake-idents 0 set enable-detach-command 1 set enable-incoming-dcc-proxying 0 set enable-outgoing-dcc-proxying 0 set enable-vhost-command 0 } #################################### # Other options #################################### # # The are the boring options that nobody cares about. # # # This option is for DCC proxying ... # # Some people have restrictive network settings and what the DCC ports # to fall in a certain range. Try this option: # (you may use any combination of ranges and commas) # set dcc-listen-port-range 4500-4600,7000,7005 # # Drop unauthorized connections silently ? (If you're really paranoid) set silent-rejection 1 # # Prevent clients from making the proxy connect to itself? This is a good idea set prevent-self-connects 1 # # This option controls how long ezbounce will wait for a dns lookup # request to complete. Setting it to a high value will make ezbounce # wait more, but the proxy will not respond to other clients # during that period. # # Setting it to a low value will make ezbounce more impatient, preventing # other clients from being 'locked out' for long periods of time, # but a value too short can cause ruleset-related dns lookups to # fail prematurely and prevent legitimate users from using the server # and connecting to irc servers. # # For most people a value between 9 and 15 should be fine. # # And this is in seconds. set max-dns-wait-time 12 # # This is another DNS-lookup related option. # # # It controls whether ezbounce will do reverse lookups if needed # while determining if someone is allowed to use the proxy and # if they're allowed to connect to a certain server. # Normally, if you have something like 'from xxx.host.com' in one of your # allow rule-sets ezbounce does a dns lookup on a clients ip so that # it can be compared with your rules. Enabling this options stops # the dns lookup part from happening. # # This option has some pros and cons, the pro being that it will # speed things up somewhat as ezbounce will not have to do as many # dns lookups. # # The downside is that, if you choose to enable this option, # you *MUST* use IP addresses in the 'from' fields of all your # rulesets. You can't do 'from *.com' because ezbounce will not # reverse lookup a clients ip and then compare it to *.com, blocking # out potential legitimate users. # # Also, for 'to' fields, you will need to supply both ip and # non-ip forms. If you have 'to irc.server.com' in a deny ruleset # and not its ip address, a user can easily get past your ban # by using 'conn ' # # IN SHORT, unless you know what you're doing, leave this at 0. set no-reverse-lookups 0 # # This option controls whether or not to destroy a client # if his input buffer becomes full. This is generally a good idea # as it prevents abusers from doing Bad Things like # # telnet your.ip 6667 < /dev/zero set kill-on-full-queue 1 # updated by Andryan # Apr 13, 2002 22.30 GMT +7 # Blitzed IRC Network - irc.blitzed.org