summaryrefslogtreecommitdiff
path: root/vendor/github.com/fluffle/goirc/doc/unreal32docs.html
blob: 98ca1e299b73cc4cf110ab2561d7f013d62b1501 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>UnrealIRCd - 3.2 - Official Documentation</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
 .block_section { font-size: 24; font-weight: bold; }
 .block_name { font-size: 24; font-weight: bold; }
 .block_required { color: red; font-weight: bold; }
 .block_recommended { color: green; font-weight: bold; }
 .block_optional { color: blue; font-weight: bold; }
 .block_old { font-size: 14; }
 .set { font-weight: bold; }
 .desc { margin-left: 15px; }
 pre { font: "times new roman"; font-style: normal; background-color: #eeeeee;}
</style>
</head>

<!-- $Id: unreal32docs.html,v 1.1.2.144.2.133 2009/12/06 16:52:51 syzop Exp $ -->

<body>
English | 
<a href="unreal32docs.de.html">German</a> | 
<a href="unreal32docs.es.html">Spanish</a> | 
<a href="unreal32docs.hu.html">Hungarian</a> | 
<a href="unreal32docs.fr.html">French</a> | 
<a href="unreal32docs.gr.html">Greek</a> | 
<a href="unreal32docs.nl.html">Dutch</a> | 
<a href="unreal32docs.ru.html">Russian</a> | 
<a href="unreal32docs.tr.html">Turkish</a>
<br><br>
<div align="center"><b><font size="7">UnrealIRCd</font></b><br>
  <font size="4"><a href="http://www.unrealircd.com">http://www.unrealircd.com</a></font><br>
  <font size="4">Version: 3.2.8</font><br>
  <b>Last doc update:</b> 2009-09-14</div>
<br>
  <b>Coders:</b> Stskeeps / codemastr / Syzop / Luke / aquanight / WolfSage <br>
  <b>Contributors:</b> McSkaf / Zogg / NiQuiL / assyrian / chasm / DrBin / llthangel / Griever / nighthawk<br>
  <b>Documentation:</b> CKnight^ / Syzop<br>
<p>To view this documentation you must have a compatible browser, which are listed below. Up to date docs are 
  available at <a href="http://www.vulnscan.org/UnrealIRCd/unreal32docs.html">http://www.vulnscan.org/UnrealIRCd/unreal32docs.html</a>
  and a FAQ at <a href="http://www.vulnscan.org/UnrealIRCd/faq/" TARGET="_blank">http://www.vulnscan.org/UnrealIRCd/faq/</a>.
</p>
<p><b>Compatible Browsers: </b><br>
<ul>
<li>Opera 6.02
<li>Microsoft Internet Explorer 6.X / 5.5
<li>Netscape Navigator 6.X
<li>Mozilla 1.2.X
<li>Lynx (to a point)
</ul>
</p>
<p><font size="+2"><b>INDEX / TABLE OF CONTENTS</b></font><br>
  1. <a href="#IntroductionNotes">Introduction & Notes</a><br>
  ---1.1. <a href="#notesonolder">Notes on upgrading/mixing 3.1.x -&gt; 3.2</a><br>
  ---1.2. <a href="#notesonupgrade">Notes on upgrading between 3.2 versions</a><br>
  2. <a href="#installation">Installation</a><br>
  3. <a href="#features">Features</a><br>
  -- 3.1. <a href="#feature_cloaking">Cloaking</a><br>
  -- 3.2. <a href="#feature_modules">Modules</a><br>
  -- 3.3. <a href="#feature_snomasks">Snomasks</a><br>
  -- 3.4. <a href="#feature_aliases">Aliases</a><br>
  -- 3.5. <a href="#feature_helpop">Helpop</a><br>
  -- 3.6. <a href="#feature_operaccesslevels">Oper access levels</a><br>
  -- 3.7. <a href="#feature_opercmds">Oper commands</a><br>
  -- 3.8. <a href="#feature_ssl">SSL</a><br>
  -- 3.9. <a href="#feature_ipv6">IPv6</a><br>
  -- 3.10. <a href="#feature_ziplinks">Zip links</a><br>
  -- 3.11. <a href="#feature_dyndns">Dynamic DNS/IP linking support</a><br>
  -- 3.12. <a href="#feature_antiflood">Anti-flood features</a><br>
  -- 3.13. <a href="#feature_bantypes">Ban types</a><br>
  -- 3.14. <a href="#feature_spamfilter">Spamfilter</a><br>
  -- 3.15. <a href="#feature_cidr">CIDR</a><br>
  -- 3.16. <a href="#feature_nickchars">Nick Character Sets</a><br>
  -- 3.17. <a href="#feature_cgiirc">CGI:IRC Support</a><br>
  -- 3.18. <a href="#feature_timesync">Time Synchronization</a><br>
  -- 3.19. <a href="#feature_other">Other features</a><br>
  4. <a href="#configuringyourunrealircdconf">Configuring your unrealircd.conf 
  file</a><br>
  ---4.1. <a href="#configurationfileexplained">Configuration file explained</a><br>
  ---4.2. <a href="#meblock"> Me Block -=- (M:Line)</a><br>
  ---4.3. <a href="#adminblock">Admin Block -=- (A:Line)</a><br>
  ---4.4. <a href="#classblock">Class Block -=- (Y:Line)</a><br>
  ---4.5. <a href="#allowblock">Allow Block -=- (I:Line)</a><br>
  ---4.6. <a href="#listenblock">Listen Block -=- (P:Line)</a><br>
  ---4.7. <a href="#operblock">Oper Block -=- (O:Line)</a><br>
  ---4.8. <a href="#drpassblock">DRpass Block -=-(X:Line)</a><br>
  ---4.9. <a href="#includedirective">Include Directive</a><br>
  ---4.10. <a href="#loadmoduledirective">Loadmodule Directive</a><br>
  ---4.11. <a href="#logblock">Log Block</a><br>
  ---4.12. <a href="#tldblock">TLD Block -=- (T:Line)</a><br>
  ---4.13. <a href="#bannickblock">Ban Nick Block -=- (Q:Line)</a><br>
  ---4.14. <a href="#banuserblock">Ban User Block -=- (K:Line)</a><br>
  ---4.15. <a href="#banipblock">Ban IP Block -=- (Z:Line)</a><br>
  ---4.16. <a href="#banserverblock">Ban Server Block -=-(q:Line)</a><br>
  ---4.17. <a href="#banrealnameblock">Ban Realname Block -=- (n:Line)</a><br>
  ---4.18. <a href="#banversionblock">Ban Version Block</a><br>
  ---4.19. <a href="#banexceptionblock">Ban Exception Block -=- (E:Line)</a><br>
  ---4.20. <a href="#tklexceptionblock">TKL Exception Block</a><br>
  ---4.21. <a href="#throttleexceptionblock">Throttle Exception Block</a><br>
  ---4.22. <a href="#denydccblock">Deny DCC Block -=- (dccdeny.conf)</a><br>
  ---4.23. <a href="#denyversionblock">Deny Version Block -=- (V:Line)</a><br>
  ---4.24. <a href="#denylinkblock">Deny Link Block -=- (D:Line / d:Line)</a><br>
  ---4.25. <a href="#denychannelblock">Deny Channel Block -=- (chrestrict.conf)</a><br>
  ---4.26. <a href="#allowchannelblock">Allow Channel Block</a><br>
  ---4.27. <a href="#allowdccblock">Allow DCC Block</a><br>
  ---4.28. <a href="#vhostblock">Vhost Block -=- (vhost.conf)</a><br>
  ---4.29. <a href="#badwordsblock">Badword Block -=- (badwords.conf)</a><br>
  ---4.30. <a href="#ulinesblock">Uline Block -=- (U:Line)</a><br>
  ---4.31. <a href="#linkblock">Link Block -=- (C/N/H:Lines)</a><br>
  ---4.32. <a href="#aliasblock">Alias Block</a><br>
  ---4.33. <a href="#helpblock">Help Block</a><br>
  ---4.34. <a href="#officialchannels">Official Channels Block</a><br>
  ---4.35. <a href="#spamfilter">Spamfilter Block</a><br>
  ---4.36. <a href="#cgiirc">Cgiirc Block</a><br> 
  ---4.37. <a href="#setblock">Set Block -=- (networks/unrealircd.conf)</a><br>
  ---4.38. <a href="#filesblock">Files Block</a><br />
  5. <a href="#addtlfiles">Additional Files</a><br>
  6. <a href="#userchannelmodes">User & Channel Modes</a><br>
  7. <a href="#useropercommands">User & Oper Commands</a><br>
  8. <a href="#security">Security tips/checklist</a><br>
  ---8.1. <a href="#secpasswords">Passwords</a><br>
  ---8.2. <a href="#secnonircd">Non-Ircd related vulnerabilities</a><br>
  ---8.3. <a href="#secpermissions">Permissions and the configfile</a><br>
  ---8.4. <a href="#secuser">User-related problems</a><br>
  ---8.5. <a href="#secsnif">SSL/SSH & sniffing</a><br>
  ---8.6. <a href="#secDoS">Denial of Service attacks (DoS) [or: how to protect my hub]</a><br>
  ---8.7. <a href="#secinformation">Information disclosure</a><br>
  ---8.8. <a href="#secantiexploit">Protecting against exploits</a><br>
  ---8.9. <a href="#secsummary">Summary</a><br>
  9. <a href="http://www.vulnscan.org/UnrealIRCd/faq/" target="_blank">Frequently Asked Questions (FAQ)</a><br> 
  A. <a href="#regex">Regular Expressions</a><br>
  ---A.1. <a href="#regexlit">Literals</a><br>
  ---A.2. <a href="#regexdot">Dot Operator</a><br>
  ---A.3. <a href="#regexrep">Repetition Operators</a><br>
  ---A.4. <a href="#regexbracket">Bracket Expressions</a><br>
  ---A.5. <a href="#regexassert">Assertions</a><br>
  ---A.6. <a href="#regexalt">Alternation</a><br>
  ---A.7. <a href="#regexsub">Subexpressions</a><br>
  ---A.8. <a href="#regexbackref">Back References</a><br>
  ---A.9. <a href="#regexcase">Case Sensitivity</a><br>
</p>
<p><b><font size="+2">1.0 &#8211; Introduction & Notes <a name="IntroductionNotes"></a></font></b><br>
</p><div class="desc">
<p>This document was written for exclusive use with UnrealIRCd. Use of this 
  document with another software package, or distribution of this document with 
  another software package is strictly prohibited without the written permission 
  of the UnrealIRCd Development Team. This document may be copied/printed/reproduced/published 
  as many times as you like, provided it is for use with UnrealIRCd and it is not 
  modified in anyway. &#8211; Copyright UnrealIRCd Development Team 2002-2006</p>
<p>Please read this manual before asking for help, you also REALLY want to take a look at the 
   <a href="http://www.vulnscan.org/UnrealIRCd/faq/" target="_blank">FAQ</a> since over 80% of your questions/problems are answered in it. If you still
   need help you can ask for support at irc.unrealircd.org (port 6667) channel #unreal-support (note 
   that we REQUIRE you to read the docs and faq and we only help with UnrealIRCd, not with services!). 
   If you have a real bug (like a crash) then report it at 
   <a href="http://bugs.unrealircd.org" TARGET="_blank">http://bugs.unrealircd.org</a>.</p></div>

<p><font size="+2"><b>1.1 &#8211; Notes on upgrading/mixing 3.1.x -&gt; 3.2 </b></font><a name="notesonolder"></a><br>
</p>
<div class="desc">
<p>In case you are upgrading from Unreal3.1.x to Unreal3.2 you'll notice the whole config file has changed,
   you may find it hard at first, but once you've switched you'll find it much better!</p>
<p>Also don't forget to read section 3 about features, although you know already some of them which are in 3.1.x there are several new features too!</p>
<p>It's best not to mix/link 3.1.x with 3.2, but if you really want to, you need at least 3.1.4, but 3.1.5.1 is strongly recommended.</p></div>

<p><font size="+2"><b>1.2 &#8211; Notes on upgrading between 3.2 versions</b></font><a name="notesonupgrade"></a><br>
</p><div class="desc">
<p>The recommended way to upgrade is:<br>
Linux:<br>
<ul>
<li>Rename your old UnrealIRCd directory (or otherwise you'll overwrite it in the next step)
<li>Extract the new UnrealIRCd version and run ./Config and make
<li>Copy your old configuration files to the new directory (unrealircd.conf, motd, rules, server.* [SSL certs], network file, etc)</p></ul>
Windows:<br>
<ul>
<li>Copy all of your configuration files to a temporary location.
<li>Run the uninstaller for any previous versions of Unreal you have installed.
<li>Run the installer for the new version of Unreal.
<li>Copy your old configuration files to the new folder.
</ul>
<p>Please also check .RELEASE.NOTES to see what has been changed. 
   If you notice any changes (or bugs) between version, BE SURE TO READ THE RELEASE NOTES FIRST before reporting it as a bug!.</p></div>

<p><font size="+2"><b>2.0 - Installation</b></font><a name="installation" id="installation"></a><br><div class="desc">
  <br>
  <b>Tested &amp; Supported Operating Systems:</b><br>
<ul>
<li><b>*NIX versions:</b>
<ul>
<li>Linux (2.2.*, 2.4.*, 2.6.*)
<li>FreeBSD (4.*, 5.*, 6.*)
<li>NetBSD (2.*)
<li>OpenBSD (3.7, 3.8, 3.9)
<li>Solaris (9, 10)
</ul>
<li><b>Windows version:</b>
<ul> 
<li>Windows 2000 (Pro, Server, Advanced Server)
<li>Windows XP (Home, Pro)
<li>Windows 2003 
</ul>
<li><b>Architectures tested:</b>
<ul>
<li>ia32 (i386, i486, i586, i686)
<li>ia64
<li>amd64
<li>alpha
</ul>
</ul>
  <br>
  If you have Unreal3.2 working correctly under other operating systems, please 
  send the details to <a href="mailto:coders@lists.unrealircd.org">coders@lists.unrealircd.org<br>
  </a> </p>
<p><b>Installation Instructions</b><br>
Linux:<br>
<ol>
<li>gunzip -d Unreal3.2.X.tar.gz
<li>tar xvf Unreal3.2.X.tar
<li>cd Unreal3.2
<li>./Config
<li>Answer these questions to the best of your knowledge. Generally if your not 
  sure, the default will work just fine!
<li>make
<li>Now create your unrealircd.conf and other configuration files, see section 4.
</ol>
<p>
Windows:<br>
<ol>
<li>Run the Unreal installer
<li>Now create your unrealircd.conf and other configuration files, see section 4.
</ol>
</p>
<p> </p></div>
<p><font size="+2"><b>3.0 - Features</b></font> 
  <a name="features"></a></p><div class="desc">
<p>Some major/nice features are explained in this section. It provides a general overview,
   and sometimes refers to the config file (something which you might know nothing about yet).</p>
<p>You can skip this section, however it's very much suggested to read it before/after installing
because otherwise you will not understand concepts such as 'cloaking', 'snomasks', etc.</p></div>

<p><font size="+2"><b>3.1 - Cloaking</b></font><a name="feature_cloaking"></a></p><div class="desc">
<p>Cloaking is a way to hide the real hostname of users, for example if your real host is <i>d5142341.cable.wanadoo.nl</i>,
   it will be shown (in join, part, whois, etc) as <i>rox-2DCA3201.cable.wanadoo.nl</i>. 
   This feature is useful to prevent users flooding each other since they can't see the real host/IP.</p>
<p>This is controlled by usermode +x (like: /mode yournick +x), admins can also force +x to be enabled 
   by default, or make it so users can never do -x.</p>
<p>A cloaked host is generated by a cloaking module (you are required to have one loaded), currently there's only 1 module included:<br>
   <b>cloak:</b> This is the official cloaking module since 3.2.1, it is much more secure than the old
   algorithm, it uses md5 internally and requires you to have 3 set::cloak-keys:: consisting of mixed lowercase (a-z),
   uppercase (A-Z) and digit (0-9) charachters [eg: "AopAS6WQH2Os6hfosh4SFJHs"]. See example.conf for an example.<br>
<p>Cloak keys MUST be the same on ALL SERVERS in a network. Also cloak keys should be kept SECRET 
   because it's possible to decode the original host if you know the keys (which makes umode +x useless).</p>
<p>Hint: If you are on *NIX and have to create new cloak keys, you can run './unreal gencloak' 
   in your shell, which will output 3 random strings that you can use.</p>
</div>
<p><font size="+2"><b>3.2 - Modules</b></font><a name="feature_modules"></a></p><div class="desc">
<p>UnrealIRCd supports modules which is nice because:<br>
   - You can load/reload/unload them while the ircd is running (by /rehash). This allows some bugs to be fixed or new features to be added without requiring a restart!<br>
   - Other people can create (3rd party) modules with new commands, usermodes and even channelmodes.<br>
   UnrealIRCd only comes with a few modules. Take a look at www.unrealircd.com -&gt; modules
   or use google to find 3rd party modules.<br>
<p>You need to load at least 2 modules or else you won't be able to boot!:<br>
   - the commands module: commands.so (commands.dll on windows)<br>
   - a cloaking module: usually cloak.so (cloak.dll on windows).</p>
</div>

<p><font size="+2"><b>3.3 - Snomasks</b></font><a name="feature_snomasks"></a></p><div class="desc">
<p>Snomasks are server notice masks, it's a special type of usermode that controls which 
   server notices you will receive (mostly used by opers)</p>
<p>It can be set by: /mode yournick +s SNOMASK, for example: /mode yournick +s +cF<br>
   To remove certain snomasks, use something like: /mode yournick +s -c<br>
   Or you can remove all snomasks by simply doing: /mode yournick -s</p>
<p>The current available snomasks are:<br>
   c - local connects<br>
   F - far connects (except from U-lined servers)<br>
   f - flood notices<br>
   k - kill notices [*]<br>
   e - 'eyes' notices<br>
   j - 'junk' notices<br>
   v - vhost notices<br>
   G - gline/shun notices<br>
   n - local nick change notices<br>
   N - remote nick change notices<br>
   q - deny nick (Q:line) rejection notices<br>
   s - receives server notices [*]<br>
   S - receives spamfilter notices<br>
   o - receives oper-up notices<br>
   [*: this snomask is also allowed to non-ircops]<br>
   </p>
<p>You can control which snomasks you automatically get (set::snomask-on-connect) and which you get
   on oper (set::snomask-on-oper, oper::snomask)</p>
<p>By default, if a user simply sets mode +s, certain snomasks are set. For non-opers, snomasks +ks, and for opers, snomasks +kscfvGqo.</p></div>

<p><font size="+2"><b>3.4 - Aliases</b></font><a name="feature_aliases"></a></p><div class="desc">
<p>With aliases you can configure server-side alias commands. 
   You can for example let "/ns identify blah" be forwarded to nickserv (it will be 
   translated to: privmsg nickserv identify blah). You can even make more complex aliases such as /register can forward to 
   ChanServ if the first parameter begins with a # and forwarded to NickServ if it doesn't.</p>
<p>Aliases are configured by <a href="#aliasblock">alias blocks</a> in the configuration file, and you can also include
   a file with default aliases for most commonly used services.</p></div>
   
<p><font size="+2"><b>3.5 - Helpop</b></font><a name="feature_helpop"></a></p><div class="desc">
<p>UnrealIRCd has a built-in help system accessible by /helpop. The /helpop command is completely user configurable via
   the help block in the configuration file. Additionally, a help.conf is included which contains some basic help for
   all commands.<br>
   For example <i>/helpop chmodes</i> gives you a overview of all channel modes UnrealIRCd has.<br>
   Remember that if you are an ircop (helpop) you will have to prefix the keyword with a '?' character, 
   so <i>/helpop</i> becomes <i>/helpop ?</i> and 
   <i>/helpop chmodes</i> becomes <i>/helpop ?chmodes</i> etc..</p></div>

<p><font size="+2"><b>3.6 - Oper access levels</b></font><a name="feature_operaccesslevels"></a></p><div class="desc">
<p>There are several oper levels in UnrealIRCd and you can add additional rights (like to use /gline) to
   each of them, that way you can give each oper the privileges they need.</p>
<p>This is controlled by the oper flags in the oper block, see the oper block for more information.</p></div>

<p><font size="+2"><b>3.7 - Oper commands</b></font><a name="feature_opercmds"></a></p><div class="desc">
<p>UnrealIRCd has a lot of powerful oper commands which are explained in <a href="#useropercommands">User &amp; Oper Commands</a>,
   you probably want to read those after installing :).</p></div>

<p><font size="+2"><b>3.8 - SSL</b></font><a name="feature_ssl"></a></p><div class="desc">
<p>SSL stands for Secure Socket Layer, with SSL you can make secure encrypted connections. 
   It can be used to encrypt server&lt;-&gt;server traffic, but client&lt;-&gt;server traffic can also be encrypted.
   You usually use SSL to protect against sniffing and for authentication.</p>
<p>You need to have your IRC server compiled with SSL support. To setup an SSL port you need to set listen::options::ssl.</p>
<p>You cannot connect normally to a SSL port (so don't make port 6667 ssl!), you need a client or a tunnel
   that understands the SSL protocol.</p>
<p>Clients that support SSL: <A HREF="http://www.xchat.org/" TARGET="_blank">XChat</a>,
                             <A HREF="http://www.irssi.org/" TARGET="_blank">irssi</a>,
                             <A HREF="http://www.mirc.com/" TARGET="_blank">mIRC</a> (6.14 and up, 
                             also requires some <a href="http://www.mirc.co.uk/ssl.html" target="_blank">additional steps</a>)</p>
<p>For clients which do not support SSL you can use a tunnel like
   <A HREF="http://www.stunnel.org/" TARGET="_blank">stunnel</A>, here's a stunnel.conf example (for stunnel 4.x):<br>
   <pre>
   client = yes
   [irc]
   accept = 127.0.0.1:6667
   connect = irc.myserv.com:6697
</pre>
   If you then connect to 127.0.0.1 port 6667, your traffic will be encrypted and forwarded to irc.myserv.com
   port 6697 (an SSL port).</p>
<p>You should also validate certificates when you connect to servers and not blindly accept them (like in the stunnel example)
   else you are still vulnerable to "active sniffing" attacks (ssl redirects), that's however too offtopic
   to explain here (learn about SSL, don't ask us). [mIRC and xchat pop up a window asking you to allow/reject a certificate,
   so that's good].</p></div>
<p><font size="+2"><b>3.9 - IPv6</b></font><a name="feature_ipv6"></a></p><div class="desc">
<p>UnrealIRCd supports IPv6, since beta15 it seems to be stable.<br> 
   Your OS needs to have IPv6 support and you need to enable IPv6 support in UnrealIRCd during ./Config as well.<br>
<p>Although microsoft has an experimental IPv6 implementation for w2k/XP it is not (yet) supported by UnrealIRCd.</p></div>

<p><font size="+2"><b>3.10 - Zip links</b></font><a name="feature_ziplinks"></a></p><div class="desc">
<p>Zip links can be turned on for server&lt;-&gt;server links, it compresses the data by using zlib.
   It can save 60-80% bandwidth... So it's quite useful for low-bandwidth links or links with
   many users, it can help a lot when you are linking since a lot of data is sent about every user/channel/etc.</p>
<p>To compile with zip links support, you need to answer Yes to the zlib question in ./Config and set it in link::options::zip 
   (on both sides)</p></div>

<p><font size="+2"><b>3.11 - Dynamic DNS/IP linking support</b></font><a name="feature_dyndns"></a></p><div class="desc">
<p>UnrealIRCd has some (new) nice features which helps dynamic IP users using dynamic DNS (like blah.dyndns.org).
   If you are linking two dynamic DNS hosts, then set link::options::nodnscache and link::options::nohostcheck. 
</p></div>

<p><font size="+2"><b>3.12 - Anti-Flood features</b></font><a name="feature_antiflood"></a></p><div class="desc">
<p>
<b>Throttling</b><br>
Throttling is a method that allows you to limit how fast a user can disconnect and then reconnect to your server. 
 You can config it in your set::throttle block to allow X connections in YY seconds from the same IP.<br>
<b>Channel modes</b><br>
There are also some channel modes which can be very effective against floods. To name a few:<br>
<b>K</b> = no /knock, <b>N</b> = no nickchanges, <b>C</b> = no CTCPs, <b>M</b> = only registered users can talk, <b>j</b> = join throttling (per-user basis)<br>
As of beta18 there's also a much more advanced channelmode +f...<br>
<b>Channel mode f</b><br>
Instead of using scripts and bots to protect against channel floods it is now build into the ircd.<br>
An example +f mode is: <i>*** Blah sets mode: +f [10j]:15</i><br>
This means 10 joins per 15 seconds are allowed in the channel, if the limit is hit, the channel will be set +i automatically.<br>
The following floodtypes are available:<br>
<table border=1 cellpadding=3 cellspacing=1>
<tr><td>type:</td><td>name:</td><td>default action:</td><td>other avail. actions:</td><td>comments</td></tr>
<tr><td>c</td><td>CTCPs</td><td>auto +C</td><td>m, M</td><td>&nbsp;</td></tr>
<tr><td>j</td><td>joins</td><td>auto +i</td><td>R</td><td>&nbsp;</td></tr>
<tr><td>k</td><td>knocks</td><td>auto +K</td><td>&nbsp;</td><td><font size=-1>(counted for local clients only)</font></td></tr>
<tr><td>m</td><td>messages/notices</td><td>auto +m</td><td>M</td><td>&nbsp;</td></tr>
<tr><td>n</td><td>nickchanges</td><td>auto +N</td><td>&nbsp;</td><td>&nbsp;</td></tr>
<tr><td>t</td><td>text</td><td>kick</td><td>b</td><td>per-user messages/notices like the old +f. Will kick or ban the user.</td></tr>
</table>
<p />&nbsp;
Example:
<pre>
<font color=green>*** ChanOp sets mode: +f [20j,50m,7n]:15</font>
&lt;ChanOp&gt; lalala
<font color=green>*** Evil1 (~fdsdsfddf@Clk-17B4D84B.blah.net) has joined #test
*** Evil2 (~jcvibhcih@Clk-3472A942.xx.someispcom) has joined #test
*** Evil3 (~toijhlihs@Clk-38D374A3.aol.com) has joined #test
*** Evil4 (~eihjifihi@Clk-5387B42F.dfdfd.blablalba.be) has joined #test</font>
-- snip XX lines --
<font color=green>*** Evil21 (~jiovoihew@Clk-48D826C3.e.something.org) has joined #test</font>
<font color=brown>-server1.test.net:#test *** Channel joinflood detected (limit is 20 per 15 seconds), putting +i</font>
<font color=green>*** server1.test.net sets mode: +i</font>
&lt;Evil2&gt; fsdjfdshfdkjfdkjfdsgdskjgsdjgsdsdfsfdujsflkhsfdl
&lt;Evil12&gt; fsdjfdshfdkjfdkjfdsgdskjgsdjgsdsdfsfdujsflkhsfdl
&lt;Evil15&gt; fsdjfdshfdkjfdkjfdsgdskjgsdjgsdsdfsfdujsflkhsfdl
&lt;Evil10&gt; fsdjfdshfdkjfdkjfdsgdskjgsdjgsdsdfsfdujsflkhsfdl
&lt;Evil8&gt; fsdjfdshfdkjfdkjfdsgdskjgsdjgsdsdfsfdujsflkhsfdl
-- snip XX lines --
<font color=brown>-server1.test.net:#test *** Channel msg/noticeflood detected (limit is 50 per 15 seconds), putting +m</font>
<font color=green>*** server1.test.net sets mode: +m</font>
<font color=green>*** Evil1 is now known as Hmmm1</font>
<font color=green>*** Evil2 is now known as Hmmm2</font>
<font color=green>*** Evil3 is now known as Hmmm3</font>
<font color=green>*** Evil4 is now known as Hmmm4</font>
<font color=green>*** Evil5 is now known as Hmmm5</font>
<font color=green>*** Evil6 is now known as Hmmm6</font>
<font color=green>*** Evil7 is now known as Hmmm7</font>
<font color=green>*** Evil8 is now known as Hmmm8</font>
<font color=brown>-server1.test.net:#test *** Channel nickflood detected (limit is 7 per 15 seconds), putting +N</font>
<font color=green>*** server1.test.net sets mode: +N</font>
</pre>

In fact, it can get even more advanced/complicated:<br>
Instead of the default action, you can for some floodtypes specify another one, for example: <i>+f [20j#R,50m#M]:15</i><br>
This will set the channel +R if the joinlimit is reached (&gt;20 joins in 15 seconds),
and will set the channel +M if the msg limit is reached (&gt;50 messages in 15 seconds).<br>
<br>
There's also a &quot;remove mode after X minutes&quot; feature: <i>+f [20j#R5]:15</i> will set the channel +R if the 
limit is reached and will set -R after 5 minutes.<br>
A server can have a default unsettime (set::modef-default-unsettime), so if you type <i>+f [20j]:15</i> it could get 
transformed into <i>+f [20j#i10]:15</i>, it's just a default, you can still set [20j#i2]:15 or something like that, 
and you can also disable the remove-chanmode completely by doing a +f [20j#i0]:15 (an explicit 0).<br>
<br>
The old +f mode (msgflood per-user) is also still available as 't', +f 10:6 is now called +f [10t]:6 and 
+f *20:10 is now +f [20t#b]:10. Currently the ircd will automatically convert old +f mode types to new ones. 
Note that there's no unsettime feature available for 't' bans ([20t#b30]:15 does not work).<br>
<br>
What the best +f mode is heavily depends on the channel... how many users does it have? do you have a game that makes users 
msg a lot (eg: trivia) or do users often use popups? is it some kind of mainchannel or in auto-join? etc..<br>
There's no perfect channelmode +f that is good for all channels, but to get you started have a look at the next example and modify 
it to suit your needs:<br>
+f [30j#i10,40m#m10,7c#C15,10n#N15,30k#K10]:15<br>
30 joins per 15 seconds, if limit is reached set channel +i for 10 minutes<br>
40 messages per 15 seconds, if limit is reached set channel +m for 10 minutes<br>
7 ctcps per 15 seconds, if limit is reached set channel +C for 15 minutes<br>
10 nickchanges per 15 seconds, if limit is reached set channel +N for 15 minutes<br>
30 knocks per 15 seconds, if limit is reached set channel +K for 10 minutes<br>

If it's some kind of large user channel (&gt;75 users?) you will want to increase the join sensitivity (to eg: 50) and the 
message limit as well (to eg: 60 or 75).<br>
Especially the remove-mode times are a matter of taste.. you should think like.. what if no op is available to handle 
the situation, do I want to have the channel locked for like 15 minutes (=not nice for users) or 5 minutes (=likely the flooders 
will just wait 5m and flood again). It also depends on the floodtype, users unable to join (+i) or speak (+m) is worse than 
having them unable to change their nick (+N) or send ctcps to the channel (+C) so you might want to use different removal times.
<br>
<b>Channel mode j</b><br>
The +f mode includes a feature to prevent join floods, however this feature is "global." For
example, if it is set to 5:10 and 5 <u>different</u> users join in 10 seconds, the flood 
protection is triggered. Channel mode +j is different. This mode works on a per-user basis. 
Rather than protecting against join floods, it is designed to protect against join-part floods 
(revolving door floods). The mode takes a parameter of the form X:Y where X is the number of 
joins and Y is the number of seconds. If a user exceeds this limit, he/she will be prevented 
from joining the channel.
</p></div>

<p><font size="+2"><b>3.13 - Ban types</b></font><a name="feature_bantypes"></a></p><div class="desc">
<p>
<b>Basic bantypes and cloaked hosts</b><br>
UnrealIRCd supports the basic bantypes like <i>+b nick!user@host</i>.<br>
Also, if a masked host of someone is 'rox-ACB17294.isp.com' and you place a ban *!*@rox-ACB17294.isp.com,
then if the user sets himself -x (and his hosts becomes for example 'dial-123.isp.com) then the ban 
will still match. Bans are always checked against real hosts AND masked hosts.<br>
IP bans are also available (eg: *!*@128.*) and are also always checked.<br>
<br>
Bans on cloaked IPs require some explanation:<br>
If a user has the IP 1.2.3.4 his cloaked host could be 341C6CEC.8FC6128B.303AEBC6.IP.<br>
If you ban *!*@341C6CEC.8FC6128B.303AEBC6.IP you would ban *!*@1.2.3.4 (obvious...)<br>
If you ban *!*@*.8FC6128B.303AEBC6.IP you ban *!*@1.2.3.*<br>
If you ban *!*@*.303AEBC6.IP you ban *!*@1.2.*<br>
This information might be helpful to you when deciding how broad a ban should be.<br>
<br>
<b>Extended bantypes</b><br>
Extended bans look like ~[!]&lt;type&gt;:&lt;stuff&gt;. Currently the following types are available:<br>
<table border=1>
<tr><td>type:</td><td>name</td><td>explanation:</td></tr>
<tr><td>~q</td><td>quiet</td><td>People matching these bans can join but are unable to speak, 
 unless they have +v or higher. <i>Ex: ~q:*!*@blah.blah.com</i></td></tr>
<tr><td>~n</td><td>nickchange</td><td>People matching these bans cannot change nicks, 
 unless they have +v or higher. <i>Ex: ~n:*!*@*.aol.com</i></td></tr>
<tr><td>~c</td><td>[prefix]channel</td><td>If the user is in this channel then (s)he is unable to join. 
 A prefix can also be specified (+/%/@/&amp;/~) which means that it will only match if the user has
 that rights or higher on the specified channel.
<i>Ex: +b ~c:#lamers, +e ~c:@#trusted </i></td></tr>
<tr><td>~r</td><td>realname</td><td>If the realname of a user matches this then (s)he is unable to join.<br>
 <i>Ex: ~r:*Stupid_bot_script*</i><br>
 NOTE: an underscore ('_') matches both a space (' ') and an underscore ('_'), so this ban would match 
 'Stupid bot script v1.4'.</td></tr>
</table>
These bantypes are also supported in the channel exception list (+e).<br>
Modules can also add other extended ban types.<br>
</p></div>

<p><font size="+2"><b>3.14 - Spamfilter</b></font><a name="feature_spamfilter"></a></p><div class="desc">
<p>Spamfilter is a new system to fight spam, advertising, worms and other things. It works a bit like
   the badwords system but has several advantages.</p>
<p>Spamfilters are added via the /spamfilter command which uses the following syntax:<br>
   <b>/spamfilter [add|del|remove|+|-] [type] [action] [tkltime] [reason] [regex]</b><br>
   <table border=0>
   <tr valign="top"><td><b>[type]</b></td><td> specifies the target type:<br>
   <table>
   <tr><td><b>Char:</b></td><td><b>Config item:</b></td><td><b>Description:</b></td></tr>
   <tr><td>c</td><td>channel</td><td>Channel message</td></tr>
   <tr><td>p</td><td>private</td><td>Private message (from user-&gt;user)</td></tr>
   <tr><td>n</td><td>private-notice</td><td>Private notice</td></tr>
   <tr><td>N</td><td>channel-notice</td><td>Channel notice</td></tr>
   <tr><td>P</td><td>part</td><td>Part reason</td></tr>
   <tr><td>q</td><td>quit</td><td>Quit reason</td></tr>
   <tr><td>d</td><td>dcc</td><td>DCC filename</td></tr>
   <tr><td>a</td><td>away</td><td>Away message</td></tr>
   <tr><td>t</td><td>topic</td><td>Setting a topic</td></tr>
   <tr><td>u</td><td>user</td><td>User ban, will be matched against nick!user@host:realname</td></tr>
   </table>
   You can specify multiple targets, like: cpNn</td></tr>
   <tr valign="top"><td><b>[action]</b></td><td> specifies the action to be taken (only 1 action can be specified)<br>
<table>
<tr><td>kill</td><td>kills the user</td></tr>
<tr><td>tempshun</td><td>shuns the current session of the user (if [s]he reconnects the shun is gone)</td></tr>
<tr><td>shun</td><td>puts a shun on the host</td></tr>
<tr><td>kline</td><td>puts a kline on the host</td></tr>
<tr><td>gline</td><td>puts a gline on the host</td></tr>
<tr><td>zline</td><td>puts a zline on the host</td></tr>
<tr><td>gzline</td><td>puts a gzline (global zline) on the host</td></tr>
<tr><td>block</td><td>block the message only</td></tr>
<tr><td>dccblock</td><td>mark the user so (s)he's unable to send any DCCs</td></tr>
<tr valign="top"><td>viruschan</td><td>part all channels, join set::spamfilter::virus-help-channel, disables all commands 
 except PONG, ADMIN, and msg/notices to set::spamfilter::virus-help-channel</td></tr>
</table></tr></td>
   <tr valign="top"><td><b>[tkltime]</b></td><td> The duration of the *line/shun added by the filter, use '-' to use the default or to skip 
   (eg: if action = 'block')</td></tr>
   <tr valign="top"><td><b>[reason]</b></td><td> Block/*line/shun reason.. you CANNOT use spaces in this, but underscores ('_') will be translated
into spaces at runtime. And double underscore ('__') gets an underscore ('_'). Again, use '-' to use the default reason.</td></tr>
   <tr valign="top"><td><b>[regex]</b></td><td> this is the actual regex or 'bad word' where we should block on and perform the action at</td></tr>
   </table>
   <br>
   Here's an example: <i>/spamfilter add pc gline - - Come watch me on my webcam</i><br>
   If the text <i>come watch me on my webcam</i> is found in either a private msg or a channel msg 
   then the message will be blocked and a gline will be added immediately.<br>
   Another example: <i>/spamfilter add pc block - - come to irc\..+\..+</i><br>
   This is a regex that will match on <i>Hi, come to irc.blah.net</i> etc....<br>
   And an example with specified time/reason:<br>
   <i>/spamfilter add p gline 3h Please_go_to_www.viruscan.xx/nicepage/virus=blah Come watch me on my webcam</i><br>
   If <i>come watch me on my webcam</i> is found in a private msg then the user is glined for 3 hours 
   with the reason <i>Please go to www.viruscan.xx/nicepage/virus=blah</i>.<br>
   <br>
   Spamfilters added with /spamfilter are network-wide. They work regardless of whether the user/channel
   has mode +G set, only opers and ulines (services) are exempted from filtering.
</p>
<p>You can also add spamfilters in the config file but these will be local spamfilters (not 
   network-wide, though you could use remote includes for this). 
   The syntax of these spamfilter { } blocks are explained <a href="#spamfilter">here</a><br>
   Example:<br>
   <pre>spamfilter {
	regex "//write \$decode\(.+\|.+load -rs";
	target { private; channel; };
	reason "Generic $decode exploit";
	action block;
};</pre></p>

<p><b>set::spamfilter::ban-time</b> allows you to modify the default ban time for *lines/shuns added by spamfilter (default: 1 day)<br>
   <b>set::spamfilter::ban-reason</b> allows you to specify a default reason (default: 'Spam/advertising')<br>
   <b>set::spamfilter::virus-help-channel</b> allows you to specify the channel to join for action 'viruschan' (default: #help)<br>
   <b>set::spamfilter::virus-help-channel-deny</b> allows you to block any normal joins to virus-help-channel (default: no)<br>
</p>
<p>
<font size="+1"><B>Slow Spamfilter Detection</B></font><a name="feature_spamfilter_slow"></a><br>
A spamfilter regex can slow down the IRCd considerably. This really depends
on the regex you use (and how the regex engine handles it), some are very
fast and UnrealIRCd can execute thousands of them per second. Others can be
extremely slow, take several seconds to execute, and could freeze the IRCd.<br>
To help against this, Unreal comes with Slow Spamfilter Detection: For each
spamfilter, Unreal checks, each time it executes, how long it takes to
execute. Once a certain threshold is reached the IRCd will warn or even remove
the spamfilter.<br>
Warning is configured through <b>set::spamfilter::slowdetect-warn</b> (default: 250ms)
and automatic deletion is configured by <b>set::spamfilter::slowdetect-fatal</b> (default: 500ms).
You can set both settings to 0 (zero) to disable slow spamfilter detection.<br>
This feature is currently not available on Windows.<br>
</p>
</div>

<p><font size="+2"><b>3.15 - CIDR</b></font><a name="feature_cidr"></a></p><div class="desc">
<p>UnrealIRCd now has support for CIDR (Classless Interdomain Routing). CIDR allows you to ban
IP ranges. IPs are allocated to ISPs using CIDR, therefore, being able to set a CIDR based ban 
allows you to easily ban an ISP. Unreal supports CIDR for both IPv4 and IPv6. CIDR masks may be
used in the allow::ip, oper::from::userhost, ban user::mask, ban ip::mask, except ban::mask,
except throttle::mask, and except tkl::mask (for gzline, gline, and shun). Additionally, CIDR
can be used in /kline, /gline, /zline, /gzline, and /shun. Unreal uses the standard syntax of
IP/bits, e.g., 127.0.0.0/8 (matches 127.0.0.0 - 127.255.255.255), and fe80:0:0:123::/64
(matches fe80:0:0:123:0:0:0:0 - fe80:0:0:123:ffff:ffff:ffff:ffff).</p></div>

<p><font size="+2"><b>3.16 - Nick Character Sets</b></font><a name="feature_nickchars"></a></p><div class="desc">
<p>UnrealIRCd now has the ability to specify which charsets/languages should be allowed
in nicknames. You do this in <b>set::allowed-nickchars</b>.<br>
A table of all possible choices:<br>
<table border="1">
<tr><td><b>Name:</b></td><td><b>Description:</b></td><td><b>Character set/encoding:</b></td></tr>
<tr><td>catalan</td><td>Catalan characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>danish</td><td>Danish characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>dutch</td><td>Dutch characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>french</td><td>French characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>german</td><td>German characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>swiss-german</td><td>Swiss-German characters (no es-zett)</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>icelandic</td><td>Icelandic characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>italian</td><td>Italian characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>spanish</td><td>Spanish characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>swedish</td><td>Swedish characters</td><td>iso8859-1 (latin1)</td></tr>
<tr><td><b>latin1</b></td><td>catalan, danish, dutch, french, german, swiss-german, spanish, icelandic, italian, swedish</td><td>iso8859-1 (latin1)</td></tr>
<tr><td>hungarian</td><td>Hungarian characters</td><td>iso8859-2 (latin2), windows-1250</td></tr>
<tr><td>polish</td><td>Polish characters</td><td>iso8859-2 (latin2)</td></tr>
<tr><td>romanian</td><td>Romanian characters</td><td>iso8859-2 (latin2), windows-1250, iso8859-16</td></tr>
<tr><td><b>latin2</b></td><td>hungarian, polish, romanian</td><td>iso8859-2 (latin2)</td></tr>
<tr><td>polish-w1250</td><td>Polish characters, windows variant (unfortunately more common than iso)</td><td>windows-1250</td></tr>
<tr><td>slovak-w1250</td><td>Slovak characters, windows variant</td><td>windows-1250</td></tr>
<tr><td>czech-w1250</td><td>Czech characters, windows variant</td><td>windows-1250</td></tr>
<tr><td><b>windows-1250</b></td><td>polish-w1250, slovak-w1250, czech-w1250, hungarian, romanian</td><td>windows-1250</td></tr>
<tr><td>greek</td><td>Greek characters</td><td>iso8859-7</td></tr>
<tr><td>turkish</td><td>Turkish characters</td><td>iso8859-9</td></tr>
<tr><td>russian-w1251</td><td>Russian characters</td><td>windows-1251</td></tr>
<tr><td>belarussian-w1251</td><td>Belarussian characters</td><td>windows-1251</td></tr>
<tr><td>ukrainian-w1251</td><td>Ukrainian characters</td><td>windows-1251</td></tr>
<tr><td><b>windows-1251</b></td><td>russian-w1251, belarussian-w1251, ukrainian-w1251</td><td>windows-1251</td></tr>
<tr><td>hebrew</td><td>Hebrew characters</td><td>iso8859-8-I/windows-1255</td></tr>
<tr><td>chinese-simp</td><td>Simplified Chinese</td><td>Multibyte: GBK/GB2312</td></tr>
<tr><td>chinese-trad</td><td>Tradditional Chinese</td><td>Multibyte: GBK</td></tr>
<tr><td>chinese-ja</td><td>Japanese Hiragana/Pinyin</td><td>Multibyte: GBK</td></tr>
<tr><td><b>chinese</b></td><td>chinese-*</td><td>Multibyte: GBK</td></tr>
<tr><td><b>gbk</b></td><td>chinese-*</td><td>Multibyte: GBK</td></tr>
</table>
<p>NOTE 1: Please note that some combinations can cause problems. 
For example, combining latin* and chinese-* can not be properly handled by 
the IRCd and Unreal will print an error. 
Mixing of other charsets might cause display problems, so Unreal will print out 
a warning if you try to mix latin1/latin2/greek/other incompatible groups.</p>
<p>NOTE 2: Casemapping (if a certain lowercase character belongs to an upper one) is done according to
US-ASCII, this means that o" and O" are not recognized as 'the same character' and hence someone can
have a nick with B"ar and someone else BA"r at the same time. This is a limitation of the current system
and IRCd standards that cannot be solved anytime soon. People should be aware of this limitation.
Note that this limitation has always also been applied to channels, in which nearly all characters were always
permitted and US-ASCII casemapping was always performed.</p>
<p>NOTE 3: The basic nick characters (a-z A-Z 0-9 [ \ ] ^ _ - { | }) are always allowed/included.</p>

Example 1, for people of western europe:<br>
<pre>set { allowed-nickchars { latin1; }; };</pre>
Example 2, if you have mainly chinese users and want to allow "normal" chinese characters:<br>
<pre>set { allowed-nickchars { chinese-simp; chinese-trad; }; };</pre>
</p></div>

<p><font size="+2"><b>3.17 - CGI:IRC Support</b></font><a name="feature_cgiirc"></a></p><div class="desc">
<p>UnrealIRCd has support for CGI:IRC host spoofing, which means you can mark specific CGI:IRC
gateways as "trusted" which will cause the IRCd to show the users' real host/ip everywhere on
IRC, instead of the host/ip of the CGI:IRC-gateway.</p>
<p>See the <a href="#cgiirc">cgiirc block</a> for information on how to configure this.</p>
</div>

<p><font size="+2"><b>3.18 - Time Synchronization</b></font><a name="feature_timesync"></a></p><div class="desc">
<p>Having correct time is extremely important for IRC servers. Without correct time, channels can desynch, innocent
users can be killed, channels might not show up properly in /LIST, in short: huge trouble will arrise.</p>
<p>UnrealIRCd has some build-in time synchronization support.
Although not optimal (time can still be off a few seconds), it should get rid of most time differences.
If you can, you are still recommended to run time synchronization software such as ntpd on *NIX or 
the time synchronization service on Windows (in that case, you can turn off Unreal's time synchronization, more on that later).</p>
<p>What UnrealIRCd does (by default) is do a one-shot timesync attempt when booting. It sends (by default) a request
to multiple time servers and when it gets the first (fastest) reply, it will adjust the internal ircd clock
(NOT the system clock). If, for some reason, Unreal does not get a reply from the timeserver within 3 seconds,
the IRCd will continue to boot regardlessly (should rarely happen).</p>
<p>Time synchronization is configured (and can be turned off) through the <b>set::timesynch</b> block, see
   the <a href="#setblock">set documentation</a> for more information.</p>
</div>

<p><font size="+2"><b>3.19 - Other features</b></font><a name="feature_other"></a></p><div class="desc">
<p>UnrealIRCd has a lot of features so not everything is covered here... You'll find that out by yourself.</p></div>

<p> </p>
<p><font size="+2"><b>4.0 - Configuring your unrealircd.conf</b></font> 
  <a name="configuringyourunrealircdconf"></a></p><div class="desc">
<p>First of all, creating your first unrealircd.conf will take time (say, 15-60
minutes). Creating a <u>good</u> unrealircd.conf will take even more time.
You should not rush to get the IRCd booted, but rather go through things
step-by-step. If you have any problems, check your syntax, check this manual 
and check the <a href="http://www.vulnscan.org/UnrealIRCd/faq/">FAQ</a> before asking for help/reporting a bug.</p></div>
<p><b><font size="+2">4.1 Configuration File Explained</font></b><a name="configurationfileexplained"></a><br><div class="desc">
</p>
<p>The new system uses a block-based format. Each entry, or block, in the new 
  format has a specific format. The format works like:</p>
<pre>
&lt;block-name&gt; &lt;block-value&gt; {
	&lt;block-directive&gt; &lt;directive-value&gt;;
};
</pre></p>
<p>&lt;block-name&gt; is the type of block, such as me, or admin. &lt;block-value&gt; 
  sometimes specifies a value, such as /oper login, but other times it will be 
  a sub-type such as in ban user.</p>
<p>&lt;block-directive&gt; is an individual variable specific to the block, and 
  &lt;directive-value&gt; is the Associated value. If &lt;directive-value&gt; 
  contains spaces, or characters that represents a comment it must be contained
  in double quotes. If you want to use a quote character inside a quoted string
  use \" and it will be understood as a quote character.</p>
<p> A &lt;block-directive&gt; can have directives within it, if that&#8217;s the 
  case it will have it's own set of curly braces surrounding it. Some blocks do 
  not have directives and are specified just by &lt;block-value&gt;, such as include. 
  Also note that there is no set format, meaning the whole block can appear on 
  one line or over multiple lines. The format above is what is normally used (and 
  what will be used in this file) because it is easy to read. </p>
<p>Note: the configuration file is currently case sensitive so <i>BLOCK-NAME</i> is not 
  the same as <i>block-name</i>. There is a special notation used to talk about entries 
  in the config file. For example, to talk about &lt;directive-name&gt; in the 
  example above, you'd say &lt;block-name&gt;::&lt;block-directive&gt;, and if 
  that directive has a sub block you want to reverence, you would add another 
  :: and the name of the sub directive. </p>
<p>To talk about an unnamed directive you would do &lt;block-name&gt;:: which 
  would in this case mean &lt;block-value&gt;, or it could be an entry in a sub 
  block that has no name.</p>
<p>Three types of comments are supported:</p>
<p> # One line comment<br>
    // One line comment<br>
    /* Multi line<br>
       &nbsp;&nbsp;&nbsp;&nbsp;comment */<br>
 </p>
<p>Now that you know how it works, copy <i>doc/example.conf</i> to your UnrealIRCd
   directory (eg: /home/user/Unreal3.2) and rename it to <i>unrealircd.conf</i>
   (OR create your <i>unrealircd.conf</i> from scratch).
   It's recommended to walk step by step through all block types and
   settings in your conf and use this manual as a reference.</p>
<p></p></div>
<p><font class="block_section">4.2 - </font><font class="block_name">Me Block</font>
   <font class="block_required">REQUIRED</font> <font class="block_old">(Previously known as the M:Line)</font><a name="meblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
me {
	name &lt;name-of-server&gt;;
	info &lt;server-description&gt;;
	numeric &lt;server-numeric&gt;;
};
</pre></p>
<p>These values are pretty obvious. The <b>name</b> specifies the name of the server, 
  <b>info</b> specifies the server's info line, <b>numeric</b> specifies a numeric to 
  identify the server. This must be a value between 0 and 254 that is UNIQUE to 
  the server meaning NO other servers on the network may have the same numeric.</p>
<p>Example:<br>
<pre>
me {
	name "irc.foonet.com";
	info "FooNet Server";
	numeric 1;
};
</pre></p></div>
<p></p>
<p><font class="block_section">4.3 - </font><font class="block_name">Admin Block</font>
   <font class="block_required">REQUIRED</font> <font class="block_old">(Previously known as the A:Line)</font><a name="adminblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
admin {
	&lt;text-line&gt;;
	&lt;text-line&gt;;
};
</pre></p>
<p> </p>
<p>The admin block defines the text displayed in a /admin request. You can specify 
  as many lines as you want and they can contain whatever information you 
  choose, but it is standard to include the admins nickname and email address 
  at a minimum. Other information may include any other contact information you 
  wish to give.</p>
<p>Example:<br>
<pre>
admin {
	"Bob Smith";
	"bob";
	"widely@used.name";
};
</pre></p></div>
<p></p>
<p><font class="block_section">4.4 - </font><font class="block_name">Class Block</font>
   <font class="block_required">REQUIRED</font> <font class="block_old">(Previously known as the Y:Line)</font><a name="classblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
class &lt;name&gt; {
	pingfreq &lt;ping-frequency&gt;;
	connfreq &lt;connect-frequency&gt;;
	maxclients &lt;maximum-clients&gt;;
	sendq &lt;send-queue&gt;;
	recvq &lt;recv-queue&gt;;
};
</pre></p>
<p> </p>
<p>Class blocks are classes in which connections will be placed (for example from allow blocks 
   or servers from link blocks), you generally have multiple class blocks (ex: for servers, clients, opers).</p>
<p><b>name</b> is the descriptive name, like "clients" or "servers", this name is 
   used for referring to this class from allow/link/oper/etc blocks</p>
<p><b>pingfreq</b> is the number of seconds between PINGs from the server (something between 90 and 180 is recommended).</p>
<p><b>connfreq</b> is used only for servers and is the number of seconds between connection attempts if autoconnect is enabled</p>
<p><b>maxclients</b> specifies the maximum (total) number of clients/servers which can be in this class</p>
<p><b>sendq</b> specifies the amount of data which can be in the send queue (very high for servers with low bandwidth, medium for clients)</p>
<p><b>recvq</b> specifies the amount of data which can be in the receive queue and is used for flood control 
 (this only applies to normal users, try experimenting with values 3000-8000, 8000 is the default).</p>
<p>Examples:<br>
<pre>
class clients {
	pingfreq 90;
	maxclients 500;
	sendq 100000;
	recvq 8000;
};

class servers {
	pingfreq 90;
	maxclients 10; /* Max servers we can have linked at a time */
	sendq 1000000;
	connfreq 100; /* How many seconds between each connection attempt */
};
</pre></p>
<p> </p></div>
<p><font class="block_section">4.5 - </font><font class="block_name">Allow Block</font>
   <font class="block_required">REQUIRED</font> <font class="block_old">(Previously known as the I:Line)</font><a name="allowblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
allow {
	ip &lt;user@ip-connection-mask&gt;;
	hostname &lt;user@host-connection-mask&gt;;
	class &lt;connection-class&gt;;
	password &lt;connection-password&gt; { &lt;auth-type&gt;; };
	maxperip &lt;max-connections-per-ip&gt;;
	redirect-server &lt;server-to-forward-to&gt;;
	redirect-port &lt;port-to-forward-to&gt;;
	options {
		&lt;option&gt;;
		&lt;option&gt;;
		...
	};
};
</pre></p>
<p>The allow class is where you specify who may connect to this server, you can have multiple allow blocks.</p>
<p><b>About matching</b><br>
   The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" 
   will mean it will always match. Also the allow blocks are read upside down, so you need specific host/ip allow blocks 
   AFTER your general *@* allow blocks. Additionally, if you want to setup a block that only matches based on IP, then set 
   the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.</p>
<p><b>ip</b><br>
   The ip mask is in the form user@ip, user is the ident and often set at *, ip is the ipmask.
   Some examples: *@* (from everywhere), *@192.168.* (only from addr's starting with 192.168), etc.</p>
<p><b>host</b><br>
   Also a user@host hostmask, again.. user is often set at *. Some examples: *@* (everywhere), 
   *@*.wanadoo.fr (only from wanadoo.fr).</p>
<p><b>password</b> (optional)<br>
   Require a connect password. You can also specify an password encryption method here.
</p>
<p><b>class</b><br>
   Specifies the class name that connections using this allow block will be placed into.
</p>
<p><b>maxperip</b> (optional, but recommended)<br>
   Allows you to specify how many connections per IP are allowed to this server (ex: maxperip 4;).
</p>
<p><b>redirect-server</b> (optional)<br>
   If the class is full, redirect users to this server (if clients supports it [mIRC 6 does]).</p>
<p><b>redirect-port</b> (optional)<br>
   If redirect-server is specified you can set the port here, otherwise 6667 is assumed.</p>
<p><b>options block</b> (optional)<br>
   Valid options are:<br>
&nbsp;&nbsp;&nbsp;<b>useip</b> always display IP instead of hostname<br>
&nbsp;&nbsp;&nbsp;<b>noident</b> don't use ident but use username specified by client<br>
&nbsp;&nbsp;&nbsp;<b>ssl</b> only match if this client is connected via SSL<br>
&nbsp;&nbsp;&nbsp;<b>nopasscont</b> continue matching if no password was given (so you can put clients in special classes 
if they supply a password).
<p>Examples:<br>
<pre>
allow {
	ip *;
	hostname *;
	class clients;
	maxperip 5;
};

allow {
	ip *@*;
	hostname *@*.passworded.ugly.people;
	class clients;
	password "f00Ness";
	maxperip 1;
};
</pre></p></div>
<p>&nbsp;</p>
<p><font class="block_section">4.6 - </font><font class="block_name">Listen Block</font>
   <font class="block_required">REQUIRED</font> <font class="block_old">(Previously known as the P:Line)</font><a name="listenblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
listen &lt;ip:port&gt; {
	options {
		&lt;option&gt;;
		&lt;option&gt;;
		...
	};
};
</pre></p>
<p> </p>
<p>This block allows you to specify the ports on which the IRCD will listen. If 
  no options are required, you may specify this without any directives in the 
  form listen &lt;ip:port&gt;;.</p>
<p><b>ip and port</b><br>
  You can set ip to * to bind to all available ips, or specify one to only bind to that ip (usually needed at shell providers).
  The port is the port you want to listen on. You can also set the port to a range rather than an individual
  value. For example, 6660-6669 would listen on ports 6660 through 6669 (inclusive). IPv6 users, see below.</p>
<p><b>Info for IPv6 users</b><br>
  If you have an IPv6 enabled server you need to enclose the IP in brackers. 
  Like [::1]:6667 (listen at localhost on port 6667). If you are using IPv6 and you 
  want to listen at a specific IPv4 addr you need to use ::ffff:ipv4ip. For example: 
  [::ffff:203.123.67.1]:6667 which will listen at 203.123.67.1 on port 6667. 
  Of course you can also just use *.</p>
<p><b>options block</b> (optional)<br>
  You can specify special options for this port if you want, valid options are:<br>
<table border="0">
<TR><TD><center><b>clientsonly</b></center></TD><TD> port is only for clients</TD></TR>
<TR><TD><center><b>serversonly</b></center></TD><TD> port is only for servers</TD></TR>
<TR><TD><center><b>java</b></center></TD><TD> CR javachat support</TD></TR>
<TR><TD><center><b>ssl</b></center></TD><TD> SSL encrypted port</TD></TR>
</table>
</p>

<p>Examples:</p>
<pre>
listen *:6601 {
	options {
		ssl;
		clientsonly;
	};
};

</pre></p>
<p>Or if there are no options:</p>
<p>listen *:8067;<br>
  listen 213.12.31.126:6667;<br>
  listen *:6660-6669;</p></div>
<p><font class="block_section">4.7 - </font><font class="block_name">Oper Block</font>
   <font class="block_recommended">RECOMMENDED</font> <font class="block_old">(Previously known as the O:Line)</font><a name="operblock"></a><div class="desc">
</p>
<p>
<pre>oper &lt;name&gt; {
	from {
		userhost &lt;hostmask&gt;;
		userhost &lt;hostmask&gt;;
	};
	password &lt;password&gt; { &lt;auth-type&gt;; };
	class &lt;class-name&gt;;
	flags &lt;flags&gt;;
	flags {
		&lt;flag&gt;;
		&lt;flag&gt;;
		...
	};
	swhois &lt;whois info&gt;;
	snomask &lt;snomask&gt;;
	modes &lt;modes&gt;;
	maxlogins &lt;num&gt;;
};
</pre></p>
<p>The oper block allows you to assign IRC Operators for your server. The <b>oper::</b> 
  specifies the login name for the /oper. The <b>oper::from::userhost</b> is a user@host 
  mask that the user must match, you can specify more than one hostmask by creating 
  more than one oper::from::userhost. The <b>oper::password</b> is the password the user 
  must specify, oper::password:: allows you to specify an authentication method 
  for this password, valid auth-types are crypt, md5, and sha1, ripemd-160. If 
  you want to use a plain-text password leave this sub-block out.</p>
<p>Please note that BOTH the login name and password are case sensitive</p>
<p>The <b>oper::class</b> directive specifies the name of a preexisting (appears before 
  this in the config file) class name that the oper block will use.</p>
<p>The <b>oper::flags</b> directive has two formats. If you wish to use the old style 
  oper flags i.e., OAa, you use the flags &lt;flags&gt; method, if you want to 
  use the new style,i.e., services-admin, then you use the flags { &lt;flag&gt;; 
  } method. Below is a list of all the flags (in both formats) and what they do.</p>
<table width="75%" border="1">
  <tr> 
    <td width="10%"><div align="center"><b>Old Flag</b></div></td>
    <td width="16%"><div align="center"><b>New Flag</b></div></td>
    <td width="74%"><b>Description</b></td>
  </tr>
  <tr> 
    <td height="24"><div align="center">o</div></td>
    <td><div align="center">local</div></td>
    <td>Makes you a local operator</td>
  </tr>
  <tr> 
    <td><div align="center">O</div></td>
    <td><div align="center">global</div></td>
    <td>Makes you a global operator</td>
  </tr>
  <tr> 
    <td><div align="center">C</div></td>
    <td><div align="center">coadmin</div></td>
    <td>Makes you a coadmin</td>
  </tr>
  <tr> 
    <td><div align="center">A</div></td>
    <td><div align="center">admin</div></td>
    <td>Makes you a admin</td>
  </tr>
  <tr> 
    <td><div align="center">a</div></td>
    <td><div align="center">services-admin</div></td>
    <td>Makes you a services admin</td>
  </tr>
  <tr> 
    <td><div align="center">N</div></td>
    <td><div align="center">netadmin</div></td>
    <td>Makes you a Network Admin</td>
  </tr>
  <tr> 
    <td><div align="center">r</div></td>
    <td><div align="center">can_rehash</div></td>
    <td>Oper may use /rehash</td>
  </tr>
  <tr> 
    <td><div align="center">D</div></td>
    <td><div align="center">can_die</div></td>
    <td>Oper may use /die</td>
  </tr>
  <tr> 
    <td><div align="center">R</div></td>
    <td><div align="center">can_restart</div></td>
    <td>Oper may use /restart</td>
  </tr>
  <tr> 
    <td><div align="center">h</div></td>
    <td><div align="center">helpop</div></td>
    <td>Oper receives umode +h (helpop)</td>
  </tr>
  <tr> 
    <td><div align="center">w</div></td>
    <td><div align="center">can_wallops</div></td>
    <td>Oper can send /wallops</td>
  </tr>
  <tr> 
    <td><div align="center">g</div></td>
    <td><div align="center">can_globops</div></td>
    <td>Oper can send /globops</td>
  </tr>
  <tr> 
    <td><div align="center">c</div></td>
    <td><div align="center">can_localroute</div></td>
    <td>Can connect servers locally</td>
  </tr>
  <tr> 
    <td><div align="center">L</div></td>
    <td><div align="center">can_globalroute</div></td>
    <td>Can connect servers globally</td>
  </tr>
  <tr> 
    <td><div align="center">k</div></td>
    <td><div align="center">can_localkill</div></td>
    <td>Can /kill local users</td>
  </tr>
  <tr> 
    <td><div align="center">K</div></td>
    <td><div align="center">can_globalkill</div></td>
    <td>Can /kill global users</td>
  </tr>
  <tr> 
    <td><div align="center">b</div></td>
    <td><div align="center">can_kline</div></td>
    <td>Can use /kline</td>
  </tr>
  <tr> 
    <td><div align="center">B</div></td>
    <td><div align="center">can_unkline</div></td>
    <td>Can use /kline -u@h</td>
  </tr>
  <tr> 
    <td><div align="center">n</div></td>
    <td><div align="center">can_localnotice</div></td>
    <td>Can send local server notices</td>
  </tr>
  <tr> 
    <td><div align="center">G</div></td>
    <td><div align="center">can_globalnotice</div></td>
    <td>Can send global server notices</td>
  </tr>
  <tr> 
    <td><div align="center">z</div></td>
    <td><div align="center">can_zline</div></td>
    <td>Can use /zline</td>
  </tr>
  <tr> 
    <td><div align="center">t</div></td>
    <td><div align="center">can_gkline</div></td>
    <td>Can use /gline, /shun and /spamfilter</td>
  </tr>
  <tr> 
    <td><div align="center">Z</div></td>
    <td><div align="center">can_gzline</div></td>
    <td>Can use /gzline</td>
  </tr>
  <tr> 
    <td><div align="center">W</div></td>
    <td><div align="center">get_umodew</div></td>
    <td>Sets umode +W when u oper</td>
  </tr>
  <tr> 
    <td><div align="center">H</div></td>
    <td><div align="center">get_host</div></td>
    <td>Sets your host to an oper host</td>
  </tr>
  <tr> 
    <td><div align="center">v</div></td>
    <td><div align="center">can_override</div></td>
    <td>Can use <a href="#operoverride">OperOverride</a></td>
  </tr>
  <tr>
    <td><div align="center">q</div></td>
    <td><div align="center">can_setq</div></td>
    <td>Can use usermode +q</td>
  </tr>
  <tr>
    <td><div align="center">X</div></td>
    <td><div align="center">can_addline</div></td>
    <td>Can use /addline</td>
  </tr>
  <tr>
    <td><div align="center">d</div></td>
    <td><div align="center">can_dccdeny</div></td>
    <td>Can use /dccdeny and /undccdeny</td>
  </tr>
</table>
<p>Certain flags give you other flags by default:</p>
<table width="59%" border="1">
  <tr> 
    <td width="19%"><b>local</b></td>
    <td width="17%"><b>global</b></td>
    <td width="19%"><b>admin/coadmin</b></td>
    <td width="22%"><b>services-admin</b></td>
    <td width="23%"><b>netadmin</b></td>
  </tr>
  <tr> 
    <td>can_rehash</td>
    <td>can_rehash</td>
    <td>can_rehash</td>
    <td>can_rehash</td>
    <td>can_rehash</td>
  </tr>
  <tr> 
    <td>helpop</td>
    <td>helpop</td>
    <td>helpop</td>
    <td>helpop</td>
    <td>helpop</td>
  </tr>
  <tr> 
    <td>can_globops</td>
    <td>can_globops</td>
    <td>can_globops</td>
    <td>can_globops</td>
    <td>can_globops</td>
  </tr>
  <tr> 
    <td>can_wallops</td>
    <td>can_wallops</td>
    <td>can_wallops</td>
    <td>can_wallops</td>
    <td>can_wallops</td>
  </tr>
  <tr> 
    <td>can_localroute</td>
    <td>can_localroute</td>
    <td>can_localroute</td>
    <td>can_localroute</td>
    <td>can_localroute</td>
  </tr>
  <tr> 
    <td>can_localkill</td>
    <td>can_localkill</td>
    <td>can_localkill</td>
    <td>can_localkill</td>
    <td>can_localkill</td>
  </tr>
  <tr> 
    <td>can_kline</td>
    <td>can_kline</td>
    <td>can_kline</td>
    <td>can_kline</td>
    <td>can_kline</td>
  </tr>
  <tr> 
    <td>can_unkline</td>
    <td>can_unkline</td>
    <td>can_unkline</td>
    <td>can_unkline</td>
    <td>can_unkline</td>
  </tr>
  <tr> 
    <td>can_localnotice</td>
    <td>can_localnotice</td>
    <td>can_localnotice</td>
    <td>can_localnotice</td>
    <td>can_localnotice</td>
  </tr>
  <tr> 
    <td>&nbsp;</td>
    <td>can_globalroute</td>
    <td>can_globalroute</td>
    <td>can_globalroute</td>
    <td>can_globalroute</td>
  </tr>
  <tr> 
    <td>&nbsp;</td>
    <td>can_globalkill</td>
    <td>can_globalkill</td>
    <td>can_globalkill</td>
    <td>can_globalkill</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>can_globalnotice</td>
    <td>can_globalnotice</td>
    <td>can_globalnotice</td>
    <td>can_globalnotice</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>global</td>
    <td>global</td>
    <td>global</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>can_dccdeny</td>
    <td>can_dccdeny</td>
    <td>can_dccdeny</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>can_setq</td>
    <td>can_setq</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>admin</td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td>services-admin</td>
  </tr>
</table>
<p>The <b>oper::swhois</b> directive allows you to add an extra line to an opers whois 
  information. <font color=blue>[optional]</font></p>
<p>The <b>oper::snomask</b> directive allows you to preset an oper's server notice mask 
  on oper up. For a list of available SNOMASKs, see <a href="#feature_snomasks">Section 3.3</a> 
  <font color=blue>[optional]</font></p>
<p>The <b>oper::modes</b> directive allows you to preset an oper's modes on oper up.
  <font color=blue>[optional]</font></p>
<p>The <b>oper::maxlogins</b> allows you to restrict the number of concurrent oper logins from this host,
   for example if you set it to 1 then only 1 person can be oper'ed via this block at any time. 
   <font color=blue>[optional]</font></p>

<p>Example:<br>
<pre>
oper bobsmith {
	class clients;
	from {
		userhost bob@smithco.com;
		userhost boblaptop@somedialupisp.com;
	};
	password "f00";
	flags {
		netadmin;
		can_gkline;
		can_gzline;
		can_zline;
		can_restart;
		can_die;
		global;
	};
	swhois "Example of a whois mask";
	snomask frebWqFv;
};
</pre></p>
<a name="operoverride"><b>Some little info about OperOverride:</b><br>
OperOverride are things like: joining a +ikl channel and going through bans (you need to /invite yourself first however), 
op'ing yourself in a channel, etc.<br>
The can_override operflag was added as an attempt to stop oper abuse.
No oper is able to override by default, you would have to give them the can_override flag explicitly.
<p> </p></div>
<p><font class="block_section">4.8 - </font><font class="block_name">DRpass Block</font>
   <font class="block_recommended">RECOMMENDED</font> <font class="block_old">(Previously known as the X:Line)</font><a name="drpassblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
drpass {
	restart &lt;restart-password&gt; { &lt;auth-type&gt;; };
	die &lt;die-password&gt; { &lt;auth-type&gt;; };
};</pre></p>
<p>This block sets the /restart and /die passwords with drpass::restart and drpass::die 
  respectively. The drpass::restart:: and drpass::die:: allow you to specify the 
  type of authentication used by this item. The currently supported authentication 
  types are crypt, md5, and sha1, ripemd-160.</p>
<p>Example:</p>
<pre>
drpass {
	restart "I-love-to-restart";
	die "die-you-stupid";
};
</pre></p>
<p> </p></div>
<p><font class="block_section">4.9 - </font><font class="block_name">Include Directive</font><a name="includedirective"></a><div class="desc">
</p>
<p>Syntax:<br>
  include &lt;file-name&gt;;</p>
<p>This directive specifies a filename to be loaded as a separate configuration 
  file. This file may contain any type of config block and can even include other 
  files. Wildcards are supported in the file name to allow you to load multiple 
  files at once.</p>
<p><b>example 1: a network file</b><br>
  <pre>include mynetwork.network;</pre></p>
<p>That would be the statement to use if you wanted to use a separate network 
  file. Separate network files are no longer required; all the network settings 
  can be inserted directly into the unrealircd.conf. Or you can put an include 
  statement them to load the file.</p>
<p><b>example 2: aliases</b><br>
  <pre>include aliases/ircservices.conf</pre></p>
<p>Another example is to use it for including alias blocks, UnrealIRCd comes with
   some files which (should) contain the right aliases for most services:<br>
<ul>
<li>aliases/ircservices.conf (IRCServices, Daylight)
<li>aliases/epona.conf (Epona)
<li>aliases/anope.conf (Anope)
<li>aliases/auspice.conf (Auspice)
<li>aliases/generic.conf (Magick, Sirius, Wrecked)
<li>aliases/cygnus.conf (Cygnus)
<li>aliases/operstats.conf (OperStats)
<li>aliases/genericstats.conf (GeoStats, NeoStats)
</ul>
</p>
<p></p></div>
<p><font class="block_section">4.10 - </font><font class="block_name">LoadModule Directive</font>
   <font class="block_required">REQUIRED</font><a name="loadmoduledirective"></a><div class="desc">
</p>
<p>Syntax:<br>
  loadmodule &lt;file-name&gt;;</p>
<p>See <a href="#feature_modules">here</a> why modules are nice/useful.</p>
<p>Modules that come standard with Unreal3.2:</p>
<p>commands.so / commands.dll - All the / commands (well not all yet, but will eventually be all) <font color="red">REQUIRED</font><br>
   cloak.so / cloak.dll - Cloaking module <font color="red">REQUIRED</font> (or any other cloaking module)</p>
<p>So you want to be sure to have these loaded:</p>
<pre>
loadmodule "src/modules/commands.so";
loadmodule "src/modules/cloak.so";
</pre>
<p>or on windows:</p>
<pre>
loadmodule "modules/commands.dll";
loadmodule "modules/cloak.dll";
</pre>
</div>
<p><font class="block_section">4.11 - </font><font class="block_name">Log Block</font>
   <font class="block_recommended">RECOMMENDED</font><a name="logblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
log &lt;file-name&gt; {
	maxsize &lt;max-file-size&gt;;
	flags {
		&lt;flag&gt;;
		&lt;flag&gt;;
		...
	};
};
</pre></p>
<p>The log block allows you to assign different log files for different purposes. 
  The <b>log::</b> contains the name of the log file. <b>log::maxsize</b> is an optional directive 
  that allows you to specify a size that the log file will be wiped and restarted. 
  You can enter this string using MB for megabytes, KB, for kilobytes, GB, for 
  gigabytes. The <b>log::flags</b> specifies which types of information will be in this 
  log. See the list of available flags below.</p>
<p>You may also have multiple log blocks, to log different things to different 
  log files.</p>
<p><b>Available Flags:</b><br>
  <table border=0>
  <tr><td>errors</td><td>self explanatory</td></tr>
  <tr><td>kills</td><td>logs /kill notices</td></tr>
  <tr><td>tkl</td><td>logs info on *lines, shuns and spamfilters (adding/removing/expire)</td></tr>
  <tr><td>connects</td><td>logs user connects/disconnects</td></tr>
  <tr><td>server-connects</td><td>logs server connects/squits</td></tr>
  <tr><td>kline</td><td>logs /kline usage</td></tr>
  <tr><td>oper</td><td>logs oper attempts (both failed and successful)</td></tr>
  <tr><td>sadmin-commands</td><td>logs /sa* (samode, sajoin, sapart, etc.) usage</td></tr>
  <tr><td>chg-commands</td><td>logs /chg* (chghost, chgname, chgident, etc.) usage</td></tr>
  <tr><td>oper-override</td><td>logs operoverride usage</td></tr>
  <tr><td>spamfilter</td><td>logs spamfilter matches</td></tr>
 </table>
</p>

<p>Example:</p>
<pre>
log ircd.log {
	maxsize 5MB;
	flags {
		errors;
		kills;
		oper;
		kline;
		tkl;
	};
};
</pre></p>
<p></p></div>
<p><font class="block_section">4.12 - </font><font class="block_name">TLD Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the T:Line)</font><a name="tldblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
tld {
	mask &lt;hostmask&gt;;
	motd &lt;motd-file&gt;;
	rules &lt;rules-file&gt;;
	shortmotd &lt;shortmotd-file&gt;;
	opermotd &lt;opermotd-file&gt;;
	botmotd &lt;botmotd-file&gt;;
	channel &lt;channel-name&gt;;
	options {
		ssl;
	};
};</pre></p>
<p>The tld block allows you to specify a motd, rules, and channel for a user based 
  on their host. This is useful if you want different motds for different languages. 
  The <b>tld::mask</b> is a user@host mask that the user's username and hostname must 
  match. The <b>tld::motd</b>, <b>tld::shortmotd</b>, <b>tld::opermotd</b>, 
  <b>tld::botmotd</b>, and <b>tld::rules</b> specify the motd, shortmotd, opermotd,
  botmotd, and rules file, respectively, to be displayed to this hostmask. 
  The tld::shortmotd, tld::opermotd, and tld::botmotd are optional. <b>tld::channel</b> 
  is optional as well, it allows you to specify a channel that this user will be forced
  to join on connect. If this exists it will override the default auto join channel.
  The <b>tld::options</b> block allows you to define additional requirements,
  currently only tld::options::ssl which only displays the file for SSL users, and
  tld::options::remote which only displays the file for remote users, exists.</p>
<p>TLD entries are matched upside down</p>
<p>Example:<br>
<pre>
tld {
	mask *@*.fr;
	motd "ircd.motd.fr";
	rules "ircd.rules.fr";
};</pre></p>
<p></p></div>
<p><font class="block_section">4.13 - </font><font class="block_name">Ban Nick Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the Q:Line)</font><a name="bannickblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ban nick {<br>
	mask &lt;nickname&gt;;
	reason &lt;reason-for-ban&gt;;
};</pre></p>
<p>The ban nick block allows you to disable use of a nickname on the server. The 
  ban::mask allows wildcard masks to match multiple nicks, and ban::reason allows 
  you to specify the reason for which this ban is placed. Most commonly these 
  blocks are used to ban usage of the nicknames commonly used for network services.</p>
<p>Example:<br>
<pre>
ban nick {
	mask "*C*h*a*n*S*e*r*v*";
	reason "Reserved for Services";
};</pre></p>
<p></p></div>
<p><font class="block_section">4.14 - </font><font class="block_name">Ban User Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the K:Line)</font><a name="banuserblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ban user {
	mask &lt;hostmask&gt;;
	reason &lt;reason-for-ban&gt;;
};</pre></p>
<p>This block allows you to ban a user@host mask from connecting to the server. 
  The ban::mask is a wildcard string of a user@host to ban, and ban::reason is 
  the reason for a ban being placed. Note, this is only a local ban and therefore 
  the user may connect to other servers on the network.</p>
<p>Example:<br>
<pre>
ban user {
	mask *tirc@*.saturn.bbn.com;
	reason "Idiot";
};</pre></p>
<p></p></div>
<p><font class="block_section">4.15 - </font><font class="block_name">Ban IP Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the Z:Line)</font><a name="banipblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ban ip {
	mask &lt;ipmask&gt;;
	reason &lt;reason-for-ban&gt;;
};</pre></p>
<p>The ban ip block bans an IP from accessing the server. This includes both users 
  and servers attempting to link. The ban::mask parameter is an IP which may contain 
  wildcard characters, and ban::reason is the reason why this ban is being placed. 
  Since this ban affects servers it should be used very carefully.</p>
<p>Example:<br>
<pre>
ban ip {
	mask 192.168.1.*;
	reason "Get a real ip u lamer!";
};</pre></p>
<p> </p></div>
<p><font class="block_section">4.16 - </font><font class="block_name">Ban Server Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the q:Line)</font><a name="banserverblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ban server {
	mask &lt;server-name&gt;;
	reason &lt;reason-for-ban&gt;;
};</pre></p>
<p>This block disables a server's ability to connect to the network. If the server links 
  directly to your server, the link is denied. If the server links to a remote server, the 
  local server will disconnect from the network. The ban::mask field specifies a wildcard
  mask to match against the server attempting to connect's name, and ban::reason specifies 
  the reason for which this ban has been placed.</p>
<p>Example:<br>
<pre>
ban server {
	mask broken.server.my.network.com;
	reason "Its broken!";
};</pre></p>
<p> </p></div>
<p><font class="block_section">4.17 - </font><font class="block_name">Ban RealName Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the n:Line)</font><a name="banrealnameblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ban realname {
	mask &lt;realname-mask&gt;;
	reason &lt;reason-for-ban&gt;;
};</pre></p>
<p>The ban realname block allows you to ban a client based on the GECOS (realname) 
  field. This is useful to stop clone floods because often clone bots use the 
  same realname. The ban::mask specifies the realname which should be banned. 
  The mask may contain wildcards. The ban::reason specifies the reason why this 
  ban is being placed.</p>
<p>Example:<br>
<pre>
ban realname {
	mask "Bob*";
	reason "Bob sucks!";
};</pre></p>
<p></p></div>
<p><font class="block_section">4.18 - </font><font class="block_name">Ban Version Block</font>
   <font class="block_optional">OPTIONAL</font> <a name="banversionblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ban version {
	mask &lt;version-mask&gt;;
	reason &lt;reason-for-ban&gt;;
	action [kill|tempshun|shun|kline|zline|gline|gzline];
};</pre></p>
<p>The ban version block allows you to ban a client based on the IRC client software they use. 
  This makes use of the clients CTCP version reply. Therefore if a client does not 
  send out a CTCP version, the ban will not work. This feature is intended to allow you to block 
  malicious scripts. The <b>ban::mask</b> specifies the version which should be banned. 
  The mask may contain wildcards. The <b>ban::reason</b> specifies the reason why this 
  ban is being placed. You can also specify <b>ban::action</b>, <i>kill</i> is the default, 
  <i>tempshun</i> will shun the specific user connection only and would work very effective against 
  zombies/bots at dynamic IPs because it won't affect innocent users. <i>shun/kline/zline/gline/gzline</i> 
  will place a ban of that type on the ip (*@IPADDR), the duration of these bans can be configured 
  with set::ban-version-tkl-time and defaults to 1 day.</p>
<p>Example:<br>
<pre>
ban version {
	mask "*SomeLameScript*";
	reason "SomeLameScript contains backdoors";
};</pre>
<pre>
ban version {
	mask "*w00tZombie*";
	reason "I hate those hundreds of zombies";
	action zline;
};</pre>
</p>
<p></p></div>
<p><font class="block_section">4.19 - </font><font class="block_name">Ban Exceptions Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the E:Line)</font><a name="banexceptionblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
except ban {
	mask &lt;hostmask&gt;;
};</pre></p>
<p>The except ban block allows you to specify a user@host that will override a 
  ban placed on a broader host. This is useful when you want an ISP banned, but 
  still want specific users to be able to connect. The except::mask directive 
  specifies the user@host mask of the client who will be allowed to connect.</p>
<p>Example:<br>
<pre>
except ban {
	mask myident@my.isp.com;
};</pre></p>
<p></p></div>
<p><font class="block_section">4.20 - </font><font class="block_name">TKL Exceptions Block</font>
   <font class="block_optional">OPTIONAL</font><a name="tklexceptionblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
except tkl {
	mask &lt;hostmask&gt;;
	type &lt;type&gt;;
	type { 
		&lt;type&gt;;
		&lt;type&gt;;
		...
	};
};</pre></p>
<p>The except tkl block allows you to specify a user@host that will override a 
  tkl ban placed on a broader host. This is useful when you want an ISP banned, but 
  still want specific users to be able to connect. The except::mask directive 
  specifies the user@host mask of the client who will be allowed to connect. The 
  except::type specifies which type of ban this should override. Valid types are
  gline, gzline, qline, gqline, and shun, which make an exception from Glines, 
  Global Zlines, Qlines, Global Qlines, and shuns. If the type {} format is used,
  multiple types may be specified.</p>
<p>Example:<br>
<pre>
except tkl {
	mask myident@my.isp.com;
	type gline;
};</pre></p>
<p></p></div>
<p><font class="block_section">4.21 - </font><font class="block_name">Throttle Exceptions Block</font>
   <font class="block_optional">OPTIONAL</font> <a name="throttleexceptionblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
except throttle {
	mask &lt;ipmask&gt;;
};</pre></p>
<p>The except throttle block allows you to specify an IP mask that will override the 
  throttling system. This only works if you have chosen to enable throttling. The 
  except::mask specifies an IP mask that will not be banned because of throttling.</p>
<p>Example<br>
<pre>
except throttle {
	mask 192.168.1.*;
};</pre></p>
<p></p></div>
<p><font class="block_section">4.22 - </font><font class="block_name">Deny DCC Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as dccdeny.conf)</font><a name="denydccblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
deny dcc {
	filename &lt;file-to-block&gt;;
	reason &lt;reason-for-ban&gt;;
	soft [yes|no];
};</pre></p>
<p>The deny dcc block allows you to specify a filename which will not be allowed 
  to be sent via DCC over the server. This is very useful in helping stop distribution 
  of trojans and viruses. </p>
<p>The <b>deny::filename</b> parameter specifies a wildcard mask of the filename to reject 
  sends of, and <b>deny::reason</b> specifies the reason why this file is blocked.</p>
<p>There's also a <b>deny::soft</b> option, if set to 'yes' the dcc is blocked 
   unless the user explicitly allows it via /DCCALLOW +nickname-trying-to-send. 
   See dccallow.conf for a good example configuration for dccallow.</p>
<p>Example<br>
<pre>
deny dcc {
	filename virus.exe;
	reason "This is a GD Virus";
};

deny dcc {
	filename "*.exe";
	reason "Executable content";
	soft yes;
};</pre>
</p></div>
<p></p>
<p><font class="block_section">4.23 - </font><font class="block_name">Deny Version Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the V:Line)</font><a name="denyversionblock"></a><div class="desc">
</p>
<p> Syntax:<br>
<pre>
deny version {
	mask &lt;server-name&gt;;
	version &lt;version-number&gt;;
	flags &lt;compile-flags&gt;;
};</pre></p>
<p>This block allows you to deny a server from linking based on the version of 
  Unreal it is running and what compile time options it has. The format for this 
  block is somewhat complex but isn't too hard to figure out. The deny::mask directive 
  specifies a wildcard mask of the server name this applies to. The deny::version 
  specifies the protocol number of the version this refers to.</p>
<p>For example, 3.0 is 2301, 3.1.1/3.1.2 is 2302, 3.2 is 2303. The first character 
  of this parameter can be one of the following &gt;, &lt;, =, !. This character 
  tells the IRCd how to interpret the version. If the first character is a &gt; 
  then all version greater than the specified version are denied, if it is a &lt; 
  all versions lower are denied, if it is an = only that version is denied, and 
  if it is a ! then all versions except the specified are denied. The deny::flags 
  directive allows you to specify what compile time flags the server may or may 
  not have. The flags are arranged one after the other with no separation between, 
  if a character is prefixed by a ! then it means the server may not have this 
  flag compiled into it, if it does not have a ! prefix, then it means the server 
  must have this flag compiled.</p>
<p></p></div>
<p><font class="block_section">4.24 - </font><font class="block_name">Deny Link Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the D/d:Line)</font><a name="denylinkblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
deny link {
	mask &lt;server-name&gt;;
	rule &lt;crule-expression&gt;;
	type &lt;type-of-denial&gt;;
};</pre></p>
<p>This block allows you to use specific rules to deny a server from linking. 
  The deny::mask specifies a wildcard mask of the server name to apply this rule 
  to. The deny::rule directive is very complex. A crule expression allows you 
  to control the link in great detail, and it is set up like a programming expression. 
  Four operators are supported, connected(&lt;servermask&gt;), returns true if 
  a server matching servermask is connected, directcon(&lt;servermask&gt;), returns 
  true if the server matching servermask is directly connected to this server, 
  via(&lt;viamask&gt;,&lt;servermask&gt;), returns true if a server matching servermask 
  is connected by a server matching viamask, and directop(), which returns true 
  if the operator issuing a /connect is directly connected to this server. These 
  operators can be combined using && (and) and || (or), items may also 
  be enclosed in parenthesis to allow grouping. In addition, an operator preceded 
  with a ! checks if the operator returned false. If the entire expression evaluates 
  to true, then the link is denied. The deny::type allows two different values, 
  auto (only applies to autoconnects, /connect will still work), and all (applies 
  to all connection attempts).</p>
<p></p></div>
<p><font class="block_section">4.25 - </font><font class="block_name">Deny Channel Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as chrestrict.conf)</font><a name="denychannelblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
deny channel {
	channel "&lt;channel-mask&gt;";
	reason &lt;reason-for-ban&gt;;
	redirect "&lt;channel-name&gt;";
	warn [on|off];
};</pre></p>
<p> </p>
<p>The deny channel block allows you to disallow users from joining specific channels. 
  The <b>deny::channel</b> directive specifies a wildcard mask of channels the users 
  may not join, and the <b>deny::reason</b> specifies the reason why the channel may 
  not be joined. Additionally, you may specify a <b>deny::redirect</b>. If this is specified,
  when a user tries to join a channel that matches deny::channel, he/she will be redirected
  to deny::redirect. And there's also <b>deny::warn</b> which (if set to on) will send an
  opernotice (to EYES snomask) if the user tries to join.
</p>
<p>Example</p>
<pre>
deny channel {
	channel "#unrealsucks";
	reason "No it don't!";
};

deny channel {
	channel "#*teen*sex*";
	reason "You == dead";
	warn on;
};

deny channel {
	channel "#operhelp";
	reason "Our network help channel is #help, not #operhelp";
	redirect "#help";
};</pre></p>

<p></p></div>
<p><font class="block_section">4.26 - </font><font class="block_name">Allow Channel Block</font>
   <font class="block_optional">OPTIONAL</font><a name="allowchannelblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
allow channel {
	channel "&lt;channel-mask&gt;";
};</pre></p>
<p>The allow channel block allows you to specify specific channels that users 
  may join. The allow::channel directive specifies the wildcard mask of the channels 
  which may be joined.</p>
<p>Example:<br>
<pre>
allow channel {
	channel "#something";
};</pre></p>
<p></p></div>
<p><font class="block_section">4.27 - </font><font class="block_name">Allow DCC Block</font>
   <font class="block_optional">OPTIONAL</font><a name="allowdccblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
allow dcc {
	filename "&lt;filename-mask&gt;";
	soft [yes|no];
};</pre></p>
<p>The allow dcc blocks allows you to specify exceptions over deny dcc blocks, wildcards
 are permitted. If <b>allow dcc::soft</b> is set to 'yes' it applies to 'soft dcc bans' list,
 if set to 'no' it applies to the normal ('hard') dcc bans.</p>
<p>Example:<br>
<pre>
allow dcc {
	filename "*.jpg"; /* Images are usually safe */
	soft yes;
};</pre></p>
<p></p></div>
<p><font class="block_section">4.28 - </font><font class="block_name">Vhost Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as vhosts.conf)</font><a name="vhostblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
vhost {
	vhost &lt;vhost&gt;;
	from {
		userhost &lt;hostmask&gt;;
		userhost &lt;hostmask&gt;;
		...
	};
	login &lt;login-name&gt;;
	password &lt;password&gt; { &lt;auth-type&gt;; };
	swhois "&lt;swhois info&gt;";
};</pre></p>
<p>The vhost block allows you to specify a login/password that can be used with 
  the /vhost command to obtain a fake hostname. The vhost::vhost parameter can 
  be either a user@host or just a host that the user will receive upon successful 
  /vhost. The vhost::from::userhost contains a user@host that the user must match 
  to be eligible for the vhost. You may specify more than one hostmask. The vhost::login 
  in the login name the user must enter and vhost::password is the password that 
  must be entered. The vhost::password:: allows you to specify the type of 
  authentication used by this item. The currently supported authentication types 
  are crypt, md5, and sha1, ripemd-160. Lastly vhost::swhois allows you to add an extra 
  line to a users whois, exactly as it does in the Oper Block oper::swhois.</p>
<p>Example:<br>
<pre>
vhost {
	vhost my.own.personal.vhost.com;
	from {
		userhost my@isp.com;
		userhost myother@isp.com;
	};
	login mynick;
	password mypassword;
	swhois "Im Special";
};</pre></p>
<p></p></div>
<p><font class="block_section">4.29 - </font><font class="block_name">Badword Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as badwords.*.conf)</font><a name="badwordsblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
badword &lt;type&gt; {
	word &lt;text-to-match&gt;;
	replace &lt;replace-with&gt;;
	action &lt;replace|block&gt;;
};</pre></p>
<p>The badword block allows you to manipulate the list used for user and channel 
  mode +G to strip "badwords". The badword:: specifies the type, valid 
  types are channel, message, quit, and all. channel is for the channel +G list, message 
  is for the user +G list, quit is for quit message censoring, and all adds it to all three lists. 
  The badword::word can be a simple word or a regular expression we should search for. The 
  badword::replace is what we should replace this match with. If badword::replace 
  is left out, the word is replaced with &lt;censored&gt;. The badword::action defines
  what action should be taken if this badword is found. If you specify replace, then the
  badword is replaced, if you specify block, then the entire message is blocked. If you do
  not specify a badword::action, replace is assumed.</p>
<p>Example:<br>
<pre>
badword channel {
	word shit;
	replace shoot;
};</pre></p>
<p></p></div>
<p><font class="block_section">4.30 - </font><font class="block_name">ULines Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as the U:Line)</font><a name="ulinesblock"></a><div class="desc">
</p>
<p>Syntax:<br>
<pre>
ulines {
	&lt;server-name&gt;;
	&lt;server-name&gt;;
	...
};</pre></p>
<p>The ulines block lets you define certain servers as having extra abilities. 
  This should only be used for servers such as services and stats. This should 
  not be set for a normal server. Each entry is the name of the server which will 
  receive the extra abilities.</p>
<p>Example<br>
<pre>
ulines {
	services.mynetwork.com;
	stats.mynetwork.com;
};</pre></p>
<p></p></div>
<p><font class="block_section">4.31 - </font><font class="block_name">Link Block</font>
   <font class="block_optional">OPTIONAL</font> <font class="block_old">(Previously known as C/N/H:Lines)</font><a name="linkblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
link &lt;server-name&gt; {
	username &lt;usermask&gt;;
	hostname &lt;ipmask&gt;;
	bind-ip &lt;ip-to-bind-to&gt;;
	port &lt;port-to-connect-on&gt;;
	password-connect &lt;password-to-connect-with&gt;;
	password-receive &lt;password-to-receive&gt; { &lt;auth-type&gt;; };
	hub &lt;hub-mask&gt;;
	leaf &lt;leaf-mask&gt;;
	leafdepth &lt;depth&gt;;
	class &lt;class-name&gt;;
	ciphers &lt;ssl-ciphers&gt;;
	options {
		&lt;option&gt;;
		&lt;option&gt;;
		...
	};
};</pre></p>
<p>This is the block you need for linking servers, please take your time to read all 
   this because this one of the hardest things to do and users often make errors ;P</p>
<p>First of all <b>server-name</b> is the name of your remote server, the name the remote 
   server has in his me { } block, like hub.blah.com (not the IP and can be different than hostname).</p>
<p><b>username</b><br>
   You can specify this if you use ident for authentication, normally you will set this to "*".
</p>
<p><b>hostname</b><br>
  The remote host or IP of the remote server. This is used for both connecting AND for 
  authentication/verification on the incoming side. Some examples:<br>
  <table border="0">
  <tr><td><i>1.2.3.4</i></td><td> normal IP</td></tr>
  <tr><td><i>hub.blah.com</i></td><td> host: only for outgoing, cannot accept _incoming_ connections unless 
  link::options::nohostcheck is present</td></tr>
  <tr><td><i>*</i></td><td> cannot connect TO but will allow a server connection (with correct password) from everywhere</td></tr>
  <tr><td><i>::ffff:1.2.3.4</i></td><td> for linking ipv6 to ipv4.</td></tr>
  </table>
</p>
<p><b>bind-ip</b> (optional)<br>
  Can be used to bind to a specific IP (ex: 192.168.0.1) from where we should 
  connect from, almost never used.
 </p>
<p><b>port</b><br>
  Port to connect to (at which the remote server is listening).
 </p>
<p><b>password-connect</b><br>
  The password used for connecting to the remote server, must be plain-text.
 </p>
<p><b>password-receive</b><br>
  The password used for validating incoming links, can be encrypted (valid methods 
  are crypt, md5, sha1,  ripemd-160). You can leave the auth-type parameter out to
  just use plain-text. Often this password is the same as your password-connect.
</p>
<p><b>hub vs leaf</b><br>
  A hub has multiple servers linked to it, a leaf has only one link... to you. 
  A server is a leaf unless it has a hub directive. It is also a leaf if the leaf directive is *, or leafdepth is 1.
</p>
<p><b>hub</b> (optional)<br>
  The value is a mask of what servers this hub may connect (ex: *.my.net).
</p>
<p><b>leaf</b> (optional)<br>
  The value is a mask of what servers this hub may <b>not</b> connect. Saying * here would be the same as not having a hub directive.
</p>
<p><b>leafdepth</b> (optional)<br>
  The value specifies the depth (number of hops) this server may have beneath it. For example, 1 means the server can't have any links under it (a leaf), 2 means it can link servers but those servers can't link anything under them (that is, this hub can only link leaves). A value of 0 means no limit, and is the default.
</p>
<p><b>class</b><br>
  The class this server is put into, often a separate server class is used for this.
</p>
<p><b>compression-level</b> (optional)<br>
  Specifies the compression level (1-9) for this link. Only used if link::options::zip is set.
</p>
<p><b>ciphers</b> (optional)<br>
  Specifies the SSL ciphers to use for this link. To obtain a list of available ciphers, use
  the `openssl ciphers` command. Ciphers should be specified as a : separated list.
</p>
<p><b>options block</b><br>
  One or more options used for connecting to the server. Sometimes not needed.<br>
<table border="0">
<tr><td><b>ssl</b></td><td> if you are connecting to a SSL port.</td></tr>
<tr><td><b>autoconnect</b></td><td> server will try to autoconnect, time specified in your class::connfreq 
 (it's best to enable this only from one side, like leaf-&gt;hub)</td></tr>
<tr><td><b>zip</b></td><td> if you want compressed links, needs to be compiled in + set at both ends</td></tr>
<tr><td><b>nodnscache</b></td><td> don't cache IP for outgoing server connection, use this if it's an often 
 changing host (like dyndns.org)</td></tr>
<tr><td><b>nohostcheck</b></td><td> don't validate the remote host (link::hostname), use this if it's an often
 changing host (like dyndns.org)</td></tr>
<tr><td><b>quarantine</b></td><td> opers on this server cannot get GLOBAL oper privileges
(they will get killed), used for test links and such</td></tr>
</table>
</p>
<p>Example:</p>
<pre>
link hub.mynet.com {
	username *;
	hostname 1.2.3.4;
	bind-ip *;
	port 7029;
	hub *;
	password-connect "LiNk";
	password-receive "LiNk";
	class servers;
	options {
		autoconnect;
		ssl;
		zip;
	};
};</pre></p>
<p> </p></div>
<p><font class="block_section">4.32 - </font><font class="block_name">Alias Block</font>
   <font class="block_optional">OPTIONAL</font><a name="aliasblock"></a>
</p><div class="desc">
<p>Syntax [standard alias]:<br>
<pre>
alias &lt;name&gt; {
	target &lt;nick-to-forward-to&gt;;
	type &lt;type-of-alias&gt;;
	spamfilter &lt;yes|no&gt;;
};</pre></p>
<p>(Note: also see <a href="#includedirective">here</a> about the standard alias files UnrealIRCd has)</p>
<p>The alias block [standard alias] allows you to forward a command to a user, 
  for example /chanserv sends a message to the user chanserv. The alias:: specifies 
  the name of the command that will be the alias (eg: chanserv), alias::target is 
  the nickname or channel it will forward to, if the alias:: is the same as the target, it will 
  forward to, alias::target can be left out. The alias::type specifies the type 
  of alias, valid types are services (the user is on the services server), stats 
  (the user is on the stats server), normal (the user is a normal user on 
  any server), and channel (the target is a channel name). If alias::spamfilter (optional)
  is set to 'yes', then the spamfilters will be checked (default is 'no').<br>
  The alias block also has another purpose which is explained below.</p>
<p>Syntax [command alias]:<br>
<pre>
alias &lt;name&gt; {
	/* For aliases to be sent to users/channels */
	format &lt;regex-expression&gt; {
		target &lt;nick-to-forward-to&gt;;
		type &lt;type-of-alias&gt;;
		parameters &lt;parameter-string&gt;;
	};
	/* For 'real aliases' */
	format &lt;regex-expression&gt; {
		command &lt;command&gt;;
		type real;
		parameters &lt;parameter-string&gt;;
	};
	/* Etc... You can have as many format blocks as you wish.. */
	format &lt;regex-expression&gt; {
		...
	};
	type command;
	spamfilter &lt;yes|no&gt;;
};</pre></p>
<p>When the alias block is used in this format, it allows you a much broader range 
  of usage. For example you can create aliases such as /identify. The alias:: 
  is the same as above, the name of the alias command. The <b>alias::format</b> specifies 
  a regular expression that compares against the text sent to the alias command, 
  when matched the sub-entries of that alias::format will be used, you may have 
  multiple alias::format's to make the command do different things depending on 
  the text sent to it. The <b>alias::format::target</b> is the target to forward this
  alias to, however in case of a "real alias" <b>alias::format::command</b> is used instead.
  The <b>alias::format::type</b> specifies the type of the alias that the
  message should be forwarded to, besides the types mentioned previously in
"Syntax [standard alias]", we also allow the type "real" here, for "real
aliases". The <b>alias::format::parameters</b> is what will 
  be sent as the parameters to this alias. To specify one of the parameters given 
  to the command alias specify % followed by a number, for example, %1 is the 
  first parameter. To specify all parameters from a given parameter to the end 
  do % followed by the number and a -, for example %2- returns all parameters 
  from the second till the last. Additionally, you may specify %n which will be replaced 
  by the nickname of the user who executed the command.<br><br>
  For examples of using the alias block in the command format, consult doc/example.conf.</p>
<p></p></div>
<p><font class="block_section">4.33 - </font><font class="block_name">Help Block</font>
   <font class="block_optional">OPTIONAL</font><a name="helpblock"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
help &lt;name&gt; {
	&lt;text-line&gt;;
	&lt;text-line&gt;;
	...
};</pre></p>
<p>(Note: normally you just include help.conf)</p>
<p>The help block allows you to create entries for use in /helpop. The help:: 
  is the value that must be passed to /helpop as a parameter, if the help:: is 
  left out, then it will be used when no parameter is passed to /helpop. The entries 
  for the help block are the text that will be displayed to the user when requesting 
  the /helpop.</p>
<p></p></div>

<p><font class="block_section">4.34 - </font><font class="block_name">Official Channels Block</font>
   <font class="block_optional">OPTIONAL</font><a name="officialchannels"></a>
</p><div class="desc">
<p>Syntax:<br>
<pre>
official-channels {
	"#channel" { topic "The default topic"; };
};</pre></p>
<p>Official channels are shown in /list even if no users are in the channel.
   The <b>topic</b> is optional and is only shown in /list if it has 0 users.
</p>

<p>Example:<br>
<pre>
official-channels {
	"#Help" { topic "The official help channel, if nobody is present type /helpop helpme"; };
	"#Home";
	"#Main" { topic "The main channel"; };
};</pre></p>
</div>

<p><font class="block_section">4.35 - </font><font class="block_name">Spamfilter Block</font>
   <font class="block_optional">OPTIONAL</font><a name="spamfilter"></a>
</p><div class="desc">
<p>
The spamfilter block allows you to add local spamfilters (not network-wide).<br>
See <a href="#feature_spamfilter">Features - Spamfilter</a> for more information about spamfilters.<br>
</p>
<p>Syntax:<br>
<pre>
spamfilter {
	regex &lt;word&gt;;
	target { &lt;target(s)&gt; };
	action &lt;action&gt;;
	reason &lt;reason&gt;;
	ban-time &lt;time&gt;;
};</pre></p>
<p><b>regex</b> is the regex to be matched.<br>
   <b>target</b> specifies the targets, see <a href="#feature_spamfilter">here</a> for a list of possible types (eg: 'channel').<br>
   <b>action</b> specifies the action to be taken, see <a href="#feature_spamfilter">here</a> for a list of possible actions (eg: 'gline').<br>
   <b>reason</b> optional: specifies the ban or block reason, else the default is used.<br>
   <b>ban-time</b> optional: specifies the duration of a *line ban or shun, else the default is used (1 day).<br>
</p>

<p>Examples:<br>
<pre>
spamfilter {
	regex "Come watch me on my webcam";
	target { private; channel; };
	action gline;
	reason "You are infected, please go to www.antivirus.xx/blah/virus=GrrTrojan";
	ban-time 6h;
};

spamfilter {
	regex "come to irc\..+\..+";
	target { private; channel; };
	action gline;
	action gline;
	reason "No spamming allowed";
};
</pre></p>
</div>

<p><font class="block_section">4.36 - </font><font class="block_name">Cgiirc Block</font>
   <font class="block_optional">OPTIONAL</font><a name="cgiirc"></a>
</p><div class="desc">
<p>
The cgiirc block allows you to configure host spoofing for CGI:IRC gateways you trust 
(<a href="#feature_cgiirc">more info</a>).</p>

<p>Syntax:<br>
<pre>
cgiirc {
	type &lt;webirc|old&gt;;
	username &lt;mask&gt;; /* optional */
	hostname &lt;mask&gt;;
	password &lt;password&gt;; /* only for type webirc */
};</pre></p>
<p><b>type</b> is either 'webirc' or 'old'.<br>
   <b>username</b> is matched against the ident (if present). If not specified, "*" is assumed.<br>
   <b>hostname</b> is the hostmask to match against.<br>
   <b>password</b> is the webirc password, only used for type 'webirc'.<br>
</p>

<p><b>How to configure with method 'webirc' (recommended method)</b><br>
In your CGI:IRC configuration file (cgiirc.conf) you set webirc_password to a good password.<br>
Then, in your unrealircd.conf you add a cgiirc block to allow this host and password and you set
cgiirc::type to "webirc".<br>
<br>
Example:<br>
In your CGI:IRC configuration file (cgiirc.conf) you add:
<pre>webirc_password = LpT4xqPI5</pre>
Then, in your unrealircd.conf you add a cgiirc block:
<pre>cgiirc {
	type webirc;
	hostname "1.2.3.4";
	password "LpT4xqPI5";
};</pre></p>

<p><b>How to configure with method 'old'</b><br>
NOTE: This is not the recommended method since it has two disadvantages: 
this method will send the IP/host to spoof as a server password, meaning you cannot
specify a server password as a CGI:IRC user. Additionally, access control is only
IP-based and does not require an extra password like the 'webirc' method. In short,
you probably should not be using this method unless you have a good reason to do so.<br>
<br>
In your CGI:IRC configuration file (cgiirc.conf) you set realhost_as_password to 1.<br>
Then, in your unrealircd.conf you add a cgiirc block to allow this host.<br>
<br>
Example:<br>
In your CGI:IRC configuration file (cgiirc.conf) you add:
<pre>realhost_as_password = 1</pre>
Then, in your unrealircd.conf you add a cgiirc block:
<pre>cgiirc {
	type old;
	hostname "1.2.3.4";
};</pre></p>
</div>

<p><font class="block_section">4.37 - </font><font class="block_name">Set Block</font>
   <font class="block_required">REQUIRED</font> <font class="block_old">(Previously known as unrealircd.conf/networks file)</font><a name="setblock"></a>
</p><div class="desc">
<p>The set file is what use to be our networks/unrealircd.conf and our networks 
  file. On single server networks, rather than having 3 files you can just put all
  the set statements in the unrealircd.conf itself, on multi-server networks, I
  recommend using a seperate networks file.</p>
  <p>Now, if your server is on a network, chances are you will all basically use 
    the same Set settings. Therefore it makes more sense to have a network file, 
    which is loaded with an <a href="#includedirective">include</a> directive. 
    Below you will find all of the set directives available.</p>
<p>In this doc we refer to settings / directives in the &lt;block-name&gt;::&lt;block-directive&gt; 
  format. This format is NOT the format that it can be entered into the configuration 
  file. IT MUST be converted to the format listed below. It is presented in the 
  format it is to make discussing it simpler.</p>
<p>Syntax:<br>
<pre>
set {
	&lt;entry&gt; &lt;value&gt;;
	&lt;entry&gt; &lt;value&gt;;
	...
};</pre></p>
<p>The set block sets options for individual server features. Each entry does 
  something different and therefore each will be described below. Some directives 
  have sub blocks which will also be described. There are many set statements 
  to cover, all of the directives listed below can be included under ONE set statement. 
  If a directive has options, they are included within the single set statement 
  as well.<br>
  Example:<br>
<pre>
set {
	kline-address my@emailaddress.com;
	auto-join #welcome;
	options {
		hide-ulines;
	};
	hosts {
		local LocalOp.MyNet.com;
		global globalop.mynet.com;
	};
};</pre></p>
<p>Now if you wanted to make the set statements separate, say you wanted to set 
  your options in a single line.<br>
  Example:<br>
  set { options { hide-ulines; no-stealth; }; };<br>
</p>
<p><font class="set">set::kline-address &lt;email-address&gt;;</font><br>
  The email address that K:line questions should be sent to. This value must be 
  specified.</p>
<p><font class="set">set::gline-address &lt;email-address&gt;;</font><br>
  The email address that G:line questions should be sent to.</p>
<p><font class="set">set::modes-on-connect &lt;+modes&gt;;</font><br>
  The modes that will be set on a user at connection.</p>
<p><font class="set">set::snomask-on-connect &lt;+modes&gt;</font><br>
  The snomask that will be set on a user at connection.</p>
<p><font class="set">set::modes-on-oper &lt;+modes&gt;;</font><br>
  The modes that will be set on a user when they /oper.</p>
<p><font class="set">set::snomask-on-oper &lt;+modes&gt;;</font><br>
  The snomask that will be set on a user when they /oper.</p>
<p><font class="set">set::modes-on-join &lt;+modes&gt;;</font><br>
  The modes that will be set on a channel when it is first created. Not all modes can be set using this command. +qaohvbeOAzlLk can NOT be set using this command.</p>
<p><font class="set">set::level-on-join &lt;none|voice|halfop|op|protect|owner&gt;;</font><br>
  The mode that a user will get when he's the first to join a channel. The
  default is 'op' (channel operator).</p>
<p><font class="set">set::restrict-usermodes &lt;modes&gt;</font><br>
  Restrict users to set/unset the modes listed here (don't use + or -).<br>
  For example you can set +G in modes-on-connect and G in restrict-usermodes,
  that way you can force all users to be +G and unable to do -G.</p>
<p><font class="set">set::restrict-channelmodes &lt;modes&gt;</font><br>
  Restrict users to set/unset the channelmodes listed here (don't use + or -).<br>
  For example you can set +G in modes-on-join and G in restrict-channelmodes,
  that way you can force all (new) channels to be +G and unable to do -G.<br>
  NOTE: it may still be possible to use these channelmodes through services 
  by using MLOCK. Unfortunately we can't do much about that, you would have
  to ask the services coders to implement a restrict-channelmodes feature too.</p>
<p><font class="set">set::restrict-extendedbans &lt;types|*&gt;</font><br>
  Don't allow users to use any extended bans ("*") or disallow only certain ones (eg: "qc").</p>
<p><font class="set">set::auto-join &lt;channels&gt;;</font><br>
  The channel(s) a user will be forced to join at connection. To specify more 
  than one channel use a comma separated list.<br>
  [Note: don't forget to add quotes, like: auto-join "#chan";]</p>
<p><font class="set">set::oper-auto-join &lt;channels&gt;;</font><br>
  The channel(s) a user will be forced to join when they /oper. To specify more 
  than one channel use a comma separated list.<br>
  [Note: don't forget to add quotes, like: oper-auto-join "#chan";]</p>
<p><font class="set">set::anti-spam-quit-message-time &lt;timevalue&gt;;</font><br>
  A time value specifying the length of time a user must be connected for before 
  a /quit message will be displayed. Used to prevent spam. A time value is a numeric 
  string with d meaning days, h meaning hours, m meaning minutes, and s meaning 
  seconds, for example 1d2h3m means 1 day, 2 hours, 3 minutes.</p>
<p><font class="set">set::prefix-quit &lt;text-to-prefix-quit&gt;;</font><br>
  Sets the text that will be used to prefix a quit message. If this value is set 
  to 0 then the standard "Quit:" is used.</p>
<p><font class="set">set::static-quit &lt;quit message&gt;;</font><br>
  Sets a static quit message that will be sent whenever a client logs off the 
  network. This eliminates the need for anti-spam-quit-message-time, as well as 
  the set::prefix-quit. It will NOT replace ERRORS with the static-quit message.</p>
<p><font class="set">set::static-part &lt;no|yes|part message&gt;;</font><br>
  A value of 'yes' strips all part comments, a value of 'no' makes part just work
  as usual, anything else will be used as a part comment (eg: static-part "Bye!") 
  but this can be quite annoying, so use with care.</p>
<p><font class="set">set::who-limit &lt;limit&gt;;</font><br>
  Sets the limit for the maximum number of matches that will be returned for a /who.
  If this option is left out, no limit is enforced.</p>
<p><font class="set">set::silence-limit &lt;limit&gt;;</font><br>
  Sets the limit on the maximum SILENCE list entries. If this directive is not specified,
  a limit of 15 is set.</p>
<p><font class="set">set::maxbans &lt;limit&gt;;</font><br>
  Sets the limit on the maximum amount of bans (+b) allowed per channel. The default is 60.
  If you change this, be sure to also take a look at maxbanlength (see next)!</p>
<p><font class="set">set::maxbanlength &lt;limit&gt;;</font><br>
  Similar to above, but sets the maximum amount of characters for all bans added up
  together, so basically this puts up a limit on the (semi-)maximum amount of memory
  all channel bans on a channel can take. The default is 2048 (bytes). With the default
  set::maxbans of 60 this allows 2048:60=34 characters per ban on average.</p>
<p><font class="set">set::oper-only-stats &lt;stats-list&gt;;</font><br>
  Specifies a list of stats flags with no separators that defines stats flags 
  only opers can use. Leave this value out to allow users to use all flags, or 
  specify * for users to be able to use no flags. Only short stats flags may be specified
  here.</p>
<p><font class="set">set::oper-only-stats {&lt;stats-flag&gt;; &lt;stats-flag&gt;;};</font><br>
  Specifies a list of stats flags that can only be used by opers. This only works with long
  stats flags.</p>
<p><font class="set">set::maxchannelsperuser &lt;amount-of-channels&gt;;</font><br>
  Specifies the number of channels a single user may be in at any one time.</p>
<p><font class="set">set::maxdccallow &lt;amount-of-entries&gt;;</font><br>
  Specifies the maximum number of entries a user can have on his/her DCCALLOW list.</p>
<p><font class="set">set::channel-command-prefix &lt;command-prefixes&gt;;</font><br>
  Specifies the prefix characters for services "in channel commands". Messages starting with 
  any of the specified characters will still be sent even if the client is +d. The default 
  value is "`!.".</p>
<p><font class="set">set::allowed-nickchars { &lt;list&gt; };</font><br>
  Character sets / languages to allow in nicks, see <a href="#feature_nickchars">Nick Character Sets</a>.</p>
<p><font class="set">set::allow-userhost-change [never|always|not-on-channels|force-rejoin]</font><br>
  Specifies what happens when the user@host changes (+x/-x/chghost/chgident/setident/vhost/etc).<br>
  <i>never</i> disables all the commands, <i>always</i> does always allow it even when in channels 
  (may cause client desyncs) [default], <i>not-on-channels</i> means it's only allowed when the 
  user is not on any channel, <i>force-rejoin</i> will force a rejoin in all channels and re-op/voice/etc if needed.</p>
<p><font class="set">set::options::hide-ulines;</font><br>
  If this is present, Ulined server will be hidden in a /links requested by non-opers.</p>
<p><font class="set">set::options::flat-map;</font><br>
  If this is present, all servers will appear as directly linked in /map and /links, 
  thus you can no longer see which server is linked to which. This is a little help against 
  (D)DoS attacks because evil people now no longer can easily see the 'weak points'.</p>
<p><font class="set">set::options::show-opermotd;</font><br>
  If present the opermotd will be shown to users once they successfully /oper.</p>
<p><font class="set">set::options::identd-check;</font><br>
  If present the presence of an identd server will be checked and the returned 
  value will be used for the username. If no ident request is returned or the 
  identd server doesn't exist, the user's specified username will be prefixed 
  with a ~. If this value is omitted no such check is made.</p>
<p><font class="set">set::options::show-connect-info;</font><br>
  If present notices showing "ident request", "hostname lookup", 
  etc. will be displayed when a user connects.</p>
<p><font class="set">set::options::dont-resolve;</font><br>
  If present hosts of incoming users are not resolved, can be useful if many of your
  users don't have a host to speed up connecting.<br>
  Note that since no resolving is done you also can't have host based allow blocks.</p>
<p><font class="set">set::options::mkpasswd-for-everyone;</font><br>
  Makes it so the /mkpasswd can be used by anyone instead of oper-only, usage of the command 
  by non-opers is sent to the EYES snomask.</p>
<p><font class="set">set::options::allow-part-if-shunned;</font><br>
  Allow shunned user to use /part.</p>
<p><font class="set">set::options::fail-oper-warn;</font><br>
  If present, a user will be notified that his/her failed /oper attempt has been logged.</p>
<p><font class="set">set::dns::timeout &lt;timevalue&gt;;</font><br>
  A time value specifying the length of time a DNS server has to respond before 
  a timeout. A time value is a numeric string with d meaning days, h meaning hours, 
  m meaning minutes, and s meaning seconds, for example 1d2h3m means 1 day, 2 
  hours, 3 minutes. (NOT IMPLEMENTED)</p>
<p><font class="set">set::dns::retries &lt;number-of-retries&gt;;</font><br>
  A numeric value specifying the number of times the DNS lookup will be retried 
  if failure occurs. (NOT IMPLEMENTED)</p>
<p><font class="set">set::dns::nameserver &lt;name-of-dns-server&gt;;</font><br>
  Specifies the hostname of the server that will be used for DNS lookups. (NOT IMPLEMENTED)</p>
<p><font class="set">set::dns::bind-ip &lt;ip&gt;;</font><br>
  Specifies the IP to bind to for the resolver, rarely ever needed.</p>
<p><font class="set">set::network-name &lt;name-of-network&gt;;</font><br>
  Specifies the name of the network on which this server is run. This value should 
  be exactly the same on all servers on a network.</p>
<p><font class="set">set::default-server &lt;server-name&gt;;</font><br>
  Defines the name of the default server to tell users to connect to if this server 
  is full.</p>
<p><font class="set">set::services-server &lt;server-name&gt;;</font><br>
  Specifies the name of the server that the services bots are connected to. Required, 
  set it to something like services.yournet.com if you don't have services.</p>
<p><font class="set">set::stats-server &lt;server-name&gt;;</font><br>
  Sets the name of the server on which the stats bot is located. If stats are 
  not run this value may be left out.</p>
<p><font class="set">set::help-channel &lt;network-help-channel&gt;;</font><br>
  Sets the name of the help channel for this network.</p>
<p><font class="set">set::cloak-keys { &quot;key1&quot;; &quot;key2&quot;; &quot;key3&quot;; };</font><br>
  Sets the keys to be used to generate a +x host. This value must be the same 
  on all servers or the servers will not link. Each of the 3 set::cloak-keys:: 
  must be a string of 5-100 characters (10-20 is fine) consisting of mixed 
  lowercase (a-z), uppercase (A-Z) and digits (0-9). Note that depending on which 
  cloaking module you have loaded, other rules may apply.</p>
<p><font class="set">set::hiddenhost-prefix &lt;prefix-value&gt;;</font><br>
  Defines the prefix that will be used on hiddenhosts (+x). This is usually three 
  or four letters representing the network name.</p>
<p><font class="set">set::hosts::local &lt;locop-host-name&gt;;</font><br>
  Defines the hostname that will be assigned to local opers when they set +x. You may
  optionally specify a username@host for this value.</p>
<p><font class="set">set::hosts::global &lt;globop-host-name&gt;;</font><br>
  Defines the hostname that will be assigned to global operators when they set 
  +x. You may optionally specify a username@host for this value.</p>
<p><font class="set">set::hosts::coadmin &lt;coadmin-host-name&gt;;</font><br>
  Sets the hostname that will be assigned to co-admins when they set +x. You may
  optionally specify a username@host for this value.</p>
<p><font class="set">set::hosts::admin &lt;admin-host-name&gt;;</font><br>
  Defines the hostname that will be set for admins when they set +x. You may
  optionally specify a username@host for this value.</p>
<p><font class="set">set::hosts::servicesadmin &lt;servicesadmin-host-name&gt;;</font><br>
  Sets the hostname that will be given to services-admins when they set +x. You may
  optionally specify a username@host for this value.</p>
<p><font class="set">set::hosts::netadmin &lt;netadmin-host-name&gt;;</font><br>
  Sets the hostname that will be given to netadmins when they set +x. You may
  optionally specify a username@host for this value.</p>
<p><font class="set">set::hosts::host-on-oper-up &lt;yes/no&gt;;</font><br>
  If set to yes, the H/get_host flag will be honored and +x will be automatically 
  set at /oper. If set to no, the user must set +x manually to receive the oper 
  host.</p>
<p><font class="set">set::ssl::egd &lt;filename&gt;;</font><br>
  Specifies that EGD (Entropy Gathering Daemon) support should be enabled. If 
  you run OpenSSL 0.9.7 or higher, then /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, 
  and /etc/entropy will be searched by default so no filename is necessary, you 
  may simply specify set::ssl::egd with no value. If you are using a version of 
  OpenSSL prior to 0.9.7 or you want to use a EGD socket located somewhere other 
  than the above listed locations you may specify the filename of the UNIX Domain 
  Socket that an EGD is listening on.</p>
<p><font class="set">set::ssl::certificate &lt;filename&gt;;</font><br>
  Specifies the filename where the server's SSL certificate is located.</p>
<p><font class="set">set::ssl::key &lt;filename&gt;;</font><br>
  Specifies the filename where the server's SSL private key is located.</p>
<p><font class="set">set::ssl::trusted-ca-file &lt;filename&gt;;</font><br>
  Specifies the filename where the certificates of the trusted CAs are located.</p>
<p><font class="set">set::ssl::server-cipher-list &lt;cipherlist&gt;;</font><br>
  Specifies which ciphers to be allowed, by default we leave this up to OpenSSL.
  See <a href="http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT">http://www.openssl.org/docs/apps/ciphers.html</a>
  on how to specify the list of ciphers.</p>
<p><font class="set">set::ssl::renegotiate-bytes &lt;value&gt;;</font><br>
  Specifies after how many bytes an SSL session should be renegotiated (eg: 20m for 20 megabytes).</p>
<p><font class="set">set::ssl::renegotiate-timeout &lt;timevalue&gt;;</font><br>
  Specifies after how much time an SSL session should be renegotiated (eg: 1h for 1 hour).</p>
<p><font class="set">set::ssl::options::fail-if-no-clientcert;</font><br>
  Forces clients that do not have a certificate to be denied.</p>
<p><font class="set">set::ssl::options::no-self-signed;</font><br>
  Disallows connections from people with self-signed certificates.</p>
<p><font class="set">set::ssl::options::verify-certificate;</font><br>
  Makes Unreal determine if the SSL certificate is valid before allowing connection.</p>
<p><font class="set">set::ssl::options::no-starttls;</font><br>
  Disable STARTTLS. STARTTLS allows clients to use SSL on regular (non-SSL) ports.</p>
<p><font class="set">set::throttle::period &lt;timevalue&gt;</font><br>
  How long a user must wait before reconnecting more than set::throttle::connections
  times.</p>
<p><font class="set">set::throttle::connections &lt;amount&gt;;</font><br>
  How many times a user must connect with the same host to be throttled.</p>
<p><font class="set">set::ident::connect-timeout &lt;amount&gt;;</font><br>
  Amount of seconds after which to give up connecting to the ident server (default: 10s).</p>
<p><font class="set">set::ident::read-timeout &lt;amount&gt;;</font><br>
  Amount of seconds after which to give up waiting for a reply (default: 30s).</p>
<p><font class="set">set::anti-flood::unknown-flood-bantime &lt;timevalue&gt;;</font><br>
  Specifies how long an unknown connection flooder is banned for.</p>
 <p><font class="set">set::anti-flood::unknown-flood-amount &lt;amount&gt;;</font><br>
  Specifies the amount of data (in KiloBytes) that the unknown connection must send
  in order for the user to be killed.</p>
 <p><font class="set">set::anti-flood::away-flood &lt;count&gt;:&lt;period&gt;</font><br>
  Away flood protection: limits /away to 'count' changes per 'period' seconds.
  This requires NO_FLOOD_AWAY to be enabled in config.h. Example: <i>away-flood 5:60s;</i>
  means max 5 changes per 60 seconds.</p>
 <p><font class="set">set::anti-flood::nick-flood &lt;count&gt;:&lt;period&gt;</font><br>
  Nickflood protection: limits nickchanges to 'count' per 'period' seconds.
  For example <i>nick-flood 4:90</i> means 4 per 90 seconds, the default is 3 per 60.</p>
 <p><font class="set">set::default-bantime &lt;time&gt;</font><br>
  Default bantime when doing /kline, /gline, /zline, /shun, etc without time parameter 
  (like /gline *@some.nasty.isp), the default is permanent (0). Example: <i>default-bantime 90d;</i></p>
 <p><font class="set">set::modef-default-unsettime &lt;value&gt;</font><br>
  For channelmode +f you can specify a default unsettime, if you specify 10 for example then 
  +f [5j]:15 will be transformed to [5j#i10]:15. The default is no default unsettime.</p>
 <p><font class="set">set::modef-max-unsettime &lt;value&gt;</font><br>
  The maximum amount of minutes for a mode +f unsettime (in +f [5j#i&lt;TIME&gt;]:15), this is a 
  value between 0 and 255. The default is 60 (= 1 hour).</p>
 <p><font class="set">set::ban-version-tkl-time &lt;value&gt;</font><br>
  If you specify an 'action' like zline/gline/etc in ban version, then you can specify here 
  how long the ip should be banned, the default is 86400 (1 day).</p>
 <p><font class="set">set::spamfilter::ban-time &lt;value&gt;</font><br>
  Same as above but for *lines/shuns added by spamfilter</p>
 <p><font class="set">set::spamfilter::ban-reason &lt;reason&gt;</font><br>
  Reason to be used for entries added by spamfilter</p>
 <p><font class="set">set::spamfilter::virus-help-channel &lt;channel&gt;</font><br>
  The channel to use for the 'viruschan' action in spamfilter</p>
 <p><font class="set">set::spamfilter::virus-help-channel-deny &lt;yes|no&gt;</font><br>
  If set to yes (or '1') it replies 'invite only' to any normal users that try to join 
  the virus-help-channel. Only opers, people that match spamfilters and people that 
  are /invite'd can join.</p>
 <p><font class="set">set::spamfilter::except &lt;target(s)&gt;</font><br>
  These targets are exempt from spam filtering (no action will be taken),
  can be single target or comma seperated list.. Ex: except "#help,#spamreport"</p>
 <p><font class="set">set::spamfilter::slowdetect-warn &lt;value&gt;</font><br>
  If a spamfilter takes longer than this amount of milliseconds to execute
  (1000ms = 1 second), then a warning notice will be sent to all opers (default: 250).
  See also <a href="#feature_spamfilter_slow">Slow Spamfilter Detection</a>.</p>
 <p><font class="set">set::spamfilter::slowdetect-fatal &lt;value&gt;</font><br>
  If a spamfilter takes longer than this amount of milliseconds to execute
  (1000ms = 1 second), then the spamfilter will be removed (default: 500).
  See also <a href="#feature_spamfilter_slow">Slow Spamfilter Detection</a>.</p>
 <p><font class="set">set::check-target-nick-bans &lt;yes|no&gt;</font><br>
  Whenever the user changes his/her nick, check if the NEW nick would be
  banned. If so, do not allow the nickchange. Default is yes.</p>
 <p><font class="set">set::timesynch::enabled &lt;yes|no&gt;</font><br>
  Enable or disable time synchronization on-boot. Default is yes.</p>
 <p><font class="set">set::timesynch::server &lt;IP&gt;</font><br>
  Server to synchronize time with. This can be up to 4 IP's seperated by comma's.
  The servers must support NTP protocol version 4. The default is to use 3 time servers (US, EU,
AU). Requests to these servers are sent in parallel, fastest reply wins.</p>
 <p><font class="set">set::timesynch::timeout &lt;time&gt;</font><br>
  Maximum time to wait for a time server reply. This is a value between 1 and 5, more is not possible
  because it causes too much inaccuracy. This setting is 3 by default and there's probably
  no good reason to change it.</p>
 <p><font class="set">set::pingpong-warning &lt;yes|no&gt;</font><br>
  When NOSPOOF is enabled (usually on Windows), send a warning to each user to use
  '/quote pong ..' if they are having problems connecting? The default is no.</p>
 <p><font class="set">set::watch-away-notification &lt;yes|no&gt;</font><br>
  Allows you to enable/disable AWAY notification in WATCH. The default is yes.</p>
<p></p> </div>
<p id="filesblock"><font class="block_section">4.38 - </font><font class="block_name">Files Block</font>
   <font class="block_optional">OPTIONAL</font><div class="desc">
</p>
<p>
You don't need to use a <a href="#tldblock">TLD block</a> to specify default locations for your MOTDs and rules files. This block controls default settings for those in addition to the pidfile and irc.tune file. Anything not specified here will default to the value documented in <a href="#addtlfiles">Additional Files</a>.
</p>
<p>
Relative pathnames will be interpreted relative to unrealIRCD's root directory which is normally the directory containing <tt>unrealircd.conf</tt>. This block may be used to facilitate running more than one IRCd out of the same directory/root. In that case, you should at least specify multiple pidfiles and tunefiles&mdash;one for each server.
</p>
<p>Syntax:<br>
<pre>
files {
	motd &lt;motd file&gt;;
	shortmotd &lt;short motd file&gt;;
	opermotd &lt;oper motd file&gt;;
	svsmotd &lt;services motd file&gt;;
	botmotd &lt;bot motd file&gt;;

	rules &lt;rules file&gt;;

	tunefile &lt;tune file&gt;;
	pidfile &lt;pid file&gt;;
};
</pre></p>
<p>Example:<br />
<pre>
files {
	motd /etc/motd;

	pidfile /var/lib/run/unrealircd.pid;
};
</pre>
</p>
<p><b><font size="+2">5 &#8211; Additional Files<a name="addtlfiles"></a>
  </font></b></p><div class="desc">
  In addition to the configuration files, Unreal has a few other files, such as MOTD, OperMOTD, 
  BotMOTD, and Rules. Listed below are the names of these files and their uses.<br>
  Note that the motd files (all types) and rules files can also be specified in a <a href="#tldblock">tld</a> or <a href="#filesblock">files</a> block, 
  these are just the files used by default (and for remote MOTD/RULES's).<p />&nbsp;
<table width="83%" border="1">
  <tr>
    <td>ircd.motd</td><td>Displayed when a /motd is executed and (if ircd.smotd is not present) when a user connects</td> 
  </tr>
  <tr>
    <td>ircd.smotd</td><td>Displayed on connect only (short MOTD)</td>
  </tr>
  <tr>
    <td>ircd.rules</td><td>Displayed when a /rules is executed</td>
  </tr>
  <tr>
    <td>oper.motd</td><td>Displayed when a /opermotd is executed or when you /oper up</td>
  </tr>
  <tr>
    <td>bot.motd</td><td>Displayed when a /botmotd is executed</td>
  </tr>
</table>
<p></p></div>
<p><b><font size="+2">6 &#8211; User & Channel Modes<a name="userchannelmodes"></a>
  </font></b></p><div class="desc">
<table width="83%" border="1">
  <tr> 
    <td><div align="center"><b>Mode</b></div></td>
    <td><div align="center"><b>Description</b></div></td>
  </tr>
  <tr> 
    <td colspan="2"><div align="center"><b>Channel Modes</b></div></td>
  </tr>
  <tr> 
    <td><div align="center">A</div></td>
    <td>Only Administrators may join</td>
  </tr>
  <tr> 
    <td><div align="center">a &lt;nick&gt;</div></td>
    <td>Makes the user a channel admin</td>
  </tr>
  <tr> 
    <td><div align="center">b &lt;nick!user@host&gt;<br>
      </div></td>
    <td>Bans the given user from the channel</td>
  </tr>
  <tr> 
    <td><div align="center">c</div></td>
    <td>No ANSI color can be sent to the channel</td>
  </tr>
  <tr> 
    <td><div align="center">C</div></td>
    <td>No CTCP's allowed in the channel</td>
  </tr>
  <tr> 
    <td><div align="center">e &lt;nick!user@host&gt;</div></td>
    <td>Exception ban &#8211; If someone matches this, they can join a channel 
      even if they match an existing ban</td>
  </tr>
  <tr> 
    <td><div align="center">f [&lt;number&gt;&lt;type&gt;]:&lt;seconds&gt;</div></td>
    <td>Channel flood protection. See <a href="#feature_antiflood">section 3.12</a>
	above for an extended description.</td>
  </tr>
  <tr> 
    <td><div align="center">G</div></td>
    <td>Makes channel G rated. Checks for words listed in the Badword Blocks, 
      and replaces them with the words specified</td>
  </tr>
  <tr> 
    <td><div align="center">h &lt;nick&gt;</div></td>
    <td>Gives half-op status to the user</td>
  </tr>
  <tr> 
    <td><div align="center">i</div></td>
    <td>Invite required</td>
  </tr>
  <tr> 
    <td><div align="center">I &lt;nick!user@host&gt;<br></div></td>
    <td>Invite exceptions ("invex") - if someone matches this, they can bypass
      +i requirements to enter the channel.</td>
  </tr>
  <tr> 
    <td><div align="center">j &lt;joins:seconds&gt;</div></td>
    <td>Throttles joins per-user to <i>joins</i> per <i>seconds</i> seconds</td>
  </tr>
  <tr> 
    <td><div align="center">K</div></td>
    <td>/knock is not allowed</td>
  </tr>
  <tr> 
    <td><div align="center">k &lt;key&gt;</div></td>
    <td>Sets a key needed to join</td>
  </tr>
  <tr> 
    <td><div align="center">l &lt;##&gt;</div></td>
    <td>Sets max number of users</td>
  </tr>
  <tr> 
    <td><div align="center">L &lt;Chan&gt;</div></td>
    <td>If the amount set by +l has been reached, users will be sent to this channel</td>
  </tr>
  <tr> 
    <td><div align="center">M</div></td>
    <td>A registered nickname (+r) is required to talk</td>
  </tr>
  <tr> 
    <td><div align="center">m</div></td>
    <td>Moderated channel. Only +v/o/h users may speak</td>
  </tr>
  <tr> 
    <td><div align="center">N</div></td>
    <td>No nick name changes permitted</td>
  </tr>
  <tr> 
    <td><div align="center">n</div></td>
    <td>No messages from outside channels</td>
  </tr>
  <tr> 
    <td><div align="center">O</div></td>
    <td>Only IRCops may join</td>
  </tr>
  <tr> 
    <td><div align="center">o &lt;nick&gt;</div></td>
    <td>Gives a user channel operator status</td>
  </tr>
  <tr> 
    <td><div align="center">p</div></td>
    <td>Makes channel private</td>
  </tr>
  <tr> 
    <td><div align="center">q &lt;nick&gt;</div></td>
    <td>Sets channel owner</td>
  </tr>
  <tr> 
    <td><div align="center">Q</div></td>
    <td>Only U:Lined servers can kick users</td>
  </tr>
  <tr> 
    <td><div align="center">R</div></td>
    <td>Requires a registered nickname to join</td>
  </tr>
  <tr> 
    <td><div align="center">S</div></td>
    <td>Strips all incoming colors</td>
  </tr>
  <tr> 
    <td><div align="center">s</div></td>
    <td>Makes channel secret</td>
  </tr>
   <tr> 
    <td><div align="center">t</div></td>
    <td>Only chanops can set topic</td>
  </tr>
  </tr>
   <tr> 
    <td><div align="center">T</div></td>
    <td>No NOTICE's allowed in the channel</td>
  </tr>
  <tr> 
    <td><div align="center">u</div></td>
    <td>Auditorium &#8211; Makes /names and /who #channel only show channel ops</td>
  </tr>
  <tr> 
    <td><div align="center">V</div></td>
    <td>/invite is not allowed</td>
  </tr>
  <tr> 
    <td><div align="center">v &lt;nick&gt;</div></td>
    <td>Gives a voice to users. (May speak in +m channels)</td>
  </tr>
  <tr> 
    <td><div align="center">z</div></td>
    <td>Only clients on a Secure (SSL) Connection may join</td>
  </tr>
</table>
<p>&nbsp;</p>
<table width="75%" border="1">
  <tr> 
    <td><div align="center"><b>Mode</b></div></td>
    <td><div align="center"><b>Description</b></div></td>
  </tr>
  <tr> 
    <td colspan="2"><div align="center"><b>User Modes</b></div></td>
  </tr>
  <tr> 
    <td><div align="center">A</div></td>
    <td>Server Admin (Set in Oper Block)</td>
  </tr>
  <tr> 
    <td><div align="center">a</div></td>
    <td>Services Admin (Set in Oper Block)</td>
  </tr>
  <tr> 
    <td><div align="center">B</div></td>
    <td>Marks you as being a Bot</td>
  </tr>
  <tr> 
    <td><div align="center">C</div></td>
    <td>Co-Admin (Set in Oper Block)</td>
  </tr>
  <tr> 
    <td><div align="center">d</div></td>
    <td>Makes it so you can not receive channel PRIVMSGs (with the exception
        of text prefixed with certain characters, see set::channel-command-prefix)</td>
  </tr>
  <tr> 
    <td><div align="center">G</div></td>
    <td>Filters out all the bad words per configuration</td>
  </tr>
  <tr> 
    <td><div align="center">g</div></td>
    <td>Can send & read globops and locops</td>
  </tr>
  <tr> 
    <td><div align="center">H</div></td>
    <td>Hide IRCop Status (IRCop Only)</td>
  </tr>
  <tr> 
    <td><div align="center">h</div></td>
    <td>Available for help (HelpOp) (Set in OperBlock)</td>
  </tr>
  <tr> 
    <td><div align="center">i</div></td>
    <td>Invisible (not shown in /who)</td>
  </tr>
  <tr> 
    <td><div align="center">N</div></td>
    <td>Network Administrator (Set in Oper Block)</td>
  </tr>
  <tr> 
    <td><div align="center">O</div></td>
    <td>Local IRC Operator (Set in Oper Block)</td>
  </tr>
  <tr> 
    <td><div align="center">o</div></td>
    <td>Global IRC Operator (Set in Oper Block)</td>
  </tr>
  <tr> 
    <td><div align="center">p</div></td>
    <td>Hides the channels you are in from /whois</td>
  </tr>
  <tr> 
    <td><div align="center">q</div></td>
    <td>Only U:Lines can kick you (Services Admins Only)</td>
  </tr>
  <tr> 
    <td><div align="center">R</div></td>
    <td>Allows you to only receive PRIVMSGs/NOTICEs from registered (+r) users</td>
  </tr>
  <tr> 
    <td><div align="center">r</div></td>
    <td>Identifies the nick as being registered</td>
  </tr>
  <tr> 
    <td><div align="center">S</div></td>
    <td>Used to protect Services Daemons</td>
  </tr>
  <tr> 
    <td><div align="center">s</div></td>
    <td>Can listen to server notices (see <a href="#feature_snomasks">section 3.3</a> above for more information)</td>
  </tr>
  <tr>
    <td><div align="center">T</div></td>
    <td>Prevents you from receiving CTCPs</td>
  </tr>
  <tr> 
    <td><div align="center">t</div></td>
    <td>Says you are using a /vhost</td>
  </tr>
  <tr> 
    <td><div align="center">V</div></td>
    <td>Marks you as a WebTV user</td>
  </tr>
  <tr> 
    <td><div align="center">v</div></td>
    <td>Receives infected DCC Send Rejection notices</td>
  </tr>
  <tr> 
    <td><div align="center">W</div></td>
    <td>Lets you see when people do a /whois on you (IRCops Only)</td>
  </tr>
  <tr> 
    <td><div align="center">w</div></td>
    <td>Can listen to wallop messages</td>
  </tr>
  <tr> 
    <td><div align="center">x</div></td>
    <td>Gives user a hidden hostname </td>
  </tr>
  <tr>
    <td><div align="center">z</div></td>
    <td>Indicates that you are an SSL client</td>
  </tr>
</table>
<p></p></div>
<p><font size="+2"><b>7 &#8211; User & Oper Commands Table<a name="useropercommands" id="useropercommands"></a></b></font></p><div class="desc">
<p>NOTE: the /helpop documentation is more up to date, use <i>/helpop command</i> (or <i>/helpop ?command</i> if you are oper) 
to get more information on a command.</p>

<table width="90%" border="1">
  <tr> 
    <td width="33%"><div align="center"><b>Command</b></div></td>
    <td width="57%"><div align="center"><b>Description</b></div></td>
    <td width="10%"><div align="center"><b>Who</b></div></td>
  </tr>
  <tr> 
    <td>nick &lt;newnickname&gt;</td>
    <td>Changes your online nick name. Alerts others to the change of your nick<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td>whois &lt;nick&gt;</td>
    <td>Displays information of user requested. Includes Full Name, Host, Channels 
      User is in, and Oper Status<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">who &lt;mask&gt;</td>
    <td>Who allows you to search for users. Masks 
      include: nickname, #channel, hostmask (*.attbi.com)<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">whowas &lt;nick&gt; &lt;maxreplies&gt;</td>
    <td>Displays information on a nick that has logged off. The &lt;max replies&gt; 
      field is optional, and limits how many records will be returned.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">ison &lt;nick1 nick2 nick3 ...&gt;</td>
    <td>Allows you to check the online status of a user, or a list of users. Simple 
      return, best used for scripts<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">join &lt;channel1,channel2, ...&gt;</td>
    <td>Allows you to join channels. Using the /join #channel1,#channel2,#channel3 
      will allow you to join more than one channel at a time. The /join 0 command 
      makes you PART all channels.</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">cycle &lt;channel1, channel2, ...&gt;</td>
    <td>Cycles the given channel(s). This command is equivalent
      to sending a PART then a JOIN command.</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">motd &lt;server&gt;</td>
    <td>Displays the servers motd. Adding a server name allows you to view motd&#8217;s 
      on other servers.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">rules &lt;server&gt;</td>
    <td>Displays the ircd.rules of a server. Adding a server name allows you to 
      view rules on other servers</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">lusers &lt;server&gt; </td>
    <td>Displays current &amp; max user loads, both global and local. Adding a server name 
        allows you to view the statistics from other servers.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">map</td>
    <td>Displays a network map</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">quit &lt;reason&gt;</td>
    <td>Causes you to disconnect from the server. If you include a reason, it 
      will be displayed on all channels as you quit</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">ping &lt;user&gt;</td>
    <td>Sends a PING request to a user. Used for checking connection and lag. 
      Servers issue pings on a timed basis to determine if users are still connected.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">version &lt;nick&gt;</td>
    <td>Sends a CTCP Version request to the user. If configured to do so, their 
      client will respond with the client version.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">links</td>
    <td>Displays a list of all servers linked to the network</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">Admin &lt;server&gt;</td>
    <td>Displays the admin info of a server. If a server name is included it will 
      display the info of that server.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">userhost &lt;nick&gt;</td>
    <td>Displays the userhost of the nick given. Generally used for scripts<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">topic &lt;channel&gt; &lt;topic&gt;</td>
    <td>Topic &lt;channel&gt; will display the current topic of the given channel. Topic 
      &lt;channel&gt; &lt;topic&gt; will change the topic of the given channel.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">invite &lt;nick&gt; &lt;channel&gt;</td>
    <td>Invites the given user to the given channel. (Must be a channel Op)<br></td>
    <td>ChanOp</td>
  </tr>
  <tr> 
    <td height="39">kick &lt;channel, channel&gt; &lt;user, user&gt; &lt;reason&gt;</td>
    <td>Kicks a user or users out of a channel, or channels. A reason may also 
      be supplied. <br></td>
    <td>ChanOp</td>
  </tr>
  <tr> 
    <td height="39">away &lt;reason&gt;</td>
    <td>Marks you as being away. A reason may also be supplied.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">Watch +-&lt;nick&gt; +-&lt;nick&gt;<br></td>
    <td>Watch is a new notify-type system in UnrealIRCd which is both faster and 
      uses less network resources than any old-style notify system. The server 
      will send you a message when any nickname in your watch list logs on or 
      off. The watch list DOES NOT REMAIN BETWEEN SESSIONS - you (or your script 
      or client) must add the nicknames to your watch list every time you connect 
      to an IRC server.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">helpop ?&lt;topic&gt; or !&lt;topic&gt;<br></td>
    <td>HelpOp is a new system of getting IRC Server help. You type either /HELPOP 
      ? &lt;help system topic&gt; or /HELPOP ! &lt;question&gt; The "?" 
      in /HELPOP means query the help system and if you get no response you can 
      choose '!' to send it to the Help Operators online. Using neither ? nor ! 
      will mean the command will be first queried within the help system and if 
      no match if found , it will be forwarded to the help operators</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">list &lt;search string&gt;</td>
    <td>
      If you don't include a search string, the default is to send you the entire 
      unfiltered list of channels. Below are the options you can use, and what 
      channels LIST will return when you use them.<br> &gt;number List channels 
      with more than &lt;number&gt; people.<br> &lt;number List channels with 
      less than &lt;number&gt; people.<br>
      C&gt;number List channels created between now and &lt;number&gt; minutes 
      ago.<br>
      C&lt;number List channels created earlier than &lt;number&gt; minutes ago.<br>
      T&gt;number List channels whose topics are older than &lt;number&gt; minutes 
      (Ie., they have not changed in the last &lt;number&gt; minutes.<br>
      T&lt;number List channels whose topics are newer than &lt;number&gt; minutes.<br>
      *mask* List channels that match *mask*<br>
      !*mask* List channels that do not match *mask*<br> </td>
      <td>All</td>
  </tr>
  <tr> 
    <td height="39">Knock &lt;channel&gt; &lt;message&gt;<br></td>
    <td>Allows you to &#8216;knock&#8217; on an invite only channel and ask for 
      access. Will not work if channel has one of the following modes set: +K 
      +V. Will also not work if you are banned<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">setname</td>
    <td>Allows users to change their &#8216;Real Name&#8217; without reconnecting<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">vhost &lt;login&gt; &lt;password&gt;</td>
    <td>Hides your host name by using a vhost provided by the server. <br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">mode &lt;chan/nick&gt; &lt;mode&gt;<br></td>
    <td>Lets you set channel and user modes. See 
        <a href="#userchannelmodes">User &amp; Channel Modes</a> for a list.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">credits</td>
    <td>Lists credits for everyone that has helped create UnrealIRCd<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">license</td>
    <td>Displays the GNU License</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">time &lt;server&gt;</td>
    <td>Displays the servers date and time. Including a server name allows you 
      to check other servers.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">botmotd &lt;server&gt;<br></td>
    <td>Displays the servers bot message of the day. Including a server name allows 
      you to check other servers</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">identify &lt;password&gt;</td>
    <td>Sends your password to the services system to identify to your nick.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">identify &lt;channel&gt; &lt;password&gt;</td>
    <td>Sends your password to the services system to identify as the founder 
      of a channel.<br></td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">dns &lt;option&gt;</td>
    <td>Returns information about the IRC server's DNS cache.
        Note, since most clients have a built-in DNS command,
        you will most likely need to use /raw DNS to use this.
        Opers may specify an l as the first parameter to the command
        to receive a list of entries in the DNS cache.</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">userip &lt;nick&gt;<br></td>
    <td>Returns the IP address of the user in question.</td>
    <td>All</td>
  </tr>
  <tr> 
    <td height="39">oper &lt;userid&gt; &lt;password&gt;<br></td>
    <td>Command to give a user operator status if they match an Oper Block<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">wallops &lt;message&gt;</td>
    <td>Sends a message to all users with umode +w</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">globops &lt;message&gt;</td>
    <td>Sends a message to all global IRCops</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">chatops &lt;message&gt;</td>
    <td>Sends a message to all IRCops (local and global)</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">locops &lt;message&gt;</td>
    <td>Sends a message to all local IRCops</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">adchat &lt;message&gt;</td>
    <td>Sends a message to all Admins</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">nachat &lt;message&gt;</td>
    <td>Sends a message to all Net Admins</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">kill &lt;nick&gt; &lt;reason&gt;</td>
    <td>Kills a user from the network</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">kline [+|-]&lt;user@host | nick&gt; [&lt;time to ban&gt; &lt;reason&gt;]</td>
    <td>Bans the hostmask from the server it is issued on. A kline is not a global ban.<br> 
        <b>time to ban</b> is either: a) a value in seconds, b) a time value, like '1d' is 1 day or c) '0' for permanent.
        Time and reason are optional, if unspecified set::default-bantime (default: 0/permanent) and 'no reason' are used.<br>
        To remove a kline use /kline -user@host</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">zline [+|-]&lt;*@ip&gt; [&lt;time to ban&gt; &lt;reason&gt;]</td>
    <td>Bans an IP Address from the local server it is issued on (not global). See kline for more syntax info. 
        Use /zline -*@ip to remove.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">gline [+|-]&lt;user@host | nick&gt; [&lt;time to ban&gt; &lt;reason&gt;]<br></td>
    <td>Adds a global ban to anyone that matches. See kline for more syntax info.
      Use /gline -user@host to remove.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">shun [+|-]&lt;user@host | nick&gt; [&lt;time to shun&gt; &lt;reason&gt;]<br></td>
    <td>Prevents a user from executing ANY commands and prevents them from speaking. 
      Shuns are global (like glines). See kline for more syntax info.
      Use /shun -user@host to remove a shun.
      <br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">gzline [+|-]&lt;ip&gt; &lt;time to ban&gt; :&lt;reason&gt;<br></td>
    <td>Adds a global zline. See kline for more syntax info.
      Use /gzline -*@ip to remove a gzline.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">rehash &lt;server&gt; &#8211;&lt;flags&gt;</td>
    <td>Rehashes the servers config file. Including a server name allows you to 
      rehash a remote servers config file. Several flags are also available. They 
      Include <br>
      -motd - Only rehash all MOTD and RULES files (including tld {})<br>
      -opermotd - Only rehash the OPERMOTD file<br>
      -botmotd - Only rehash the BOTMOTD file<br>
      -garbage - Force garbage collection<br>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">restart &lt;password&gt; &lt;reason&gt;<br></td>
    <td>Restarts the IRCD Process. Password is required if drpass { } is present. 
        You may also include a reason.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">die &lt;password&gt;<br></td>
    <td>Terminates the IRCD Process. Password is required if drpass { } is present.</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">lag &lt;server&gt; <br></td>
    <td>This command is like a Sonar or Traceroute for IRC server. You type in 
      /LAG irc.fyremoon.net and it will reply from every server it passes with 
      time and so on. Useful for looking where lag is and optional TS future/past 
      travels<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">sethost &lt;newhost&gt;</td>
    <td>Lets you change your vhost to what ever you want it to be.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">setident &lt;newident&gt;<br></td>
    <td>Lets you set your ident to what ever you want it to be<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">chghost &lt;nick&gt; &lt;newhost&gt;<br></td>
    <td>Lets you change the host name of a user currently on the system<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">chgident &lt;nick&gt; &lt;newident&gt;<br></td>
    <td>Lets you change the ident of a user currently on the system<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">chgname &lt;nick&gt; &lt;newname&gt;<br></td>
    <td>Lets you change the realname of a user currently on the system<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">squit &lt;server&gt;<br></td>
    <td>Disconnects a server from the network<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">connect &lt;server&gt; &lt;port&gt; &lt;server&gt;</td>
    <td>If only one server is given, it will attempt to connect the server you 
      are ON to the given server. If 2 servers are given, it will attempt to connect 
      the 2 servers together. Put the leaf server as the first, and the hub server 
      as the second.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">dccdeny &lt;filemask&gt; &lt;reason&gt;<br></td>
    <td>Adds a DCCDENY for that filemask. Preventing that file from being sent.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">undccdeny &lt;filemask&gt;<br></td>
    <td>Removes a DCCDENY</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">sajoin &lt;nick&gt; &lt;channel&gt;, &lt;channel&gt;<br></td>
    <td>Forces a user to join a channel(s). Available to services & network 
      admins only</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">sapart &lt;nick&gt; &lt;channel&gt;, &lt;channel&gt;<br></td>
    <td>Forces a user to part a channel(s). Available to services & network 
      admins only.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">samode &lt;channel&gt; &lt;mode&gt;<br></td>
    <td>Allows Network & Services admins to change modes of a channel without 
      having ChanOps.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">rping &lt;servermask&gt;<br></td>
    <td>Will calculate in milliseconds the lag between servers<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">trace &lt;servermask|nickname&gt;<br></td>
    <td>When used on a user it will give you class and lag info. If you use
        it on a server it gives you class/version/link info.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">opermotd <br></td>
    <td>Displays the servers OperMotd File<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="39">addmotd :&lt;text&gt;<br></td>
    <td>Will add the given text to the end of the Motd<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">addomotd :&lt;text&gt;<br></td>
    <td>Will add the given text to the end of the OperMotd<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">sdesc &lt;newdescription&gt;<br></td>
    <td>Allows server admins to change the description line of their server without 
      restarting.<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">addline &lt;text&gt;<br></td>
    <td>Allows you to add lines to the unrealircd.conf<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">mkpasswd &lt;password&gt;<br></td>
    <td>Will encrypt a clear text password to add it to the unrealircd.conf<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">tsctl offset +/- &lt;time&gt;<br></td>
    <td>Adjust the IRCD&#8217;s Internal clock (Do NOT use if you do not understand 
      EXACTLY what it does)<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">tsctl time<br></td>
    <td>Will give a TS Report</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">tsctl alltime</td>
    <td>Will give a TS Report of ALL servers</td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">tsctl svstime &lt;timestamp&gt;<br></td>
    <td>Sets the TS time of all servers (Do NOT use if you do not understand EXACTLY 
      what it does)<br></td>
    <td>IRCop</td>
  </tr>
  <tr> 
    <td height="36">htm &lt;option&gt;<br></td>
    <td>Controls settings related to high traffic mode. High Traffic Mode (HTM) 
      basically disables certain user commands such as: list whois who etc in 
      response to extremely high traffic on the server. Options include: <br>
      -ON Forces server into HTM <br>
      -OFF Forces server out of HTM <br>
      -NOISY Sets the server to notify users/admins when in goes in and out of HTM<br>
      -QUIET Sets the server to NOT notify when going in and out of HTM<br>
      -TO &lt;value&gt; Tell HTM at what incoming rate to activate HTM<br> </td>
    <td>IRCop</td>
  </tr>
  <tr>
    <td height="36">stats &lt;option&gt;<br></td>
	<td>
	B - banversion - Send the ban version list<br>
	b - badword - Send the badwords list<br>
	C - link - Send the link block list<br>
	d - denylinkauto - Send the deny link (auto) block list<br>
	D - denylinkall - Send the deny link (all) block list<br>
	e - exceptthrottle - Send the except throttle block list<br>
	E - exceptban - Send the except ban and except tkl block list<br>
	f - spamfilter - Send the spamfilter list<br>
	F - denydcc - Send the deny dcc block list<br>
	G - gline - Send the gline and gzline list<br>
	&nbsp;&nbsp;Extended flags: [+/-mrs] [mask] [reason] [setby]<br>
	&nbsp;&nbsp;&nbsp;&nbsp;m Return glines matching/not matching the specified mask<br>
	&nbsp;&nbsp;&nbsp;&nbsp;r Return glines with a reason matching/not matching the specified reason<br>
   	&nbsp;&nbsp;&nbsp;&nbsp;s Return glines set by/not set by clients matching the specified name<br>
	I - allow - Send the allow block list<br>
        j - officialchans - Send the offical channels list<br>
	K - kline - Send the ban user/ban ip/except ban block list<br>
	l - linkinfo - Send link information<br>
	L - linkinfoall - Send all link information<br>
	M - command - Send list of how many times each command was used<br>
	n - banrealname - Send the ban realname block list<br>
	O - oper - Send the oper block list<br>
	P - port - Send information about ports<br>
	q - sqline - Send the SQLINE list<br>
	Q - bannick - Send the ban nick block list<br>
	r - chanrestrict - Send the channel deny/allow block list<br>
	R - usage - Send usage information<br>
	S - set - Send the set block list<br>
	s - shun - Send the shun list<br>
  	&nbsp;&nbsp;Extended flags: [+/-mrs] [mask] [reason] [setby]<br>
	&nbsp;&nbsp;&nbsp;&nbsp;m Return shuns matching/not matching the specified mask<br>
	&nbsp;&nbsp;&nbsp;&nbsp;r Return shuns with a reason matching/not matching the specified reason<br>
	&nbsp;&nbsp;&nbsp;&nbsp;s Return shuns set by/not set by clients matching the specified name<br>
	t - tld - Send the tld block list<br>
	T - traffic - Send traffic information<br>
	u - uptime - Send the server uptime and connection count<br>
	U - uline - Send the ulines block list<br>
	v - denyver - Send the deny version block list<br>
	V - vhost - Send the vhost block list<br>
	X - notlink - Send the list of servers that are not current linked<br>
	Y - class - Send the class block list<br>
	z - zip - Send compression information about ziplinked servers (if compiled with ziplinks support)<br>
	Z - mem - Send memory usage information<br>
	</td>
    <td>All</td>
  </tr>
  <tr>
    <td height="36">module<br></td>
    <td>
	Lists all loaded modules
     </td>
    <td>All</td>
  </tr>
  <tr>
    <td height="36">close<br></td>
    <td>
	This command will disconnect all unknown connections from the IRC server.
    </td>
    <td>IRCOp</td>
  </tr>
</table>

<p></p></div>

<p><font size="+2"><b>8 &#8211; Security tips/checklist<a name="security"></a></b></font></p>
<div class="desc">
<p>If you are concerned about security (you should be!), this section will help you get an overview 
of the risks that are out there and their risk-level. Alternatively you can use it as a "checklist" 
to walk through your (network) configuration to make things more secure.</p>
<p>The list is ordered by by popularity/risk level/most-often-used-attack-methods:</p>
</div></p>

<p><b><font size="+2">8.1 Passwords</font></b><a name="secpasswords"></a><br><div class="desc">
Choose good oper passwords, link passwords, etc:<br>
- use mixed case and digits ("Whbviwf5") and/or something long ("blaheatsafish", "AlphaBeta555").<br>
- DO NOT use your link/oper passwords for something else like your mail account, bot password, forums, etc...<br>
</div></p>

<p><b><font size="+2">8.2 Non-Ircd related vulnerabilities</font></b><a name="secnonircd"></a><br><div class="desc">
There's a far bigger chance a box will get hacked by a non-irc(d) vulnerability than by some bug in UnrealIRCd.
If you for example run http, dns, smtp and ftp servers on the same box you have a much higher risk. 
Also, if you are on a multi-user box (eg: you bought a shell) there's the risk of local exploits and bad permissions 
(see next). This risk is quite high so be careful when selecting a shell provider.
</div></p>

<p><b><font size="+2">8.3 Permissions and the configfile</font></b><a name="secpermissions"></a><br><div class="desc">
Always make sure your home directory and UnrealIRCd directory have correct permissions, 
(group/)other shouldn't have read permissions. Otherwise a local user can simply grab 
your configfile and look for passwords... In short: <i>chmod -R go-rwx /path/to/Unreal3.2</i> if you are unsure about this.<br>
Other things related to this: never put your UnrealIRCd inside the webroot or some other 
kind of shared directory. And for backups, make sure they get the correct permissions too 
(it happens quite frequently everything is secured fine but there's a backup.tar.gz lying 
around readable by everyone).<br>
<br>
You also want to use encrypted passwords wherever possible, if you compile with OpenSSL 
support (which you do, since you are concerned with security, right?) then I suggest to 
use <i>sha1</i> or <i>ripemd160</i> password encryption, else use <i>md5</i>. Also if 
you still have encrypted (oper) blocks left from Unreal3.2.1 or before I suggest you to 
re-enrypt these (just re-run /mkpasswd), because 3.2.1 introduced some considerable 
anti-crack improvements (basically a 14x slowdown of active cracks, and making 
stored-plain-ciphertext cracks impossible).<br>
Still, do note that this is just 'yet another layer of security', since if you have weak 
passwords they can still be cracked relatively easily and if someone manages to get your 
configfile there are usually other interesting things in it that may aid an attacker, 
like link::password-connect.
</div></p>

<p><b><font size="+2">8.4 User-related problems</font></b><a name="secuser"></a><br><div class="desc">
Just like most of these things, this is not UnrealIRCd-specific, but..<br>
Always choose your opers and admins wisely. And do remember the concept of weakest-link. 
Even though you are careful and did everything in this doc, maybe your friend which is an
oper too did something stupid. Like share his harddrive via netbios/kazaa/morpheus/..,
got a trojan, used an obvious password, etc etc.. Unfortunately, it's not always in your control.<br>
One thing you could do however is carefuly choose which privileges someone needs (oper::flags).
</div></p>

<p><b><font size="+2">8.5 SSL/SSH &amp; sniffing</font></b><a name="secsnif"></a><br><div class="desc">
Use SSL connections between servers and as an oper, this will protect you against "sniffing". 
Sniffing is possible if an attacker hacked a box somewhere between you and your ircd server, 
he can then look at ALL network traffic that passes by; watch all conversations, capture all passwords 
(oper logins, nickserv, etc).. For the same reason, always use ssh instead of telnet.
</div></p>

<p><b><font size="+2">8.6 Denial of Service attacks (DoS) [or: how to protect my hub]</font></b><a name="secDoS"></a><br><div class="desc">
A lot of networks have experienced how much "fun" a flood or (D)DoS attack is, you can however 
do some things to reduce the damage caused by it. Most nets have a hub server, what some people 
seem to forget is that it's quite easy to protect the hub server from getting attacked.<br>
I'll explain it here:<br>
1. Set the name of the hub to a hostname that doesn't exist, eg 'hub.yournet.com', but<br>
&nbsp;&nbsp;&nbsp; don't add a dns record for it. This way an attacker cannot resolve the host and<br>
&nbsp;&nbsp;&nbsp; cannot flood it either. Then simply link your servers to the hub by specifying the<br>
&nbsp;&nbsp;&nbsp; IP or another non-public hostname.<br>
&nbsp;&nbsp;&nbsp; Example 1: <i>link visibiblename.yournet.com { hostname 194.15.123.16; [etc] };</i>.<br>
&nbsp;&nbsp;&nbsp; Example 2: <i>link visibiblename.yournet.com { hostname thehostnamethatworks.yournet.com; [etc] };</i>.<br>
&nbsp;&nbsp;&nbsp; On a sidenote, for the last example you must be sure your nameservers don't allow zone transfers, 
 but that's way too off-topic ;).<br>
2. Another important step is then to hide '/stats c' and other stats information, otherwise<br>
&nbsp;&nbsp;&nbsp; attackers can simply list your link blocks. Usually if you are this paranoid (like<br>
&nbsp;&nbsp;&nbsp; me) you can simply do: set { oper-only-stats "*"; }; to restrict all /stats usage.<br>
&nbsp;&nbsp;&nbsp; If you don't want that, at least hide "CdDlLXz". More about this in the next section.<br>
<br>
Of course those steps are less useful if they are applied afterwards (eg: after a few months)<br>
instead of at the beginning because the IP's might be already known to some evil guys, still.. it's worth to do.<br>
Also note that attackers can still flood all non-hub servers, but that requires more effort<br>
than just attacking 1 or 2 weak points (the hubs), also this way your hubs &amp; services 
will stay alive :).<br>
</div></p>

<p><b><font size="+2">8.7 Information disclosure</font></b><a name="secinformation"></a><br><div class="desc">
<b>STATS</b><br>
The /stats command is very informative, you probably want to restrict it's usage as much 
as possible. A question you should ask yourself is "what do I want my users to see?". 
Most big networks choose "nothing", while others prefer their clients to be able to do 
'/stats g' and '/stats k'.<br>
I suggest you to use <i>set { oper-only-stats "*"; };</i> to deny all /stats for non-opers, but if you don't
want that, step through the '/stats' list (gives an overview of all available options) and
block everything except what you want to allow.. (if in doubt, just deny.. why should they
really need to know all this?).<br>
To give you a few examples:<br>
- /stats o: gives you the nicks of opers (with correct case) and hostmasks.<br>
- /stats c: gives you an idea about serverlinks and which to use as 'backup', etc..<br>
- /stats g, /stats k: usually used for banning proxies.. so this will simply give attackers
  a list of proxies they can use.<br>
- /stats E, /stats e: pretty sensitive info, especially if an attacker can use these addresses<br>
- /stats i, /stats y: might aid an attacker in finding hosts which allow lots of connections.<br>
- /stats P: helps him find serveronly ports<br>
etc etc...<br>
<br>
<b>MAP / LINKS</b><br>
Several people have asked if there was some way to disable /map or /links. 
Our position on this is that it's silly and gives a false sense of security, let me explain... 
Hiding servers that are actually used by users is useless since they already know 
about your servers (how else could they get on them in the first place?). For any servers that you 
don't want users on, see section 8.6.<br>
Now what CAN you do? Since 3.2.1 there's an option called 'flat map' (set::options::flat-map), 
this will make all servers appear as 'directly linked' in /map and /links, thus normal users 
can no longer see which server is linked to which... This can be a nice additional layer 
of protection because this way a kiddie cannot easily spot any 'weak points' with /map or /links. 
So, use of this is recommended. Note that this is not foolproof... If any split happends someone 
can still see which server was linked to which, and this is also true for some other things as well.<br>
<br>
<b>NORMAL USERS &amp; SNOMASKS</b><br>
A feature that isn't widely known is that normal users can also set some limited snomasks, 
namely +s +sk. By this they can see things like rehashes, kills and various other messages.<br>
To disable this you can use set::restrict-usermodes like this: <i>set { restrict-usermodes "s"; };</i>.<br>


<br><br>
Of course all of this is "information hiding", so it's not "true" security. 
It will however make it more difficult / increase the effort needed to attack/hack.<br>
</div></p>

<p><b><font size="+2">8.8 Protecting against exploits</font></b><a name="secantiexploit"></a><br><div class="desc">
There are kernel patches that make it more difficult for stack- and heap-based exploits to 
work. This is nice, but should not be your main focus point, you have a far more bigger risk 
of getting exploited through the other points than this... for various reasons.<br>
Another option is enabling chrooting (*NIX only), which means upon a succesfull exploit,
the user is confined to the UnrealIRCd directory and cannot touch any other
files. This requires root privileges, modifying of include/config.h
(search for CHROOTDIR, and also set IRC_USER and IRC_GROUP), and a
recompile.<br>
<br>
There's one thing you should definately do, which is to ALWAYS USE THE LATEST VERSION, 
subscribe to the <a href="http://mail1.sourceforge.net/mailman/listinfo/unreal-notify" target="_blank">unreal-notify mailinglist</a> 
right now so you receive the release announcements (unreal-notify is for release announcements only, 
so only 1 mail per X months). Usually it's explicitly mentioned in the release announcement if the 
release contains (high risk) security fixes, but it's good to upgrade anyway.<br> 
</div></p>

<p><b><font size="+2">8.9 Summary</font></b><a name="secsummary"></a><br><div class="desc">
As you now hopefully understand, you can never be 100% secure. You (and us) have to 
find&amp;fix every hole out there, while an attacker only needs to find just 1 server with 1 hole. 
Everything that was explained here DOES however help by minimizing the risks considerably. 
Do take the time to secure your network and educate your opers. A lot of people don't care about 
security until they got hacked, try to avoid that :).
</div></p>


<p><font size="+2"><b>9 &#8211; Frequently Asked Questions (FAQ)<a name="faq"></a></b></font></p>
<div class="desc"><p>The FAQ is available online <a href="http://www.vulnscan.org/UnrealIRCd/faq/" TARGET="_blank">here</a></p></div>
<p></p>

<p><font size="+2"><b>A Regular Expressions<a name="regex"></a></b></font></p>
<div class="desc"><p>Regular expressions are used in many places in Unreal, including badwords, spamfilter, and aliases. Regular expressions are a very complex tool used for pattern matching. They are sometimes referred to as "regexp" or "regex." Unreal uses the TRE regular expression library for its regex. This library supports some very complex and advanced expressions that may be confusing. The information below will help you understand how regexps work. If you are interested in more technical and detailed information about the regexp syntax used by Unreal, visit the <a href="http://www.laurikari.net/tre/syntax.html" target="_new">TRE homepage</a>.</p></div>

<p><font size="+2"><b>A.1 Literals<a name="regexlit"></a></b></font></p>
<div class="desc"><p>Literals are the most basic component of a regexp. Basically, they are characters that are treated as plaintext. For example, the pattern "test" consists of the four literals, "t," "e," "s," and "t." In Unreal, literals are treated as case insensitive, so the previous regex would match "test" as well as "TEST." Any character that is not a "meta character" (discussed in the following sections) is treated as a literal. You can also explicitely make a character a literal by using a backslash (\). For example, the dot (.) is a metacharacter. If you wish to include a literal ., simply use \. and Unreal will treat this as a period. It is also possible that you want to check for a character that is not easily typed, say ASCII character 3 (color). Rather than having to deal with using an IRC client to create this character, you can use a special sequence, the \x. If you type \x3, then it is interpretted as being the ASCII character 3. The number after the \x is represented as hexidecimal and can be in the range from \x0 to \xFF.</p></div>

<p><font size="+2"><b>A.2 Dot Operator<a name="regexdot"></a></b></font></p>
<div class="desc"><p>The dot (.) operator is used to match "any character." It matches a single character that has any value. For example, the regex "a.c" will match "abc," "adc," etc. However, it will not match "abd" because the "a" and "c" are literals that must match exactly.</p></div>

<p><font size="+2"><b>A.3 Repetition Operators<a name="regexrep"></a></b></font></p>
<div class="desc"><p>One of the common mistakes people make with regex is assuming that they work just like wildcards. That is, the * and ? characters will match just like in a wildcard. While these characters do have similar meaning in a regex, they are not exactly the same. Additionaly, regular expressions also support other, more advanced methods of repetition.
<p>
The most basic repetition operator is the ? operator. This operator matches 0 or 1 of the previous character. This, "of the previous character," is where the ? in regex differs from a wildcard. In a wildcard, the expression, "a?c" matches an "a" followed by any character, followed by a "c". In regex it has a different meaning. It matches 0 or 1 of the letter "a" followed by the letter "c". Basically, the ? is modifying the a by specifying how many a's may be present. To emulate the ? in a wildcard, the . operator is used. The regex "a.c" is equivilent to the previously mentioned wildcard. It matches the letter "a" followed by any character, followed by a "c".
<p>
The next repetition operator is the *. Again, this operator is similar to a wildcard. It matches 0 or more of the previous character. Note that this "of the previous character" is something that is characteristic of all repetition operators. The regex "a*c" matches 0 or more a's followed by a "c". For example, "aaaaaac" matches. Once again, to make this work like a wildcard, you would use "a.*c" which will cause the * to modify the . (any character) rather than the "a."
<p>
The + operator is very similar to the *. However, instead of matching 0 or more, it matches 1 or more. Basically, "a*c" will match "c" (0 a's followed by a c), where as "a+c" would not. The "a+" states that there must be "at least" 1 a. So "c" does not match but "ac" and "aaaaaaaaac" do.
<p>
The most advanced repetition operator is known as a "boundary." A boundary lets you set exact constraints on how many of the previous character must be present. For example, you may want to require exactly 8 a's, or at least 8 a's, or between 3 and 5 a's. The boundary allows you to accomplish all of these. The basic syntax is {M,N} where M is the lower bound, and N is the upper bound. For example, the match between 3 and 5 a's, you would do "a{3,5}". However, you do not have to specify both numbers. If you do "a{8}" it means there must be exactly 8 a's. Therefore, "a{8}" is equivilent to "aaaaaaaa." To specify the "at least" example, you basically create a boundary that only has a lower bound. So for at least 8 a's, you would do "a{8,}".
<p>
By default, all of the repetition operators are "greedy." Greediness is a somewhat complex idea. Basically, it means that an operator will match as many characters as it can. This is best explained by an example. <p>Say we have the following text:<br>
HELLO<br>
And the following regex:<br>
.+L<p>
In this example, you might think that the .+ matches "HE." However, this is incorrect. Because the + is greedy, it matches "HEL." The reason is, it chooses the largest portion of the input text that can be matched while still allowing the entire regex to match. In this example, it chose "HEL" because the only other requirement is that the character after the text matched by .+ must be an "L". Since the text is "HELLO", "HEL" is followed by an "L," and therefore it matches. Sometimes, however, it is useful to make an operator nongreedy. This can be done by adding a ? character after the repetition operator. Modifying the above to, ".+?L" the .+? will now match "HE" rather than "HEL" since it has been placed in a nongreedy state. The ? can be added to any repetition character: ??, *?, +?, {M,N}?.</p></div>

<p><font size="+2"><b>A.4 Bracket Expressions<a name="regexbracket"></a></b></font></p>
<div class="desc">Bracket expressions provide a convenient way to do an "or" operator. For example, if you want to say "match an a or a b." The bracket expression gets its name from the fact that it is enclosed in brackets ([]). The basic syntax is that the expression includes a series of characters. These characters are then treated as though there were an "or" between them. As an example, the expression "[abc]" matches an "a," a "b," or a "c." Therefore, the regexp "a[bd]c" matches "abc" and "adc" but not "acc."
<p>
One very common thing to do is to check for things such as, a letter, or a digit. Rather than having to do, for example, "[0123456789]", the bracket operator supports ranges. Ranges work by specifying the beginning and ending point with a - between them. Therefore, a more simplistic way to test for a digit is to simply do "[0-9]". The same thing can be used on letters, or in fact, any range of ASCII values. If you want to match a letter, simply do "[a-z]" since Unreal is case insensitive, this will match all letters. You can also include multiple ranges in the same expression. To match a letter or a number, "[0-9a-z]". One complication that this creates is that the - is a special character in a bracket expression. To have it match a literal -, the easiest way is to place it as either the first or last character in the expression. For example, "[0-9-]" matches a digit or a -.
<p>
To make things even more simple, there are several "character classes" that may be used within a bracket expression. These character classes eliminate the need to define certain ranges. Character classes are written by enclosing their name in :'s. For example, "[0-9]" could also be written as "[:isdigit:]". The list below shows all of the available character classes and what they do:
<ul>
<li><tt>alnum</tt> - alphanumeric characters</li>
<li><tt>alpha</tt> - alphabetic characters</li>
<li><tt>blank</tt> - blank characters</li>
<li><tt>cntrl</tt> - control characters</li>
<li><tt>digit</tt> - decimal digits (0 through 9)</li>
<li><tt>graph</tt> - all printable characters except space</li>
<li><tt>lower</tt> - lower-case letters</li>
<li><tt>print</tt> - printable characters including space</li>
<li><tt>punct</tt> - printable characters not space or alphanumeric</li>
<li><tt>space</tt> - white-space characters</li>
<li><tt>upper</tt> - upper case letters</li>
<li><tt>xdigit</tt> - hexadecimal digits</li>
</ul>
One important note about character classes is that they MUST be the only element in the expression. For example, [:isdigit:-] is NOT legal. Instead, you can accomplish this same goal by nesting the expressions, for example, to do the same thing as "[0-9-]" using a character class, you could do "[[:isdigit:]-]".
<p>
The last feature of the bracket expression is negation. Sometimes it is useful to say "anything except these characters." For example, if you want to check if the character is "not a letter," it is easier to list a-z and say "not these," than it is to list all the non-letters. Bracket expressions allow you to handle this through negation. You negate the expression by specifying a "^" as the first character. For example, "[^a-z]" would match any non-letter. As with the -, if you want to include a literal ^, do not place it in the first position, "[a-z^]". Also, to negate a character class, you must once again use nesting, "[^[:isdigit:]]" would match any non-digit.</p></div>
<p><font size="+2"><b>A.5 Assertions<a name="regexassert"></a></b></font></p>
<div class="desc">Assertions allow you to test for certain conditions that are not representable by character strings, as well as providing shortcuts for some common bracket expressions.
<p>
The ^ character is referred to as the "left anchor." This character matches the beginning of a string. If you simply specify a regex such as "test", it will match, for example "this is a test" since that string contains "test." But, sometimes it is useful to ensure that the string actually starts with the pattern. This can be done with ^. For example "^test" means that the text must start with "test." Additionally, the $ character is the "right anchor." This character matches the end of the string. So if you were to do "^test$", then the string must be exactly the word "test."
<p>
Similar tests also exist for words. All of the other assertions are specified using a \ followed by a specific character. For example, to test for the beginning and ending of a word, you can use \< and \> respectively. 
<p>
The remaining assertions all come with two forms, a positive and a negative. These assertions are listed below:
<ul>
<li><tt>\b</tt> - Word boundary
<li><tt>\B</tt> - Non-word boundary
<li><tt>\d</tt> - Digit character (equivalent to <tt>[[:digit:]]</tt>)</li>
<li><tt>\D</tt> - Non-digit character (equivalent to <tt>[^[:digit:]]</tt>)</li>
<li><tt>\s</tt> - Space character (equivalent to <tt>[[:space:]]</tt>)</li>
<li><tt>\S</tt> - Non-space character (equivalent to <tt>[^[:space:]]</tt>)</li>
<li><tt>\w</tt> - Word character (equivalent to <tt>[[:alnum:]_]</tt>)</li>
<li><tt>\W</tt> - Non-word character (equivalent to <tt>[^[:alnum:]_]</tt>)</li>
</ul>
</div>
<p><font size="+2"><b>A.6 Alternation<a name="regexalt"></a></b></font></p>
<div class="desc">Alternation is a method of saying "or." The alternation operator is the vertical bar (|). For example, if you wanted to say "a or b" you could do "a|b". For normal letters, this could be replaced by a bracket expression, but alternation can also be used with subexpressions (discussed in the next section).
</div>
<p><font size="+2"><b>A.7 Subexpressions<a name="regexsub"></a></b></font></p>
<div class="desc">Subexpressions are a portion of of a regex that is treated as a single entity. There are two ways to create a subexpression. The two methods differ with regard to "back references," which will be explained later. To declare a subexpression that uses back references, simply enclose it in parentheses (). To create a subexpression that does not use back references, replace the open-parenthesis with, "(?:". For example, "([a-z])" and "(?:[a-z])". The reason subexpressions are useful is you can then apply operators to the expression. All of the repetition operators, for example, that were mentioned as "X or more of the previous character," can also be used for "X or more of the previous subexpression." For example, if you have a regex of "[0-9][a-z][0-9]", to match a digit, followed by a letter, followed by a digit, and then you decided you wanted to match this sequence twice. Normally, you would do, "[0-9][a-z][0-9][0-9][a-z][0-9]". With subexpressions, however, you can simply do "([0-9][a-z][0-9]){2}".</div>
<p><font size="+2"><b>A.8 Back References<a name="regexbackref"></a></b></font></p>
<div class="desc">Back references allow you to reference the string that matched one of the subexpressions of the regexp. You use a back reference by specifying a backslash (\) followed by a number, 0-9, for example \1. \0 is a special back reference that refers to the entire regexp, rather than a subexpression. Back references are useful when you want to match something that contains the same string twice. For example, say you have a nick!user@host. You know that there is a trojan that uses a nickname and username that matches "[0-9][a-z]{5}", and both the nickname and username are the same. Using "[0-9][a-z]{5}![0-9][a-z]{5}@.+" will not work because it would allow the nickname and username to be different. For example, the nickname could be 1abcde and the username 2fghij. Back references allow you to overcome this limitation. Using, "([0-9][a-z]{5})!\1@.+" will work exactly as expected. This searches for the nickname matching the given subexpressions, then it uses a back reference to say that the username must be the same text. 
<p>
Since you can only have 9 back references, this is the reason why the (?:) notation is useful. It allows you to create a subexpression without wasting a back reference. Additionally, since back reference information does not need to be saved, it is also faster. Because of this, non-back reference subexpressions should be used whenever back references are not needed.</div>
<p><font size="+2"><b>A.9 Case Sensitivity<a name="regexcase"></a></b></font></p>
<div class="desc">As was already mentioned, Unreal makes all regexps case insensitive by default. The main reason for this is, there seem to be many more instances where you want case insensitive searching rather than sensitive, for example, if you block the text "www.test.com," you presumably want to block "WWW.TEST.COM" as well. However, there are instances where you may want case sensitivity, for example, matching for certain trojans. Because of this, a method is provided to dynamically turn case insensitivity on/off. To turn it off, simply use "(?-i)" and to turn it on, "(?i)". For example, "(?-i)[a-z](?i)[a-z]" will match a lowercase letter (case insensitivity is off) followed by either an uppercase or lowercase letter (case insensitivity is on). Additionally, rather than having to always remember to turn the flag back on when you are finished, you can also specify that the flag change should only apply to a subexpression, for example, "(?-i:[a-z])[a-z]" is equivilent to the previous regexp because the -i only applies to the given subexpression.
</body>
</html>