Tip of the day: If you still have users on plaintext port 6667, consider enabling Strict Transport Security to gently move users to SSL/TLS on port 6697.

Extended bans

From UnrealIRCd documentation wiki
Jump to navigation Jump to search
This page contains changes which are not marked for translation.
Other languages:

Extended bans can be used to match a client on criteria other than IP or hostname. For example /MODE #chan +e ~account:SomeAccount can be used to add a ban exemption for someone who identified to services with SomeAccount. Extended bans can also be used to provide other "extended" functionality, such as blocking or censoring certain words in channels.

In channels, extended bans can be used in /MODE for bans (+b), exempts (+e) and invite exceptions (+I). Server admins can use some of these in Extended server bans as well.

In UnrealIRCd 6 extended bans start with a tilde followed by a name, such as +b ~account for an account extban, while in UnrealIRCd 5 and older it used a tilde followed by a letter, like +b ~a.

UnrealIRCd comes with a number of built-in extbans (loaded through Modules). 3rd party modules may introduce even more types.

Group 1: time limit

The following ban type can be used in front of any (ext)ban:

Letter Name Module Explanation Example
~t ~time extbans/timedban Timed ban that will make a ban unset after the specified number of minutes. +b ~time:3:*!*@hostname

Group 2: actions

The following ban types specify which actions (join, nick-change or speaking) are affected by a ban:

Letter Name Module Explanation Example
~q ~quiet extbans/quiet People matching these bans can join but are unable to speak, unless they have +v or higher. +b ~quiet:*!*@*.blah.com
~n ~nickchange extbans/nickchange People matching these bans cannot change nicks, unless they have +v or higher. +b ~nickchange:*!*@*.aol.com
~j ~join extbans/join When a user matches this (s)he may not join the channel but if already in the channel then all activities are permitted such as speaking or changing the nick. This can be useful to ban an entire ISP and then manually /INVITE people to the channel so once joined they can behave as normal. +b ~join:*!*@*.aol.com
~f ~forward chanmodes/link Forward user to another channel if matching mask. +b ~forward:#badispchannel:*!*@*.isp.com
~m ~msgbypass extbans/msgbypass Bypass message restrictions. This extended ban is only available as +e and not as +b. Syntax: +e ~msgbypass:type:mask.

Valid types are: external (bypass +n), moderated (bypass +m/+M), censor (bypass +G), color (bypass +S/+c) and notice (bypass +T).

+e ~msgbypass:moderated:*!*@192.168.*

+e ~msgbypass:external:*!*@192.168.*
+e ~msgbypass:color:~a:ColorBot

~F ~flood extbans/flood Bypass mode +f/+F flood protection. This extended ban is only available as +e and not as +b. Syntax: +e ~flood:types:mask.

Valid flood types are: c, j, k, m, n, t, r, and * for all. For the meaning of the letters, see channel mode +f.

+e ~flood:*:*!*@192.168.*

+e ~flood:*:~account:TestUser
+e ~flood:m:*!*@192.168.*

Group 3: selectors

These bantypes introduce new criteria which can be used:

Letter Name Module Explanation Example
~a ~account extbans/account If a user is logged in to services with this account name, then this ban will match. Note that the account name is not necessarily the same as the nick name.

There are also two special bans: ~account:* matches all authenticated users and ~account:0 matches all unauthenticated users.

+e ~account:SomeAccount

+I ~account:SomeAccount

~c ~channel extbans/inchannel If the user is in this channel then (s)he is unable to join. A prefix can also be specified (+/%/@/&/~) which means that it will only match if the user has that rights or higher on the specified channel. +b ~channel:#lamers

+e ~channel:@#trustedops

~C ~country extbans/country Ban (or exempt) a country code, eg NL, US, DE. Only exists in UnrealIRCd 6. +b ~country:BE

+iI ~country:NL

~G ~security-group extbans/securitygroup If the user matches this security group then (s)he is unable to join. +b ~security-group:unknown-users
~O ~operclass extbans/operclass If the user is an IRCOp and the oper::operclass matches this name then the ban/invex will match. You can use this to for example create *admin* only channels. +iI ~operclass:*admin*
~r ~realname extbans/realname If the realname (gecos) of a user matches this then (s)he is unable to join. Since real names may contain spaces you can use a underscore to match a space (and underscore) +b ~realname:*Stupid_bot_script*
~S ~certfp extbans/certfp When a user is using SSL/TLS with a client certificate then you can match the user by his/her SSL fingerprint (the one you see in /WHOIS). Useful for ban exemptions (+e) and invite exceptions (+I). +e ~certfp:0000000etc

+I ~certfp:0000000etc

Group 4: special

These are special extended bans that don't fit anywhere else:

Letter Name Module Explanation Example
~T ~text extbans/textban Channel-specific text filtering. Supports two actions: 'censor' and 'block', see examples on the right. +b ~text:censor:*badword*

+b ~text:block:*something*

~p ~partmsg extbans/partmsg Hide part/quit messages on matching users. +b ~partmsg:*!*@*.blah.com

Combining extended bans

You can combine extended bans from multiple groups, this is called "stacking":

  • Group 1 + 2/3/4: You can stack extended bans from the 1st group with any of the other groups. For example, +e ~time:1440:~account:TrustedUser would allow someone who identified to the services account TrustedUser to bypass channel bans for the next 1440 minutes (=24 hours).
  • Group 2 + 3: You can also stack the 2nd group with the 3rd group. For example: +b ~quiet:~channel:#lamers would quiet all users who have also joined #lamers.
  • Group 1 + 2 + 3: You can even stack group 1 + group 2 + group 3 if you want, eg: +b ~time:5:~quiet:~channel:#lamers to quiet all users who have also joined #lamers and have this ban removed automatically after 5 minutes.

Invite exceptions (+I)

Ban types from the 3rd group can be used in invite exceptions (+I). For example you can put the channel +i and then use +I ~channel:@#trusted and/or +I ~account:accountname.

See also