Tip of the day: Channel mode +f is a powerful anti-flood feature. It is also slightly complex. Enable it in your most important channels, and consider setting a default in set::modes-on-join.

Extended server bans

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

NOTE: Not to be confused with channel bans, see Extended bans for that

IRC Operators (administrators) can place extended server bans (GLINE/KLINE/..) and extended server ban exemptions (ELINE). While classic server bans use the user@host format, extended server bans look like Extended bans, such as ~account:Account or ~certfp:1122334455... They match a user based on properties other than user or host. Optionally it can be prefixed with % to act as a Soft ban.

In UnrealIRCd 6 we use names like ~account, in UnrealIRCd 5 we used letters like ~a.

Similar functionality exists in mask items in the configuration file (eg allow::mask, oper::mask, etc).

The following extended server ban types are available in UnrealIRCd:

Letter Name Module Explanation
~a ~account extbans/account If a user is logged in to services with this account name, then it will match.

For example ELINE ~account:SomeAccount kG 0 Trusted account will bypass KLINE and GLINE server bans if the user uses SASL to login to the account SomeAccount.
There are also two special bans: ~account:* matches all authenticated users and ~account:0 matches all unauthenticated users.

~C ~country extbans/country Matches if the GEOIP module says the users IP is from this country.

For example GLINE ~country:BD 0 :Too much spam from this country
Or as a soft ban: GLINE %~country:BD 0 :Too much spam from this country, please log in with a services account

~r ~realname extbans/realname This ban will match if the realname (gecos) of a user matches the specified string. Since real names may contain spaces you can use a underscore to match a space (and underscore).

For example KLINE ~realname:*Stupid_bot_script* will ban any users that have the real name Stupid bot script.

~G ~security-group extbans/securitygroup Ban users matching the specified security group. Note that this can ban large amounts of users!

For example GLINE ~security-group:unknown-users will ban all users with a reputation score below 24 that don't use SASL to identify to Services. Note that using Connthrottle may be a better way to manage the situation.
You can also use an exclamation mark (!) to tell it not to match a security group. For example GLINE ~security-group:!tls-users 0 Please connect using SSL/TLS on port 6697 bans all users not using SSL/TLS. (The same can be achieved by setting set::plaintext-policy::user to deny, by the way)

~S ~certfp extbans/certfp When a user is using SSL/TLS with a client certificate then you can match the user by his/her certificate fingerprint (the one you see in /WHOIS).

For example: ELINE ~certfp:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef kGF 0 Trusted user with this certificate fingerprint will allow the user with this TLS certificate to bypass KLINE and GLINE server bans and spamfilter restrictions.

Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Extended_server_bans&oldid=13521"