Extended server bans

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

NOTE: Not to be confused with channel bans, see Extended bans for that

IRC Operators (administrators) can place extended server bans (GLINE/KLINE/..) and extended server ban exemptions (ELINE). While classic server bans use the user@host format, extended server bans look like Extended bans, such as ~a:Account or ~S:1122334455... They match a user based on properties other than user or host.

The following extended server ban types are available in UnrealIRCd:

Extban Module Explanation
a extbans/account If a user is logged in to services with this account name, then it will match.

For example /ELINE ~a:SomeAccount kG 0 Trusted account will bypass KLINE and GLINE server bans if the user uses SASL to login to the account SomeAccount.

r extbans/realname This ban will match if the realname (gecos) of a user matches the specified string. Since real names may contain spaces you can use a underscore to match a space (and underscore).

For example /KLINE ~r:*Stupid_bot_script* will ban any users that have the real name Stupid bot script.

G extbans/securitygroup Ban users matching the specified security group. Note that this can ban large amounts of users!

For example /GLINE ~G:unknown-users will ban all users with a reputation score below 24 that don't use SASL to identify to Services. Note that using Connthrottle may be a better way to manage the situation.
You can also use an exclamation mark (!) to tell it not to match a security group. For example /GLINE ~G:!tls-users 0 Please connect using SSL/TLS on port 6697 bans all users not using SSL/TLS. (The same can be achieved by setting set::plaintext-policy::user to deny, by the way)

S extbans/certfp When a user is using SSL/TLS with a client certificate then you can match the user by his/her certificate fingerprint (the one you see in /WHOIS).

For example: /ELINE ~S:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef kGF 0 Trusted user with this certificate fingerprint will allow the user with this TLS certificate to bypass KLINE and GLINE server bans and spamfilter restrictions.