| Tip of the day: You can add a Webhook that is called on certain log events. This can be used to automate things or to notify you in case of trouble. |
JSON-RPC:Security-group object
Jump to navigation
Jump to search
In UnrealIRCd a security group and mask item is internally the same. The following fields are present if it is a it is a security group but left out if it is a Mask item:
| Variable | Description | Example value |
|---|---|---|
| name | Name of the security group | known-users
|
| priority | Priority. Lower number means higher priority. | 100
|
| public | Public, meaning: appears in security group listings. | true
|
After this come all the fields used for matching, but only if they are set in the configuration file.
Below is the configuration file documentation (not for the JSON). In JSON we use the same field names except that:
- We replace hyphens with underscores (
-to_), so for examplereputation-scorewill bereputation_score. - Any item that can have multiple values (such as ip, mask, server_port, security_group, etc) will always be an array, even if it has only 1 item.
- Items that are yes/no will use boolean values.
The items are as follows:
- mask: list of masks that would result in a match, like
*.example.net - ip: list of IP addresses that would result in a match, eg
127.*or using CIDR notation127.0.0.0/8. - identified: if set to yes, then if the user is identified to Services then it is considered a match.
- webirc: if set to yes, then if the user comes from a WEBIRC gateway then it is considered a match.
- websocket: if set to yes, then if the user uses WebSockets then it is considered a match. (Requires UnrealIRCd 6.0.7 or later)
- tls: if set to yes, then if the user is using a SSL/TLS connection then it is considered a match.
- reputation-score: if set to a value, like
10, then if the user has a reputation score of this value or higher, it is considered a match. You can also use<10to say match on a score of below 10. - connect-time: if set to a time value, like
300(seconds) or5m(5 minutes), then if the user has been connected for longer than this time, it is considered a match. You can also use a value like<5mto say less than 5 minutes. - security-group: this is a match if any of the security groups in this list match.
- account: list of account name(s) that would result in a match, eg:
account { TrustedAccount1; TrustedAccount2; } - country: list of country codes that would result in a match, eg:
country { NL; BE; UK; } - asn: list of AS numbers, eg:
asn { 64496; 64497; 64498; } - realname: list of realnames (gecos) that would result in a match, eg:
realname "*Bot*"; - certfp: list of certificate fingerprints (sha256) that would result in a match, eg:
certfp "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"; - channel: one or more channels the user can be in, optionally prefixed by symbols like ~&@%+ for matching status. Example:
channel "@#main"; /* all ops in #main */. (Requires UnrealIRCd 6.1.2 or later) - destination: the destination (client/channel) of the command, but only at places where this is supported. Currently this can be used in Restrict commands to bypass channel-message, for example. (Requires UnrealIRCd 6.1.7 or later)
- server-port: the server port the user is connected to, eg
server-port 6697;or a listserver-port { 6667; 7000; }(Requires UnrealIRCd 6.2.1 or later) - rule: a Crule such as
rule "!inchannel('#main') && (online_time()<180 || reputation()<50)";. (Requires UnrealIRCd 6.1.2 or later) - Other Extended server bans (from 3rd party modules too) can expose more values
Matching rules:
- Any items set to no mean the check will be skipped (ignored).
- Any items set to yes that are true mean the result is a match. Only 1 item that is set to yes needs to match! (But.. see next..)
- If any of the exclude- items match then the final result is NOT a match, even if other things matched.