Security-group block

Security groups are introduced in UnrealIRCd 5.0.8. The two most important groups that exist by default are: known-users (user is identified to services or has high enough reputation) and unknown-users (all other users).

There are also three more groups that exist by default:
 * tls-users: all users who are using SSL/TLS
 * tls-and-known-users: all users using SSL/TLS, plus all users that are identified to Services or have 25 or more reputation score.
 * webirc-users: all users using WEBIRC. (UnrealIRCd 5.2.0 and later)

Where security groups are used

 * In the ~G extban, eg:  to block low reputation and unidentified users
 * In the set::anti-flood block

New syntax (UnrealIRCd 6.0.4 and later)
security-group { /* Match people based on ANY of these criteria (OR) */ mask { ; }; ip { ; }; identified ; webirc ; tls ; reputation-score ; connect-time ; security-group { ; }; account { ; }; country { ; }; realname { ; }; certfp { ; };

/* Optionally EXCLUDE people based on this (even if they matched above) */ exclude-mask { ; }; exclude-ip { ; }; exclude-identified ; exclude-webirc ; exclude-tls ; exclude-reputation-score ; exclude-connect-time ; exclude-security-group { ; }; exclude-account { ; }; exclude-country { ; }; exclude-realname { ; }; exclude-certfp { ; }; }

Old Syntax (UnrealIRCd 5.x and up to 6.0.3)
security-group { identified ; webirc ; tls ; reputation-score ; include-mask { ; }; }

identified: if set to yes, then if the user is identified to Services then it is considered a match. webirc: if set to yes, then if the user comes from a WEBIRC gateway then it is considered a match. tls: if set to yes, then if the user is using a SSL/TLS connection then it is considered a match. reputation-score: if set to a value, like, then if the user has a reputation score of this value or higher , it is considered a match. include-mask: if a mask item matches, then the security group is considered a match. (UnrealIRCd 5.2.1 or later)

Matching rules:
 * Any items set to no mean the check will be skipped (ignored).
 * Any items set to yes that are true mean the security group matches the user. Only 1 item that is set to yes needs to match!

Example and changing the known-users group
The default security group known-users has the following settings: security-group known-users { identified yes; webirc no; reputation-score 25; } If you have no security-group known-users { } in your configuration file then these are the defaults. If you want to change the settings, then add the block to your config and modify it.

The magic unknown-users security-group
The unknown-users security group is a special group matching users that are NOT matched by the known-users group. In other words:  is the same as   (the exclamation mark prefix meaning 'NOT').