Tip of the day: The Security article gives hands-on tips on how to deal with drone attacks, flooding, spammers, (D)DoS and more.

Template:Security-group and mask shared settings

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

The items are as follows:

  • mask: list of masks that would result in a match, like *.example.net
  • ip: list of IP addresses that would result in a match, eg 127.* or using CIDR notation 127.0.0.0/8.
  • identified: if set to yes, then if the user is identified to Services then it is considered a match.
  • webirc: if set to yes, then if the user comes from a WEBIRC gateway then it is considered a match.
  • websocket: if set to yes, then if the user uses WebSockets then it is considered a match. (Requires UnrealIRCd 6.0.7 or later)
  • tls: if set to yes, then if the user is using a SSL/TLS connection then it is considered a match.
  • reputation-score: if set to a value, like 10, then if the user has a reputation score of this value or higher, it is considered a match. You can also use <10 to say match on a score of below 10.
  • connect-time: if set to a time value, like 300 (seconds) or 5m (5 minutes), then if the user has been connected for longer than this time, it is considered a match. You can also use a value like <5m to say less than 5 minutes.
  • security-group: this is a match if any of the security groups in this list match.
  • account: list of account name(s) that would result in a match, eg: account { TrustedAccount1; TrustedAccount2; }
  • country: list of country codes that would result in a match, eg: country { NL; BE; UK; }
  • asn: list of AS numbers, eg: asn { 64496; 64497; 64498; }
  • realname: list of realnames (gecos) that would result in a match, eg: realname "*Bot*";
  • certfp: list of certificate fingerprints (sha256) that would result in a match, eg: certfp "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef";
  • channel: one or more channels the user can be in, optionally prefixed by symbols like ~&@%+ for matching status. Example: channel "@#main"; /* all ops in #main */. (Requires UnrealIRCd 6.1.2 or later)
  • destination: the destination (client/channel) of the command, but only at places where this is supported. Currently this can be used in Restrict commands to bypass channel-message, for example. (Requires UnrealIRCd 6.1.7 or later)
  • rule: a Crule such as rule "!inchannel('#main') && (online_time()<180 || reputation()<50)";. (Requires UnrealIRCd 6.1.2 or later)
  • Other Extended server bans (from 3rd party modules too) can expose more values

Matching rules:

  • Any items set to no mean the check will be skipped (ignored).
  • Any items set to yes that are true mean the result is a match. Only 1 item that is set to yes needs to match! (But.. see next..)
  • If any of the exclude- items match then the final result is NOT a match, even if other things matched.
Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Template:Security-group_and_mask_shared_settings&oldid=14124"