#!/path/to/ezbounce
# ^--- replace this with the actual path and give this file execute
#      permissions so you can do ./sample.conf and run your server
#
#
##################################################
#
# ezbounce sample configuration file
#
#
# This file lists all the config options available and describes
# them and provides examples of their use.
#
##################################################

#
# First some basic options, such as log file, user password and
# administrator information
#

# note: password is optional. If you don't want one, comment it out
#
set password 		drowssap

# Ports
# This tells ezbounce what ports to listen on.
# You can enter a single number, or seperate multiple ones with commas.

listen 6667,6668,57000

# some more examples
#listen 6668
#listen 6667,6669,7000,6660,6666,5000


#
# Automatically connect users to an IRC server when they connect
# to ezbounce?
# set auto-server irc.core.com:6667


#
# Message of the Day.. it is displayed whenever you connect to ezbounce and
# give it the correct password

set motd-file sample.MOTD


# Admin configuration: we allow admins from anywhere w/ the username
# servadmin and password greenballs
# 
# You can use as many 'from' fields as you like.
# You may only have one admin block per config file.

admin {
	from 	*
	name	servadmin
	password	greenballs
}

#
# Set a logfile. If you really don't want one, you can set it to 
# something like /dev/null. But they are a good idea.

set logfile ezbounce.log

#
# Write a pid file? If yes, ezbounce will write its pid to a file so
# you can use a script like the included ezbchk to see if its 
# running and restart it if it is not

set write-pidfile 1
set pidfile ezbounce.pid


# ------------------
# DCC Proxying
# ------------------
#
# This ought to be helpful if your users are behind a firewall and do not
# have their own global ip addresses.
#
# Read 'README' for all the juicy details. Basically this is transparent
# DCC proxying; no special settings required for the client. Ezbounce
# intercepts DCC requests and manipulates them so that it acts as a middle
# man in the request.  
# 
# Enable outgoing? That is, from the ezbounce user client to the outside
# world

set enable-outgoing-dcc-proxying 0

# Enable incoming DCC proxying? (From the outside world to the folks using
# your ezbounce proxy

set enable-incoming-dcc-proxying 0

# Some people have restrictive network settings and what the DCC ports
# to fall in a certain range. Try this option:
# (you may use any combination of ranges and commas)

# set dcc-listen-port-range 4500-4600,7000,7005




# -------------------------------
#       Virtual Hosts
# -------------------------------

# Do you want clients to select what virtual hosts they may bind their
# connections on? Or will they be limited to the one you set?
# 
# Gotta enable the command first!

set enable-vhost-command 1

# If you set that to 1 you should play with this too, it is the list of
# virtual hosts that clients may use. If you don't want to bother with it
# don't define one or just enter 'all' as the only entry.
#
# NOTE: the admin can use ANY vhost he wants
#

vhosts {
	all
}

# another example 
# vhosts {
#	 localhost
#	 www.thismachine.com
#	 i.like.thismachine.com
#	 blahblahblah.com
# }



# -----------------------------------
#            Detaching 
# -----------------------------------
#
# The detach system is very cool. You can disconnect from
# ezbounce and it will still maintain your IRC session, and log it,
# until you reconnect and reattach to it
#
#
# Allow clients to use the 'detach' command? Please see the README file
# if you don't know what this does!

set enable-detach-command 1


# automatically detach user at all times. useful for maintaining 
# conenction
# full time.
#
# user will always be detached unless he uses /quote ezb quit
#set enable-auto-detach 1

#
# Logging while detached... ezbounce can log private and channel
# messages for detached users. Then it can DCC send them back on
# reattach. These options control this feature.
#

# permit logging of private messages
#
set enable-private-logging 1

# permit logging of channels
set enable-public-logging 1

# let users store logs in seperate files (that is, one for chan, one for
# private)
set enable-seperate-logging 1

# where to store logs?
set log-dir logs

#
# The default log options
#
# Currently set at: log all, log seperate, time stamp events
#
# Full list of options:
# a - log all (combines p and c)
# s - log to seperate files
# p - log private
# c - log channels 
# n - log nothing!
# t - timestamp events
# f - log full addresses always
#
set default-log-options ast



# -------------------------------
#   Custom / Fake Ident Replies
# -------------------------------

# Fake idents: read about it in mdidentd/README
# Both default to 0

set enable-fake-idents 1
set auto-fake-idents 1




# ------------------------------
# Idle time limits and stuff
# ------------------------------
# How long do we wait for a user to register?
# (this is in seconds, is optional and defaults to 45)

set max-registration-time 20

# How long can a user remain idle on the proxy before
#  he connects to an IRC server?

set max-idle-time 500



# ------------------------------
#           Rule sets
# ------------------------------
#
# This is the most important part. It lets you control
# who get to use the proxy and who doesn't, where they may 
# connect and how many of them are allowed. 
# You can also ban people, both from adresseses and
# to addresses, on specific ports if you wish.  
#
# There are two types, allow and deny.
# The basic syntax for allow is:
# allow {
#     [number] from <address> [on ports]
#     [number] to   <address> [on ports]
# }
#
# The items in []'s are optional, while the ones in <>'s are required.
# Here are what the items mean:
#
#  number  -    how many users to permit to or from <address>. 
#		   defaults to -1, or unlimited.
#  address -    can be an ip address, resolved name; you can use wildcards
#		 or * to specify 'all'
#  ports   -	for 'from' fields it controls what ports clients are
#		 allowed to connect on and for 'to' fields
#		 it controls what ports client are allowed to connect to.
#		 Defaults to 'all'. '-' can be used to indicate range.
#
# Other things:
#
# * A ruleset of type allow MUST have at least on from and one to field.
#
# * The from fields indicate what and how many clients can be allowed and
#    the to fields specify where and how many of them can connect.
#
# * ezbounce will do reverse lookups if needed when checking addresses.
#   for example: if you set it to allow conections to irc.blah.com which
#                 happens to have the ip address 69.69.69.69,
#		  users connecting to the ip address will be allowed to do so.

# Example of an allow ruleset: 
# Allow 5 people from anywhere to connect to irc.* servers on
# ports 6660 through 6969, but only two of them may connect at once.

allow {
	5 from *
	2 to irc.* 6660-6969
}

# allow an unlimited amount people from *.generic-isp.com 
# to connect anywhere they want on any port

allow {
	from *.generic-isp.com
	to *
}

# you can have multiple from and to fields
allow {
	5 from *.home.com
	1 from 152.168.2.*
	17 from localhost
	from *.blah.com
	to 199.* 6667
	1 to irc.prison.net 6667
	to us.undernet.org 7000
}



# ----------------------------------
#     Banning people
# ----------------------------------
#
# With the deny ruleset, you can ban people from using your proxy
# and connecting to certain places.
#
# the syntax is:
#
# deny {
#	from <address> [on ports] [reason]
#	to   <address> [on ports] [reason]
# }
#
# Ports and address are same as in the allow ruleset. Reason is the reason
# for banning. It is optional, and defaults to 
# "No reason was given!"
#
# At least one from or to field required. You do not need both. If you use
# both, clients only from the 'from' address will be banned to use
# the addresses in the 'to' fields. Examples are somewhere below.
#
# Note that you don't use any numbers in deny rulesets. 

# 
# A basic deny block. Ban people from aol on all ports and compuserve
# people on port 6969
deny {
	from *.aol.com 			AOL users are not welcome here.
	from *.compuserve.*  on 6969 	AOL users are not welcome here.
}

# deny ALL users on the proxy from connecting to ports below 1024
# and to irc.badserver.com

# deny {
#	to * 			on 0-1024
#	to irc.badserver.com 
# }

# Here we have a from entry AND a to entry. It
# prevents our friends from *.aol.com and generic-isp.net from
# connecting to dalnet servers.
deny {
	from 	*.aol.com
	from 	*.generic-isp.net
	to 	*.dal.net
}


# other rule set examples
# allow {
# 	1 from *.dcr.com
#	1 from *.home.com 
# 	1 to irc.* on 6667-7000
#	to 192.168.1.7 on 6667
# }

# let people from ubercool.host.com do whatever they want
allow {
	from 	ubercool.host.com 
	to 	*
}


# Other ruleset notes:
#
# A user may belong to multiple rule sets. 
# Deny rulesets have priority.
#



##############################################################
# -------------------------------
#  Other set-able variables
# -------------------------------

# NOTE: All of the following variables are OPTIONAL.


# Prevent clients from making the proxy connect to itself? This is a good idea

set prevent-self-connects 1


# If clients lose connections to their IRC servers, should they be disconnected
# from ezbounce too? If so, set this to 1. This may cause problems with some 
# clients (not sure).

set drop-on-disconnect 1

# How many tries do people get at giving the correct password?
# (setting this to 0 disables this feature)

set max-failed-passwords 3


# How many times do we let people try to become admins before getting mad
# and disconnecting them?
# Again, setting it 0 will let me people try forever.

set max-failed-admins 2


# Input queue configuration
# You can leave this alone, the defaults should be fine for everybody.
# But you can fine tune it anyway.

# set the minimum input buffer size from client-->ezbounce
#set min-client-input-queue 512

# and the maximum
#set max-client-input-queue 2048

# now for ezbounce<--some_irc_server
#set min-server-input-queue 1024
#set max-server-input-queue 4096


#
# This option controls whether or not to destroy a client
# if his input buffer becomes full. This is generally a good idea
# as it prevents abusers from doing Bad Things like
# 
# telnet your.ip 6667 < /dev/zero

set kill-on-full-queue 1


# 
#
# This option controls how long ezbounce will wait for a dns lookup
# request to complete. Setting it to a high value will make ezbounce
# wait more, but the proxy will not respond to other clients
# during that period. 
#
# Setting it to a low value will make ezbounce more impatient, preventing
# other clients from being 'locked out' for long periods of time,
# but a value too short can cause ruleset-related dns lookups to
# fail prematurely and prevent legitimate users from using the server 
# and connecting to irc servers.
#
# For most people a value between 9 and 15 should be fine.
#
# And this is in seconds.

set max-dns-wait-time 12


#
# This is another DNS-lookup related option.
#
#
# It controls whether ezbounce will do reverse lookups if needed 
# while determining if someone is allowed to use the proxy and 
# if they're allowed to connect to a certain server. 
# Normally, if you have something like 'from xxx.host.com' in one of your 
# allow rule-sets ezbounce does a dns lookup on a clients ip so that
# it can be compared with your rules. Enabling this options stops
# the dns lookup part from happening.
#
# This option has some pros and cons, the pro being that it will 
# speed things up somewhat as ezbounce will not have to do as many
# dns lookups. 
#
# The downside is that, if you choose to enable this option,
# you *MUST* use IP addresses in the 'from' fields of all your 
# rulesets. You can't do 'from *.com' because ezbounce will not
# reverse lookup a clients ip and then compare it to *.com, blocking
# out potential legitamate users. 
# 
# Also, for 'to' fields, you will need to supply both ip and
# non-ip forms. If you have 'to irc.server.com' in a deny ruleset
# and not its ip address, a user can easily get past your ban
# by using 'conn <ip_address_here>'
#
# IN SHORT, unless you know what you're doing, leave this at 0.

set no-reverse-lookups 0


# Thats about it.
# There are no more config options available through the config files, 
# but there are three command line options you can use,
# 
# -f: 		to make ezbounce not go into the background
# -b <address>  to have ezbounce listen for connections on a different
# 		 interface, if they are available on the machine
# -c <address>  to have ezbounce bind connections to a different interface.
# -u <uid>      to have ezbounce switch to this userid after it gets started