[m_rinsec] restrict insecure non-tls users
Posted: Fri Dec 14, 2018 8:43 pm
This module is really helpful in terms of network security, it jails unsecured/non-tls users in specified channel (so you can help them to configure their clients for TLS usage) and restrict them from messages (they are only can send messages to the jail channel)/commands/aliases usage, they are also can't leave that channel and can't join any other channels on the network, this will protect your network channels from leaking/etc.. without the need of +z mode, but just do not abuse with it, as it is really powerful.
Download Link
Example configuration:
Download Link
Example configuration:
Code: Select all
loadmodule "modules/third/m_rinsec_u4";
set {
rinsec {
# allow this ips/hosts/etc to bypass any restrictions
except-hosts {
"127.0.0.0/8";
};
# channel to jail users
channel "#insecure";
# notify client on-connect (show available TLS ports/enabled procotols)
show-notify "yes";
# restrict commands
restrict-cmds "yes";
# list of allowed commands
allowed-cmds "PING,PONG,MODE,QUIT,PROTOCTL,CAP";
};
};