[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Scripted installer of Tor and more being worked on at GitHub, ya may want to sit down for this...

On 2/1/16, Michael <strangerthanbland@xxxxxxxxx> wrote:
> ...
> My last question (for now) has to do with Fail2Ban and hidden services.
> My question is would you all prefer that separate jail.local configuration
> blocks be written for each Tor service port individually, ei failing one
> port
> doesn't ban from a possible second hidden service port, or is a fail one
> ban'em all sufficient?

please allow a single default jail.local to be used in one or any Tor
service port configurations, including hidden service port

then also allow each distinct configuration (IP:port, unix_domain,
etc) of any Tor service configuration to be blocked individually.

the latter is very useful for power users / multiple onion service
operators who use service isolation intentionally to mitigate concerns
of directed attacks, denial of service, or related risks.

(there might be a better way than a sane default, with optional
per-endpoint limits; that's my favorite approach to this question for

best regards,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to