[tor-talk] Scripted installer of Tor and more being worked on at GitHub, ya may want to sit down for this...

coderman coderman at gmail.com
Mon Feb 1 12:20:01 UTC 2016


On 2/1/16, Michael <strangerthanbland at gmail.com> wrote:
> ...
> My last question (for now) has to do with Fail2Ban and hidden services.
>
> My question is would you all prefer that separate jail.local configuration
> blocks be written for each Tor service port individually, ei failing one
> port
> doesn't ban from a possible second hidden service port, or is a fail one
> ban'em all sufficient?

please allow a single default jail.local to be used in one or any Tor
service port configurations, including hidden service port
configurations.

then also allow each distinct configuration (IP:port, unix_domain,
etc) of any Tor service configuration to be blocked individually.

the latter is very useful for power users / multiple onion service
operators who use service isolation intentionally to mitigate concerns
of directed attacks, denial of service, or related risks.

(there might be a better way than a sane default, with optional
per-endpoint limits; that's my favorite approach to this question for
now.)


best regards,


More information about the tor-talk mailing list