On 2/1/16, Michael <[email protected]> wrote: > ... > My last question (for now) has to do with Fail2Ban and hidden services. > > My question is would you all prefer that separate jail.local configuration > blocks be written for each Tor service port individually, ei failing one > port > doesn't ban from a possible second hidden service port, or is a fail one > ban'em all sufficient?
please allow a single default jail.local to be used in one or any Tor service port configurations, including hidden service port configurations. then also allow each distinct configuration (IP:port, unix_domain, etc) of any Tor service configuration to be blocked individually. the latter is very useful for power users / multiple onion service operators who use service isolation intentionally to mitigate concerns of directed attacks, denial of service, or related risks. (there might be a better way than a sane default, with optional per-endpoint limits; that's my favorite approach to this question for now.) best regards, -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
