Delivery-Date: Mon, 01 Feb 2016 07:20:13 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D94611E0677;
	Mon,  1 Feb 2016 07:20:11 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 92F753946F;
	Mon,  1 Feb 2016 12:20:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E7CCC3946C
 for <tor-talk@lists.torproject.org>; Mon,  1 Feb 2016 12:20:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id QUpIsZCguaP9 for <tor-talk@lists.torproject.org>;
 Mon,  1 Feb 2016 12:20:04 +0000 (UTC)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com
 [IPv6:2a00:1450:4010:c04::22d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 8E70239469
 for <tor-talk@lists.torproject.org>; Mon,  1 Feb 2016 12:20:04 +0000 (UTC)
Received: by mail-lb0-x22d.google.com with SMTP id cl12so73628950lbc.1
 for <tor-talk@lists.torproject.org>; Mon, 01 Feb 2016 04:20:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=2u26aVmo9Jy+W3j0OKwdvzvRce2VMavS3fSzCde0Mns=;
 b=io3TpSpF5I6qeUsKmniRfYAAShqF/S2QH8I0h/b1cpZhmNznYQ3neiYJ44B7cMZ3U5
 I3FoLPi3Xl2ADGSc582D7zxzZWlBIOBXkip0sNYoGiStWk1pAaBXgvleeHjpMNjnYLxd
 AwC+2p4qgpeePKOjOuHAhP2LUHskegIg76j8s3hjuWRPMLsBjRqvB5klLSwDSOd+vt9E
 8yAUynyqug2gBIASOxlE0/ED2GrAO1iXO+q9DL+uYmhVBLpTdLx823VReVPwfM3ar4j1
 NFm/S6EPMnFcGuQ1xDxJD5dZccfbE2AJ/sxUODen1uori9/fQXPZdxZM1ZCF3+r4v4tG
 dBxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=2u26aVmo9Jy+W3j0OKwdvzvRce2VMavS3fSzCde0Mns=;
 b=KbawP+xo/WcnBSjRncRTf0xdk3NlhV5DJ00Q75s5ULPqJ+KwMTTSrN5rnEAcRS0Whd
 wrP1u9kE/pEd8iiGq/q2Du88fuBbpy3ePRnPR85waq2zL1VqGzIXHtRtzqmcJ8IdebKY
 Qvjnpco5wiHc5n+YOQEHOoKVIhAkYRD92WSous0dOLiJu10oz/vAbnfKcOLxeZxbm4Wz
 +L4Kp/4cDS69oSAuyliMx1M7ZQnMWU91JEzbiZWMHcvOtQdJMd1dBQoMhcNmMKwQcDDc
 qvJHA+uF85UlzSDnqrR2C5Y2sM4DTvsmVPed279NPfMFX5QLmuRBMgeL1/EqDwPE7n8s
 K45w==
X-Gm-Message-State: AG10YOSXamOsfp8USJN/yp4FqprmbTw2n4N3OFLxzmJmHAI35FkVaXadJuv8civkFV5d7XsyZRqF+nV7R9WtbQ==
MIME-Version: 1.0
X-Received: by 10.112.147.161 with SMTP id tl1mr8097291lbb.4.1454329201521;
 Mon, 01 Feb 2016 04:20:01 -0800 (PST)
Received: by 10.25.87.202 with HTTP; Mon, 1 Feb 2016 04:20:01 -0800 (PST)
In-Reply-To: <C7FBA10B-7C46-4464-AF60-EAA715B5A70C@gmail.com>
References: <0C175F9B-9446-41E7-9479-A52E3589F379@gmail.com>
 <CAJVRA1SX3wFFm519DXQsYcRYSkRbzJDXJGe+ctj=V1Yeon47yg@mail.gmail.com>
 <C70326E8-0427-4D41-9B0D-4F7D0767D4E1@gmail.com>
 <CAFN1edpi8F=7rGz5HVk5KMFPPLGrgnYCsAarVQMno0AdeRaZ6Q@mail.gmail.com>
 <C83CD66C-0737-421D-8F24-C128A698BEC9@gmail.com>
 <CAFN1edrZn0pMAAsYYkBJrThdxMgVpOsw3xtwXyYTTH+okKkVOg@mail.gmail.com>
 <9C7C7D1C-06A3-4589-923F-C8C50BC222A4@gmail.com>
 <CAFN1edrawns_+LTOAnjs4_VAikKm4A1t9CU+3FrEW_YkAXnjeA@mail.gmail.com>
 <CAJVRA1T778ANkQwTZ6qFwAhxCxUfXpp=ZAYuU9K1WY+_HzKWeQ@mail.gmail.com>
 <C7FBA10B-7C46-4464-AF60-EAA715B5A70C@gmail.com>
Date: Mon, 1 Feb 2016 13:20:01 +0100
Message-ID: <CAJVRA1Tx0fqoQMQr1H0+M0yW2=TW7uU_8RxyeNN_ADT_JrRsrQ@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Scripted installer of Tor and more being worked on
 at GitHub, ya may want to sit down for this...
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2/1/16, Michael <strangerthanbland@gmail.com> wrote:
> ...
> My last question (for now) has to do with Fail2Ban and hidden services.
>
> My question is would you all prefer that separate jail.local configuration
> blocks be written for each Tor service port individually, ei failing one
> port
> doesn't ban from a possible second hidden service port, or is a fail one
> ban'em all sufficient?

please allow a single default jail.local to be used in one or any Tor
service port configurations, including hidden service port
configurations.

then also allow each distinct configuration (IP:port, unix_domain,
etc) of any Tor service configuration to be blocked individually.

the latter is very useful for power users / multiple onion service
operators who use service isolation intentionally to mitigate concerns
of directed attacks, denial of service, or related risks.

(there might be a better way than a sane default, with optional
per-endpoint limits; that's my favorite approach to this question for
now.)


best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

