On 8/14/19, Pop Chunhapanya pop@cloudflare.com wrote:
When deploying an onion service ... the ip address of my machine ... is exposed to the Tor network... DDoS ... if someone knows my ip address.
Only your tor client, and your guard, knows your ip. Unless you're up against a malicious guard, that's not a problem, and if you are, firewalling doesn't help anything there because you can't prevent a real "DDoS" or any other modulation from partitioning or otherwise giving away your onion. Tor cannot defend against that class of attack.
Note that in a proper "onion only" configuration, a box should have no inbound ports open.
There is something confusing with your wording.
If these replies don't help, please rephrase your question.
And or sanitize and post your torrc config and invocation commandline.