Onion tightening

Since the onion server box only serves anything via the onion service, the box should not be pingable. Also, the SSH server should not be generally accessible, so this enables a second onion service for sshing to. Ideally, the filewall rules would lock down all ports, with some exceptions for the sysadmins to be able to ssh to the box. That will have to come in future work.