Limiting ADD_ONION TARGET access.
Please add a torrc option that allows the user to specify the target or port range allowed for an application that creates an ephemeral hidden service.
For example, saying that it can only bind to 12.0.0.1/32 and port range None..None.
The tor client should refuse creating the hidden service if the application tries values outside of that range, for example 127.0.0.1:22 or 192.168.1.1:80