I'm curently finalizing the testnet node security.
Do you want the node to be accesible from TOR ?
I ask because on some of my servers I use dynamic autoban of TOR exit nodes to prevent DDOS by TOR.
I think that active delegate node won't be using TOR, it would be too slow, so I don't see a problem with active delegate blocking those IP. Do you ?