]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: e693d5b)
The default value of quota_firewall_rule should not be -1
authorLiping Mao <limao@cisco.com>
Mon, 21 Jul 2014 15:41:54 +0000 (23:41 +0800)
committerLiping Mao <limao@cisco.com>
Mon, 21 Jul 2014 15:45:03 +0000 (23:45 +0800)
A bad tenant User can create unlimited firewall rules to
"attack" the network node, so I modify the default value to 100.

Change-Id: I485c24cb1a7ed77dee81356fe6d95276808a47d4
Closes-Bug: #1346372

neutron/extensions/firewall.py patch | blob | history

diff --git a/neutron/extensions/firewall.py b/neutron/extensions/firewall.py
index bbb5d163ec788f50531ab3b3fdfdfd096d562458..ff0fd39fb1fbc9e3e034903a04bba9b3e6114846 100644 (file)
--- a/neutron/extensions/firewall.py
+++ b/neutron/extensions/firewall.py
@@ -293,7 +293,7 @@ firewall_quota_opts = [
                help=_('Number of firewall policies allowed per tenant. '
                       'A negative value means unlimited.')),
     cfg.IntOpt('quota_firewall_rule',
-               default=-1,
+               default=100,
                help=_('Number of firewall rules allowed per tenant. '
                       'A negative value means unlimited.')),
 ]