From: Liping Mao <limao@cisco.com>
Date: Mon, 21 Jul 2014 15:41:54 +0000 (+0800)
Subject: The default value of quota_firewall_rule should not be -1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=8748a3ee68e60778c90b8b83181bc28a7e8fe9d1;p=openstack-build%2Fneutron-build.git

The default value of quota_firewall_rule should not be -1

A bad tenant User can create unlimited firewall rules to
"attack" the network node, so I modify the default value to 100.

Change-Id: I485c24cb1a7ed77dee81356fe6d95276808a47d4
Closes-Bug: #1346372
---

diff --git a/neutron/extensions/firewall.py b/neutron/extensions/firewall.py
index bbb5d163e..ff0fd39fb 100644
--- a/neutron/extensions/firewall.py
+++ b/neutron/extensions/firewall.py
@@ -293,7 +293,7 @@ firewall_quota_opts = [
                help=_('Number of firewall policies allowed per tenant. '
                       'A negative value means unlimited.')),
     cfg.IntOpt('quota_firewall_rule',
-               default=-1,
+               default=100,
                help=_('Number of firewall rules allowed per tenant. '
                       'A negative value means unlimited.')),
 ]