From 8748a3ee68e60778c90b8b83181bc28a7e8fe9d1 Mon Sep 17 00:00:00 2001
From: Liping Mao <limao@cisco.com>
Date: Mon, 21 Jul 2014 23:41:54 +0800
Subject: [PATCH] The default value of quota_firewall_rule should not be -1

A bad tenant User can create unlimited firewall rules to
"attack" the network node, so I modify the default value to 100.

Change-Id: I485c24cb1a7ed77dee81356fe6d95276808a47d4
Closes-Bug: #1346372
---
 neutron/extensions/firewall.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/neutron/extensions/firewall.py b/neutron/extensions/firewall.py
index bbb5d163e..ff0fd39fb 100644
--- a/neutron/extensions/firewall.py
+++ b/neutron/extensions/firewall.py
@@ -293,7 +293,7 @@ firewall_quota_opts = [
                help=_('Number of firewall policies allowed per tenant. '
                       'A negative value means unlimited.')),
     cfg.IntOpt('quota_firewall_rule',
-               default=-1,
+               default=100,
                help=_('Number of firewall rules allowed per tenant. '
                       'A negative value means unlimited.')),
 ]
-- 
2.45.2