yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1346372] Re: The default value of quota_firewall_rule should not be -1

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Russell Bryant <1346372@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Jul 2014 15:38:45 -0000
Reply-to: Bug 1346372 <1346372@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => juno-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1346372

Title:
  The default value of quota_firewall_rule should not be -1

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  the default value of "quota_firewall_rule" is "-1", and this means unlimited. There will be potential security issue if openstack admin do not modify this default value. 
  A bad tenant User can create unlimited firewall rules to "attack" network node, in the backend, we will have a large number of iptables rules. This will make the network node crash or very slow.

  So I suggest we use another number but not "-1" here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1346372/+subscriptions

References

[Bug 1346372] [NEW] The default value of quota_firewall_rule should not be -1
From: Liping Mao, 2014-07-21