Comment 9 for bug 1336207
Revision history for this message
| Salvatore Orlando (salvatore-orlando) wrote Re: There is no quota for allowed address pair | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
There is clearly a possibility of causing a denial of services using this kind of 'attack'.
In theory on would make allowed address pairs a resource with a quota, but that's not easy as they're an attribute rather than a resource.
So I would rather take the approach in the suggested patch of putting a configurable hard limit on the number of address pairs allowed on a port.
It should also possible to have both a maximum number of pairs per port and a global per-tenant maximum number of additional address pairs.