Lines Matching +full:high +full:- +full:bandwidth
10 .\" - Redistributions of source code must retain the above copyright
12 .\" - Redistributions in binary form must reproduce the above
45 .Bl -tag -width xxxx
47 User-defined variables may be defined and used later, simplifying
57 Ethernet filtering provides rule-based blocking or passing of Ethernet packets.
62 Queueing provides rule-based bandwidth control.
67 Packet filtering provides rule-based blocking or passing of packets.
81 .Ar set require-order
91 .Bd -literal -offset indent
105 .Bd -literal -offset indent
136 .Ar round-robin
143 .Bl -tag -width "manually"
159 statement, and are especially useful to define non-persistent tables.
160 The contents of a pre-existing table defined without a list of addresses
170 .Bl -tag -width persist
191 flag enables per-address packet and byte counters which can be displayed with
197 .Bd -literal -offset indent
211 .Bd -literal -offset indent
212 # pfctl -t badhosts -Tadd 204.92.77.111
217 .Bd -literal -offset indent
243 .Bl -tag -width xxxx
246 .Bl -tag -width "src.track" -compact
264 .Bl -tag -width xxxx -compact
288 .Bl -tag -width xxxx -compact
304 .Bl -tag -width xxxx -compact
320 .Bl -tag -width xxxx -compact
329 .Bl -tag -width xxxx -compact
334 (adaptive.end - number of states) / (adaptive.end - adaptive.start).
348 When used on a per-rule basis, the values relate to the number of
353 .Bd -literal -offset indent
366 .Bd -literal -offset indent
367 # pfctl -s info
373 .Bd -literal -offset indent
378 .Bd -literal -offset indent
388 .Bd -literal -offset indent
399 .Bd -literal -offset indent
410 .Bd -literal -offset indent
411 set limit src-nodes 2000
416 .Ar sticky-address
421 .Bd -literal -offset indent
422 set limit table-entries 100000
429 .Bd -literal -offset indent
430 set limit { states 20000, frags 20000, src-nodes 2000 }
432 .It Ar set ruleset-optimization
433 .Bl -tag -width xxxxxxxx -compact
442 .Bl -enum -compact
450 re-order the rules to improve evaluation performance
460 A side effect of the ruleset modification is that per-rule accounting
462 If per-rule accounting is important for billing purposes or whatnot,
466 Optimization can also be set as a command-line argument to
473 .Bl -tag -width xxxx -compact
477 .It Ar high-latency
478 A high-latency environment (such as a satellite connection).
481 .Ar high-latency .
494 .Bd -literal -offset indent
497 .It Ar set reassemble yes | no Op Cm no-df
506 .Cm no-df
508 .Dq dont-fragment
512 .Dq dont-fragment
517 This option is ignored if there are pre-FreeBSD 14
520 .It Ar set block-policy
522 .Ar block-policy
527 .Bl -tag -width xxxxxxxx -compact
538 .Bd -literal -offset indent
539 set block-policy return
541 .It Ar set fail-policy
543 .Ar fail-policy
546 This might happen when a nat or route-to rule uses an empty table as list
552 .Bl -tag -width xxxxxxxx -compact
563 .Bd -literal -offset indent
564 set fail-policy return
566 .It Ar set state-policy
568 .Ar state-policy
571 .Bl -tag -width group-bound -compact
572 .It Ar if-bound
579 .Bd -literal -offset indent
580 set state-policy if-bound
596 .Bl -tag -width adaptive -compact
603 is used up by half-open TCP connections, as in, those that saw the initial
606 .Bd -literal -offset indent
610 .It Ar set state-defaults
612 .Ar state-defaults
617 .Bd -literal -offset indent
618 set state-defaults no-sync
621 The 32-bit
627 By default the hostid is set to a pseudo-random value, however it may be
630 .Bd -literal -offset indent
635 .It Ar set require-order
647 There may be non-trivial and non-obvious implications to an out of
679 .Bl -tag -width xxxxxxxxxxxx -compact
712 .Bl -tag -width xxxx
729 .Bl -tag -width xxxx
751 .It Ar bridge-to Aq interface
808 .Bl -tag -width xxxx
809 .It Ar no-df
811 .Ar dont-fragment
814 .Ar dont-fragment
819 .Ar dont-fragment
821 .Ar no-df
825 .Ar dont-fragment
828 .Ar dont-fragment
832 .Ar random-id
834 .Ar no-df
836 .It Ar min-ttl Aq Ar number
838 .It Ar max-mss Aq Ar number
840 .It Xo Ar set-tos Aq Ar string
861 .It Ar random-id
871 .Bl -tag -width timeout -compact
898 delayed for longer than it takes the connection to wrap its 32-bit sequence
918 .Bd -literal -offset indent
919 match in all scrub (no-df random-id max-mss 1440)
921 .Ss Scrub ruleset (pre-FreeBSD 14)
937 .Bl -tag -width xxxx
953 .Bd -literal -offset indent
982 Packets can be assigned to queues for the purpose of bandwidth
1003 .Bl -tag -width xxxx
1014 .Ar bandwidth
1018 .Ar bandwidth
1021 achieves both partitioning and sharing of link bandwidth
1026 .Ar bandwidth .
1027 A child class can borrow bandwidth from its parent class
1028 as long as excess bandwidth is available
1059 .Ar bandwidth
1063 .Ar bandwidth
1066 supports both link-sharing and guaranteed real-time services.
1071 .Ar bandwidth
1081 .Bl -tag -width xxxx
1094 .It Ar bandwidth Aq Ar bw
1097 .Ar bandwidth
1100 percentage of the interface bandwidth.
1109 The value must not exceed the interface bandwidth.
1111 .Ar bandwidth
1112 is not specified, the interface bandwidth is used
1113 (but take note that some interfaces do not know their bandwidth,
1114 or can adapt their bandwidth rates).
1121 interface bandwidth are used to determine the size.
1127 should queue up to 5Mbps in four second-level queues using
1130 .Bd -literal -offset indent
1131 altq on dc0 cbq bandwidth 5Mb queue { std, http, mail, ssh }
1150 .Bl -tag -width xxxx
1154 .It Ar bandwidth Aq Ar bw
1159 queue's bandwidth.
1160 If not specified, defaults to 100% of the parent queue's bandwidth.
1163 scheduler does not support bandwidth specification.
1192 .Bl -tag -width Fl
1214 .Bl -tag -width Fl
1216 The queue can borrow bandwidth from the parent.
1223 .Bl -tag -width Fl
1225 The minimum required bandwidth for the queue.
1227 The maximum allowed bandwidth for the queue.
1229 The bandwidth share of a backlogged queue.
1239 controls the bandwidth assigned to the queue.
1243 are optional and can be used to control the initial bandwidth assignment.
1246 milliseconds the queue gets the bandwidth given as
1258 their parent's bandwidth.
1284 .Bd -literal
1285 queue std bandwidth 10% cbq(default)
1286 queue http bandwidth 60% priority 2 cbq(borrow red) \e
1288 queue developers bandwidth 75% cbq(borrow)
1289 queue employees bandwidth 15%
1290 queue mail bandwidth 10% priority 0 cbq(borrow ecn)
1291 queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk }
1292 queue ssh_interactive bandwidth 50% priority 7 cbq(borrow)
1293 queue ssh_bulk bandwidth 50% priority 0 cbq(borrow)
1363 .Bl -tag -width xxxx
1380 .Bd -literal
1381 10.0.0.0 - 10.255.255.255 (all of net 10, i.e., 10/8)
1382 172.16.0.0 - 172.31.255.255 (i.e., 172.16/12)
1383 192.168.0.0 - 192.168.255.255 (i.e., 192.168/16)
1390 rdr ... port 2000:2999 -\*(Gt ... port 4000
1392 rdr ... port 2000:2999 -\*(Gt ... port 4000:*
1410 A random source port in the range 50001-65535 is chosen in this case; to
1454 .Bd -literal -offset indent
1455 rdr on ne3 inet proto tcp to port smtp -\*(Gt 127.0.0.1 port spamd
1461 Unless this effect is desired, any of the local non-loopback addresses
1489 assigned to queues for the purpose of bandwidth control.
1506 .Bl -tag -width xxxx
1516 .Ar block-policy
1517 option, or on a per-rule basis with one of the following options:
1519 .Bl -tag -width xxxx -compact
1522 .It Ar return-rst
1527 .It Ar return-icmp
1528 .It Ar return-icmp6
1547 .Bd -literal -offset indent
1600 .Bd -literal -offset indent
1601 pass out inet proto icmp all icmp-type echoreq
1653 .Bl -tag -width xxxx
1753 .Bl -tag -width xxxxxxxxxxxxxx -compact
1756 .It Ar no-route
1758 .It Ar urpf-failed
1767 .Sq -
1770 .Dq 10.1.1.10 - 10.1.1.12
1776 .Bl -tag -width xxxxxxxxxxxx -compact
1782 Translates to the point-to-point interface's peer address(es).
1790 v4 and non-link-local v6 address found.
1793 ruleset load-time.
1814 .Bd -literal -offset indent
1832 .Bl -tag -width Fl
1844 hence ports 1-1999 and 2005-65535.
1856 .Bd -literal -offset indent
1918 .Bd -literal -offset indent
1939 .Bl -tag -width Fl
1961 .Pq non-SYN
1978 .It Xo Ar icmp-type Aq Ar type
1981 .It Xo Ar icmp6-type Aq Ar type
1994 .Ar icmp-type
1996 .Ar icmp6-type
2022 .Bd -literal -offset indent
2027 .It Ar allow-opts
2031 .Ar allow-opts
2045 pfctl -s labels
2046 shows per-rule statistics for rules that have labels.
2050 .Bl -tag -width $srcaddr -compact -offset indent
2068 .Bd -literal -offset indent
2075 .Bd -literal -offset indent
2103 .Bd -literal -offset indent
2119 .Bd -literal -offset indent
2123 .It Ar received-on Aq Ar interface
2163 .It Xo Ar divert-to Aq Ar host
2177 If a packet is re-injected and does not change direction then it will not be
2178 re-diverted.
2179 .It Ar divert-reply
2188 .Bd -literal -offset indent
2199 .Bl -tag -width xxxx
2200 .It Ar route-to
2202 .Ar route-to
2206 .Ar route-to
2211 .It Ar reply-to
2213 .Ar reply-to
2215 .Ar route-to ,
2219 .Ar reply-to
2224 .It Ar dup-to
2226 .Ar dup-to
2228 .Ar route-to .
2237 .Ar route-to ,
2238 .Ar reply-to
2240 .Ar dup-to
2245 .Bl -tag -width xxxx
2258 .It Ar source-hash
2260 .Ar source-hash
2266 randomly generates a key for source-hash every time the
2268 .It Ar round-robin
2270 .Ar round-robin
2274 .Ar round-robin
2276 .It Ar static-port
2280 .Ar static-port
2284 .It Xo Ar map-e-portset Aq Ar psid-offset
2285 .No / Aq Ar psid-len
2291 .It Ar endpoint-independent
2295 .Ar endpoint-independent
2300 This feature implements "full-cone" NAT behavior.
2301 .Ar map-e-portset
2302 option enables the source port translation of MAP-E (RFC 7597) Customer Edge.
2303 In order to make the host act as a MAP-E Customer Edge, setting up a tunneling
2305 to the map-e-portset nat rule.
2308 .Bd -literal -offset indent
2310 -> $ipv4_mape_src map-e-portset 6/8/0x34
2317 .Ar sticky-address
2323 .Ar round-robin
2342 will create a high quality random sequence number for each connection
2351 .Bd -literal -offset indent
2394 completed the handshake, hence so-called SYN floods with spoofed source
2417 .Bd -literal -offset indent
2422 per-rule basis.
2431 .Bl -tag -width xxxx -compact
2436 .It Ar no-sync
2461 .Bd -literal -offset indent
2464 (max 100, source-track rule, max-src-nodes 75, \e
2465 max-src-states 3, tcp.established 60, tcp.closing 5)
2469 .Ar source-track
2472 .Bl -tag -width xxxx -compact
2473 .It Ar source-track rule
2475 .Ar max-src-nodes
2477 .Ar max-src-states
2481 .It Ar source-track global
2484 .Ar max-src-nodes
2486 .Ar max-src-states
2493 .Bl -tag -width xxxx -compact
2494 .It Ar max-src-nodes Aq Ar number
2497 .It Ar max-src-states Aq Ar number
2503 which have completed the TCP 3-way handshake) can also be enforced
2506 .Bl -tag -width xxxx -compact
2507 .It Ar max-src-conn Aq Ar number
2509 completed the 3-way handshake that a single host can make.
2510 .It Xo Ar max-src-conn-rate Aq Ar number
2520 Because the 3-way handshake ensures that the source address is not being
2528 bandwidth.
2547 .Bd -literal -offset indent
2550 (max-src-conn-rate 100/10, overload \*(Ltbad_hosts\*(Gt flush global)
2581 .Ar no-df
2584 .Dl \&"OpenBSD 3.3 no-df\&"
2593 .Dl # pfctl -so
2606 .Bd -literal -offset indent
2636 .Bd -literal -offset indent
2641 .Bd -literal -offset indent
2646 For non-loopback interfaces, there are additional rules to block incoming
2651 .Bd -literal -offset indent
2656 .Bd -literal -offset indent
2707 .Bd -literal -offset indent
2770 .Bl -tag -width xxxx
2771 .It Ar nat-anchor Aq Ar name
2776 .It Ar rdr-anchor Aq Ar name
2781 .It Ar binat-anchor Aq Ar name
2834 .Bd -literal -offset indent
2848 .Bd -literal -offset indent
2850 pfctl -a spam -f -
2862 .Bd -literal -offset indent
2864 load anchor spam from "/etc/pf-spam.conf"
2872 .Pa /etc/pf-spam.conf
2883 .Bd -literal -offset indent
2896 .Bd -literal -offset indent
2898 pfctl -a spam -f -
2908 .Bd -literal -offset indent
2928 .Bd -literal -offset indent
2929 # echo ' anchor "spam/allowed" ' | pfctl -f -
2930 # echo -e ' anchor "../banned" \en pass' | \e
2931 pfctl -a spam/allowed -f -
2946 Brace delimited blocks may contain rules or other brace-delimited blocks.
2948 .Bd -literal -offset indent
2976 .Bd -literal
2981 rdr on $ext_if proto tcp from any to any port 80 -\*(Gt 127.0.0.1 port 8080
2988 .Bd -literal
2989 rdr pass on $ext_if proto tcp from any to any port 80 -\*(Gt 127.0.0.1 \e
3001 .Bd -literal
3002 nat on ! vlan12 from 192.168.168.0/24 to any -\*(Gt 204.92.77.111
3010 .Bd -literal
3013 nat on $ext_if from 144.19.74.0/24 to any -\*(Gt 204.92.77.100
3018 .Bd -literal
3022 rdr on $int_if proto { tcp, udp } from any to any port 80 -\*(Gt 127.0.0.1 \e
3029 .Xr ftp-proxy 8 ,
3032 .Xr ftp-proxy 8
3034 .Xr ftp-proxy 8
3036 .Bd -literal
3040 nat on $ext_if inet from ! ($ext_if) to any -\*(Gt ($ext_if)
3046 nat on $ext_if inet proto udp from any port = isakmp to any -\*(Gt ($ext_if) \e
3053 binat on $ext_if from 10.1.2.150 to any -\*(Gt $ext_if
3057 binat on $peer_if from 172.21.16.0/20 to any -> 172.22.16.0/20
3063 -\*(Gt 10.1.2.151 port 22
3065 -\*(Gt 10.1.2.151 port 53
3069 # for proxying with ftp-proxy(8) running on port 8021.
3070 rdr on $int_if proto tcp from any to any port 21 -\*(Gt 127.0.0.1 port 8021
3077 .Bd -literal
3081 # using the source-hash keyword.
3082 nat on $ext_if inet from any to any -\*(Gt 192.0.2.16/28 source-hash
3088 -\*(Gt { 10.1.2.155, 10.1.2.160, 10.1.2.161 } round-robin
3091 .Bd -literal
3106 block in from no-route to any
3110 block in from urpf-failed to any
3122 # them anyway (hence, no return-rst).
3133 pass on $ext_if inet proto icmp all icmp-type 8 code 0
3182 tag SPAMD -\*(Gt 127.0.0.1 port spamd
3191 .Bd -literal
3192 line = ( option | ether-rule | pf-rule | nat-rule | binat-rule |
3193 rdr-rule | antispoof-rule | altq-rule | queue-rule |
3194 trans-anchors | anchor-rule | anchor-close | load-anchor |
3195 table-rule | include )
3197 option = "set" ( [ "timeout" ( timeout | "{" timeout-list "}" ) ] |
3198 [ "ruleset-optimization" [ "none" | "basic" | "profile" ]] |
3200 "high-latency" | "satellite" |
3202 [ "limit" ( limit-item | "{" limit-list "}" ) ] |
3203 [ "loginterface" ( interface-name | "none" ) ] |
3204 [ "block-policy" ( "drop" | "return" ) ] |
3205 [ "state-policy" ( "if-bound" | "floating" ) ]
3206 [ "state-defaults" state-opts ]
3207 [ "require-order" ( "yes" | "no" ) ]
3213 ether-rule = "ether" etheraction [ ( "in" | "out" ) ]
3214 [ "quick" ] [ "on" ifspec ] [ "bridge-to" interface-name ]
3216 [ etherfilteropt-list ]
3218 pf-rule = action [ ( "in" | "out" ) ]
3221 hosts [ filteropt-list ]
3224 logopt = "all" | "matches" | "user" | "to" interface-name
3226 etherfilteropt-list = etherfilteropt-list etherfilteropt | etherfilteropt
3230 filteropt-list = filteropt-list filteropt | filteropt
3231 filteropt = user | group | flags | icmp-type | icmp6-type | "tos" tos |
3233 [ "(" state-opts ")" ] |
3234 "fragment" | "no-df" | "min-ttl" number | "set-tos" tos |
3235 "max-mss" number | "random-id" | "reassemble tcp" |
3236 fragmentation | "allow-opts" |
3244 "received-on" ( interface-name | interface-group )
3246 nat-rule = [ "no" ] "nat" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
3249 [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" )
3250 [ portspec ] [ pooltype ] [ "static-port" ]
3251 [ "map-e-portset" number "/" number "/" number ] ]
3253 binat-rule = [ "no" ] "binat" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
3254 [ "on" interface-name ] [ af ]
3255 [ "proto" ( proto-name | proto-number ) ]
3256 "from" address [ "/" mask-bits ] "to" ipspec
3258 [ "-\*(Gt" address [ "/" mask-bits ] ]
3260 rdr-rule = [ "no" ] "rdr" [ "pass" [ "log" [ "(" logopts ")" ] ] ]
3263 [ "-\*(Gt" ( redirhost | "{" redirhost-list "}" )
3266 antispoof-rule = "antispoof" [ "log" ] [ "quick" ]
3270 table-rule = "table" "\*(Lt" string "\*(Gt" [ tableopts-list ]
3271 tableopts-list = tableopts-list tableopts | tableopts
3273 "{" [ tableaddr-list ] "}"
3274 tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec
3275 tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ]
3277 ipv4-dotted-quad | ipv6-coloned-hex
3279 altq-rule = "altq on" interface-name queueopts-list
3281 queue-rule = "queue" string [ "on" interface-name ] queueopts-list
3284 anchor-rule = "anchor" [ string ] [ ( "in" | "out" ) ] [ "on" ifspec ]
3285 [ af ] [ protospec ] [ hosts ] [ filteropt-list ] [ "{" ]
3287 anchor-close = "}"
3289 trans-anchors = ( "nat-anchor" | "rdr-anchor" | "binat-anchor" ) string
3292 load-anchor = "load anchor" string "from" filename
3294 queueopts-list = queueopts-list queueopts | queueopts
3295 queueopts = [ "bandwidth" bandwidth-spec ] |
3298 schedulers = ( cbq-def | priq-def | hfsc-def )
3299 bandwidth-spec = "number" ( "b" | "Kb" | "Mb" | "Gb" | "%" )
3303 return = "drop" | "return" | "return-rst" [ "( ttl" number ")" ] |
3304 "return-icmp" [ "(" icmpcode [ [ "," ] icmp6code ] ")" ] |
3305 "return-icmp6" [ "(" icmp6code ")" ]
3306 icmpcode = ( icmp-code-name | icmp-code-number )
3307 icmp6code = ( icmp6-code-name | icmp6-code-number )
3309 ifspec = ( [ "!" ] ( interface-name | interface-group ) ) |
3310 "{" interface-list "}"
3311 interface-list = [ "!" ] ( interface-name | interface-group )
3312 [ [ "," ] interface-list ]
3313 route = ( "route-to" | "reply-to" | "dup-to" )
3314 ( routehost | "{" routehost-list "}" )
3318 etherprotospec = "proto" ( proto-number | "{" etherproto-list "}" )
3319 etherproto-list = proto-number [ [ "," ] etherproto-list ]
3320 protospec = "proto" ( proto-name | proto-number |
3321 "{" proto-list "}" )
3322 proto-list = ( proto-name | proto-number ) [ [ "," ] proto-list ]
3328 "from" ( "any" | "no-route" | "urpf-failed" | "self" | host |
3329 "{" host-list "}" ) [ port ] [ os ]
3330 "to" ( "any" | "no-route" | "self" | host |
3331 "{" host-list "}" ) [ port ]
3333 ipspec = "any" | host | "{" host-list "}"
3334 host = [ "!" ] ( address [ "/" mask-bits ] | "\*(Lt" string "\*(Gt" )
3335 redirhost = address [ "/" mask-bits ]
3336 routehost = "(" interface-name [ address [ "/" mask-bits ] ] ")"
3337 address = ( interface-name | interface-group |
3338 "(" ( interface-name | interface-group ) ")" |
3339 hostname | ipv4-dotted-quad | ipv6-coloned-hex )
3340 host-list = host [ [ "," ] host-list ]
3341 redirhost-list = redirhost [ [ "," ] redirhost-list ]
3342 routehost-list = routehost [ [ "," ] routehost-list ]
3344 port = "port" ( unary-op | binary-op | "{" op-list "}" )
3346 os = "os" ( os-name | "{" os-list "}" )
3347 user = "user" ( unary-op | binary-op | "{" op-list "}" )
3348 group = "group" ( unary-op | binary-op | "{" op-list "}" )
3350 unary-op = [ "=" | "!=" | "\*(Lt" | "\*(Le" | "\*(Gt" | "\*(Ge" ]
3352 binary-op = number ( "\*(Lt\*(Gt" | "\*(Gt\*(Lt" | ":" ) number
3353 op-list = ( unary-op | binary-op ) [ [ "," ] op-list ]
3355 os-name = operating-system-name
3356 os-list = os-name [ [ "," ] os-list ]
3358 flags = "flags" ( [ flag-set ] "/" flag-set | "any" )
3359 flag-set = [ "F" ] [ "S" ] [ "R" ] [ "P" ] [ "A" ] [ "U" ] [ "E" ]
3362 icmp-type = "icmp-type" ( icmp-type-code | "{" icmp-list "}" )
3363 icmp6-type = "icmp6-type" ( icmp-type-code | "{" icmp-list "}" )
3364 icmp-type-code = ( icmp-type-name | icmp-type-number )
3365 [ "code" ( icmp-code-name | icmp-code-number ) ]
3366 icmp-list = icmp-type-code [ [ "," ] icmp-list ]
3371 state-opts = state-opt [ [ "," ] state-opts ]
3372 state-opt = ( "max" number | "no-sync" | timeout | "sloppy" |
3373 "source-track" [ ( "rule" | "global" ) ] |
3374 "max-src-nodes" number | "max-src-states" number |
3375 "max-src-conn" number |
3376 "max-src-conn-rate" number "/" number |
3378 "if-bound" | "floating" | "pflow" )
3382 timeout-list = timeout [ [ "," ] timeout-list ]
3393 limit-list = limit-item [ [ "," ] limit-list ]
3394 limit-item = ( "states" | "frags" | "src-nodes" ) number
3397 "source-hash" [ ( hex-key | string-key ) ] |
3398 "round-robin" ) [ sticky-address ]
3400 subqueue = string | "{" queue-list "}"
3401 queue-list = string [ [ "," ] string ]
3402 cbq-def = "cbq" [ "(" cbq-opt [ [ "," ] cbq-opt ] ")" ]
3403 priq-def = "priq" [ "(" priq-opt [ [ "," ] priq-opt ] ")" ]
3404 hfsc-def = "hfsc" [ "(" hfsc-opt [ [ "," ] hfsc-opt ] ")" ]
3405 cbq-opt = ( "default" | "borrow" | "red" | "ecn" | "rio" )
3406 priq-opt = ( "default" | "red" | "ecn" | "rio" )
3407 hfsc-opt = ( "default" | "red" | "ecn" | "rio" |
3408 linkshare-sc | realtime-sc | upperlimit-sc )
3409 linkshare-sc = "linkshare" sc-spec
3410 realtime-sc = "realtime" sc-spec
3411 upperlimit-sc = "upperlimit" sc-spec
3412 sc-spec = ( bandwidth-spec |
3413 "(" bandwidth-spec number bandwidth-spec ")" )
3417 .Bl -tag -width "/etc/protocols" -compact
3448 .Xr ftp-proxy 8 ,