F2F Configuration File
The F2F Configuration file (default $FWDIR/conf/f2fq.conf) has two sections:
- Global Options
- Packet Priority Table
The Global Options section has these options:
Option
|
Description
|
Default
|
enabled
|
1: F2F Quota is enabled0: F2f Quota is disabled
|
1
|
enforce
|
1: Drop packets0: Do not drop packets, log in /var/log/messages
|
1
|
snapshots_interval
|
Milliseconds between F2F calculations
|
1000
|
load_threshold
|
Percent capacity used of the queue load before F2F activates
Range: 0 -100
|
80
|
dynamic_prio_threshold
|
Dynamic priority threshold
F2F drops packets whose dynamic priorities are lower than dynamic_prio_threshold.
|
20
|
print_syslog_interval
|
Milliseconds between writes to /var/log/messages
|
30,000
|
config_version
|
Configuration file version
|
1
|
default_priority
|
Priority for a packet that does not match any rule
|
100
|
The Packet Priority table has these fields:
Field
|
Description
|
# Interface
|
The interface name. Use * for all interfaces.
|
proto
|
The transport layer protocol. Use * for all protocols.
|
service
|
Port number or port range (applicable to TCP and UDP only). Use * for all ports.
|
ip
|
The destination IP and subnet. Use * for all IPs.
|
reason
|
Reason why this packet is rejected. Use * for all reasons.
|
priority
|
- 0-100 - Priority for a packet that matches this rule. Packets with a higher priority have a lower chance of being dropped.
Exception - Packets that match this rule are never dropped.
|
Example
enabled = 1
enforce = 1
config_version = 1
default_priority = 100
dynamic_prio_threshold = 20
snapshots_interval = 1000
load_threshold = 80
# Interface proto service ip reason priority
eth1-01 * 1-1024 1.1.1.0/24 * Exception
* TCP * * FRAG 10
* UDP * * FRAG 60
|
