I might be mistaken, but assuming class-default works out of the normal default reservation of 25%, and assuming when 100% bandwidth not allocated, classes share bandwidth in proportion to their bandwidth reservations, then we have a ratio of 50:25, or 2:1, or non-Internet can have 2/3, and Internet, and other non-matched traffic, 1/3. So, setting LINT's bandwidth to 75%, would come closer to the OP request to only reserve a minimum 256 Kbps for Internet traffic.
Although there's nothing wrong with selecting the HQ traffic explicitly and allowing Internet traffic to fall within the class-default, the converse could be done too.
e.g. (converse of Jon's example)
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.6.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip any any
class-map LINT
match access-group 101
policy-map LINT
class LINT
bandwidth percent 6
!chose 6% to be about 25% of default's 25%
int s0/1
service-policy output LINT
PS:
BTW:
Something to be careful with, if WFQ active in class-default, although other explicit classes limited to a normal allocation of 75%, FQ class-default flows not really limited to 25% of the total bandwidth on most platforms.
See Understand Platform Differences within http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800fe2c1.shtml. Document is focused on ATM, but believe class-default FQ works as described for other interface types.
