> Hi, > > I want to be able to include some parts of my pf.conf from other set of > files. > > For example I will include "set timeout" vs like statements in another > file. > > Using anchors and "load anchor from file" statements will not help > because anchor can not hold such GLOBAL OPTIONS. In case I set those > macros and set statement in a anchor it will be valid for the anchor > or not valid at all (set statemenets). >
Dirty workaround I've used is to build pf.conf from many smaller files. Using the ipfw numbering style you can get away with having: 000.pf.macros.inc 010.pf.tables.inc 020.pf.options.inc etc.etc. 100.pf.jail1.inc 110.pf.jail2.inc Of course they were named appropriately like global/hostA/hostB and then a simple ":> /etc/pf.conf ;for i in `ls /nfs/pf/$hostname/*inc`; cat $i >> /etc/pf.conf;done" This made updating many hosts "common" parts go pretty fast and broke it up into individual parts - heck even give some friends the ability to manage their parts of the rules [jails]. ]Peter[ _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
