On 2011-11-30 16:14, Guido Tschakert wrote: > > How about a definition.conf with all your (Name,IP-Adress)-Pairs which > is included first in your pf.conf, so your vlanXXXX.confs only include > the rules but no definitions. > > guido >
Thanks, this is probably the way to do it. Sometimes we move vlans between firewalls and then it can be good to remove the rules, but still keep some macros. I'm also planning to have the same set of variables on all 10 firewalls so that the only difference between them will be the rules files. //Peter
