using “include” like statement in pf.conf to include some pa rts from other files

[Peter]

> Hi,
>
> I want to be able to include some parts of my pf.conf from other set of
> files.
>
> For example I will include "set timeout" vs like statements in another
> file.
>
> Using anchors and "load anchor from file" statements will not help
> because anchor can not hold such GLOBAL OPTIONS. In case I set those
> macros and set statement in a anchor it will be valid for the anchor
> or not valid at all (set statemenets).
>

Dirty workaround I've used is to build pf.conf from many smaller files.
Using the ipfw numbering style you can get away with having:
000.pf.macros.inc
010.pf.tables.inc
020.pf.options.inc
etc.etc.
100.pf.jail1.inc
110.pf.jail2.inc

Of course they were named appropriately like global/hostA/hostB and then a
simple
":> /etc/pf.conf ;for i in `ls /nfs/pf/$hostname/*inc`; cat $i >>
/etc/pf.conf;done"

This made updating many hosts "common" parts go pretty fast and broke it
up into individual parts - heck even give some friends the ability to
manage their parts of the rules [jails].

]Peter[