> One way to solve it would be to put all the macros in, say, > /etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure > they are included before the rules in pf.conf, but that seems > inconvenient to me.
that might be your best option. you can use something like pfctl to parse rules without loading them, but I don't think the reverse is possible. you're probably not this lucky, but assuming all your macros are just name/ip pairs like in the example, you might be able to get away with storing them all in /etc/hosts or setting up a dns forwarder.
