On 2008-12-13, ropers <[email protected]> wrote: > About (a): > I guess if you're really worried about maintaining two pf.conf files, > you could write a script that will edit your one single pf.conf (so > that it would comment out/de-comment specific lines; by content, not > by line number) and call that script via crontab. It would however be > really easy to clobber your pf.conf when doing this, if you're not > careful.
it's safer to use and redefine macros: $ cat a foo="#" bar="" $foo pass to 1.1.1.1 $bar pass to 2.2.2.2 $ pfctl -nvf a foo = "#" bar = "" pass inet from any to 2.2.2.2 flags S/SA keep state $ pfctl -nvf a -D bar="#" -D foo="" foo = "#" bar = "" pass inet from any to 1.1.1.1 flags S/SA keep state
