On Sat, Oct 08, 2005 at 02:22:55PM -0700, ADub wrote:
> Dear bit.listserv.openbsd-pf,
> Does packet filter allow you to load external files? More
> specifically, could one place macro definitions in a separate file, but
> hook them up to pf.conf so as you reload the pf.conf file you get your
> macros? Thank you!
I don't know of anything that does this up to and including -current.
However, there has been talk in the past (search the archives, you'll
even see me some number of years ago talking about this) about how to
solve this.
I don't believe there is anyone actively working on this, but there are
two solutions that I've either used or heard of others using.
One, use tables from files, i.e.,:
table <MERCHANTS> persist file "/etc/pf/MERCHANTS"
Currently, tables can only hold addresses so this may or may not be of
use to you.
Another way is to use m4, make, or even a shell/perl script:
#!/bin/sh
TMP=`mktemp`
for file in macros norm queue nat rules; do
cat /etc/pf/$file >> $TMP
done
pfctl -nf $TMP && mv $TMP /etc/pf.conf
There is more error checking and what not you should be doing in this
script. Every time you update one of your include files, run the script
and it'll regenerate your master pf.conf which you can then check into
revision control and then load when needed.
TIMTOWTDI, YMMV, etc.
-jon
