That is a great point to make. I didn't even realize that you could build your pf.conf file in such a manner...well at least I wasn't thinking of doing it that way. And I too could load tables from external files, but I found that you cannot nest tables within tables. But really this is not a big deal as I can place everything I need into the one and only pf.conf. I was just one day thinking organization, and I thought maybe I could put my macros into another file and include that file while reloading pf. At the end of the day it works the same great way.
I'm not complaining though; I absolutely love packet filter and OpenBSD. I came from an IPTables script that was 700+ lines and I'm not going back. I like the OpenBSD operating system and the reasons for which it is being developed. I am inspired by the attention to detail and the persistence towards security. I guess not too often do you ever hear about success stories in the forums, but I suppose on occasion you do. For instance, in one weekend I converted that IPTables script to OpenBSD's packet filter. It took me a month and half to read several OpenBSD books...maybe only the ones you need to read, in order for me to feel comfortable running this operating system. Now, I can't wait for 3.8 to come out...so much that I intend on buying the cd set and a cool t-shirt. Thanks for your reply. -AW-
