Hi, I know this has come up before in various forms, but I wanted to ask again to see if the situation has changed or of there is another solution for my particular problem.
I have a redundant firewall setup, but my two firewalls are different hardware. Specifically, the network cards are different, so on one box the external interface is bge0 and on the other it's fxp0. To share pf.conf between the two, I have macros at the top that say thing like # Firewall A ExtIf = fxp0 # Firewall B # ExtIf = bge0 I make changes to the file on one box, copy to the other box and then uncomment/comment out sections like the one above to make the config appropriate to the box it's on. So, my question to ye pf masters is: Is there a way to include an external file that would define these macros? Then I could keep a local copy on each machine containing the machine specific definitions and I wouldn't have to do this commenting/uncommenting every time. Not only is it a hassle, but someday I'm going to screw it up and that's just bad. Or, is there another way around this problem? A way to make an alias for an interface, say? A way to define a macro at runtime rather than statically in the config file? Thanks! -Dylan
