From owner-freebsd-pf@FreeBSD.ORG Thu Sep 6 10:40:53 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAE0F1065672 for ; Thu, 6 Sep 2012 10:40:53 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 8D78F8FC15 for ; Thu, 6 Sep 2012 10:40:53 +0000 (UTC) Received: by iayy25 with SMTP id y25so2377627iay.13 for ; Thu, 06 Sep 2012 03:40:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-gm-message-state; bh=AxUYCkGA7P8dLmqXIZ2L/gMwij6xNUDgTZ3/yrdeqqo=; b=k5pK4Kbpt9OesGGNVDYQA2AHATaEFhL3vkBGnIHsb72YtPANZqX9bc2F+BZD1hpouQ uUqdeUfOyj1k8gAJ04FFI8OUB3dY4YeV0Put/WqK7NmcUav9JX84auOQk5uLfzF3A10n wdXswAYGpXJcpmuZc24Uv8lwkjIlgA8l9zJOrbmIeJf5IcGr70Da5hCVNG7c7cbh5Gqe 5yulXJNj6crr7jHmYDDJrHAQuw3kR6r5ysLULLvrOMeZwEIdusJpiAGoH4XLAWpSVpyK 56x8NPh8JAhkGZtxhzgFZCJ1eu7egcBua/zUllwkhADWXg4Ne5KG/WJnnp3XP3I0EwqD 99WA== MIME-Version: 1.0 Received: by 10.43.92.71 with SMTP id bp7mr1700019icc.52.1346928052882; Thu, 06 Sep 2012 03:40:52 -0700 (PDT) Received: by 10.64.96.131 with HTTP; Thu, 6 Sep 2012 03:40:52 -0700 (PDT) Date: Thu, 6 Sep 2012 12:40:52 +0200 Message-ID: From: Damien Fleuriot To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQmUkhzQxfkCP4JrRfpOqku7FUqDN+x3lpexOnyCyEd/P1oVpLFREQY0++SxvBoB60EB3fh6 Subject: Including files in pf.conf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2012 10:40:53 -0000 Hello list, Is there any interest regarding the support of includes in PF's configuration ? As in: include /etc/pf/interfaces include /etc/pf/timers include /etc/pf/tables ... I for one would dearly love such functionality. In the meantime, I have taken to splitting our rulesets at work into anchors, to have pseudo include files. The sad part is, every time I want to change an option (for example the TCP flags to match a rule) I have to do it in every anchor, like: flags="flags S/SAFR" Would this be of interest to anyone besides me ?