I'm puzzled by the following. According to the documentation it should work?
The example at http://www.openbsd.org/faq/pf/anchors.html indeed works, but that's an inline anchor. Here's the problem: I would like to define a macro in an anchor, and use that macro in other anchors below it -- like so: [ /etc/pf/anchors/base ] ext_if="ix0" (...) anchor ipsec load anchor ipsec from "/etc/pf/anchors/ipsec" [ /etc/pf/anchors/ipsec ] (...) pass out quick on $ext_if inet proto udp from ($ext_if:0) to <ipsec_peers> port { isakmp, ipsec-nat-t } keep state (...) As far as I understand this should work. Instead the result is: # pfctl -nf /etc/pf.conf /etc/pf/anchors/ipsec:6: macro 'ext_if' not defined /etc/pf/anchors/ipsec:6: syntax error pfctl: load anchors The base anchor is loaded from /etc/pf.conf like so: anchor "base/*" load anchor base from "/etc/pf/anchors/base" .. but I don't think it's relevant as I've tried to run the test between pf.conf and the base anchor, and still macros defined in pf.conf are not available from /etc/pf/anchors/base. Is this intended behaviour? Running on 5.8 release.
