Hi Ingo, Pascale, thanks for your very helpful responses... Ill give it a go
much obliged, Tom Smyth On Thu, 4 Sept 2025 at 21:00, Ingo Schwarze <[email protected]> wrote: > Hi Tom, > > Tom Smyth wrote on Thu, Sep 04, 2025 at 08:17:04PM +0100: > > > sometimes in my router configs I would like to be able to declare > > a macro in one location and refer to it across multiple files, > > for instance a loopback address might be refered to in BGP, OSPF > > and IPSEC and PF configuration, > > > > is there a way in OpenBSD of configuring aliases / variables like > > that and then using them in config files where they would be > > expanded / understood by the parser of the config file ... > > I don't think there is a method that is going to work with > absolutely all config files one might come up with - but many > of the daemons you mention are based on parse.y, hence they have > reasonably similar configuration syntax, and many of them support > the "include" directive: > > $ man -s 5 -k Ic=include > acme-client.conf(5) - acme-client configuration file > bgpd.conf(5) - BGP routing daemon configuration file > eigrpd.conf(5) - EIGRP routing daemon configuration file > hostapd.conf(5) - configuration file for the Host Access Point daemon > httpd.conf(5) - HTTP daemon configuration file > iked.conf(5) - IKEv2 configuration file > ipsec.conf(5) - IPsec configuration file > iscsi.conf(5) - ISCSI daemon configuration file > ldapd.conf(5) - LDAP daemon configuration file > ldpd.conf(5) - LDP routing daemon configuration file > man.conf(5) - configuration file for man > ospf6d.conf(5) - OSPF for IPv6 routing daemon configuration file > ospfd.conf(5) - OSPF routing daemon configuration file > pf.conf(5) - packet filter configuration file > rad.conf(5) - router advertisement daemon configuration file > relayd.conf(5) - relay daemon configuration file > smtpd.conf(5) - SMTP daemon configuration file > snmpd.conf(5) - SNMP daemon configuration file > unwind.conf(5) - validating DNS resolver configuration file > vm.conf(5) - virtual machine configuration > > So you *might* get away with putting *some* macros into *one* > configuration file that you #include from configuration files > for *some* different daemons - provided that you carefully > study the documentation about which configuration file supports > exactly what, be careful to not put stuff into the common file > that makes any of the including daemons choke, and carefully > test every daemon after every change. > > Disclaimer 1: as usual with apropos(1), do not take the above list > at face value - instead, actually RTFM. For example, man.conf(5) > supports an "includes" directive with a very different syntax that > does soemthing very different but also matches the search > expression "Ic=include". > > Disclaimer 2: i never did this myself, but i see no reason why it > shouldn't work. > > > or am I asking for too much and just script the changes through > > in config generators (which is what I do presently ? > > That's not completely unreasonable either; i did such things in > the past when i had multiple firewalls separating various network > segments and wanted conistent config files across more than one > machine. > > Yours, > Ingo > -- Kindest regards, Tom Smyth.
