On Thu, Nov 30, 2006 at 04:00:37PM +0000, Karl O. Pinc wrote: > The clean solution would be if pf had some sort of #include > mechanisim. Then the macros that abstract the interfaces could > be written into include-ed files and everything else would be > sane.
pfctl -D int_if=foo -f /etc/pf.conf or even pfctl -D int_if=`grep-o-matic` -f /etc/pf.conf comes to mind. You can also use interface groups, even as a degenerate case where each interface is in its own group, (ab)using the group name as a functional interface name, then reference only interface groups in pf.conf. Many options, all less work than adding features to pfctl ;) Daniel
