0

I want to be able to include some parts of my pf.conf from other set of files.

For example I will include "set timeout" vs like statements in another file.

Using anchors and "load anchor from file" statements will not help because anchor can not hold such GLOBAL OPTIONS.

Caleb
  • 11,583
  • 4
  • 35
  • 49
seaquest
  • 668
  • 2
  • 11
  • 25

2 Answers2

3

As per the pf.conf man page:

Comments can be put anywhere in the file using a hash mark (`#'), and
     extend to the end of the current line.  Additional configuration files
     can be included with the include keyword, for example:

       include "/etc/pf/sub.filter.conf"

Source: https://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+9.0-RELEASE

Michael
  • 468
  • 2
  • 13
  • 2
    I could be mistaken, but the FreeBSD manual page for pf.conf does not seem to cover the include keyword. – adamo Jul 11 '11 at 09:36
  • 1
    Yup. I think you have to add an anchor at the appropriate place, and then call `load anchor anchor_name from "/etc/pf/sub.filter.conf"` – Pitarou Mar 12 '14 at 04:09
  • 1
    As of now, these lines do exist (current version of the man page: FreeBSD 10.3 June 29 2012). This answer works perfectly. – zezollo Jul 20 '17 at 06:01
  • 1
    FreeBSD docs don't mention it until 9.0, which wasn't out when I answered this question. OpenBSD 4.9 was out then, and its pf.conf man page does have the include keyword. I probably didn't see the pfsense or freebsd tags and should have cited my source. – Michael Jul 23 '17 at 22:50
2

One way to do this is to use m4 as a preprocessor that produces your final pf.conf. Or you can even break your pf.conf into parts and then have a simplistic "preprocessor" cat those parts > /etc/pf.conf.

adamo
  • 6,867
  • 3
  • 29
  • 58