PF Edges
This section covers a couple tidbits of PF configuration that don’t quite fit anywhere else: include files and the quick keyword.
Using Include Files
Sometimes splitting a configuration file into multiple pieces simplifies your work. Do this with an include statement in pf.conf.
include "/etc/pf/management-addresses"
I do this when I need to manage several PF machines with unique configurations, but certain pieces are identical. The management-addresses file defines a table listing all hosts and networks that can connect via SSH, make SNMP queries, as so on. When one of those addresses change, I copy this file to all of my PF hosts and reload the packet-filtering rules.
Skipping Matches with quick
PF processes packet-filtering ...
Get Absolute OpenBSD, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
