on Sun, Nov 04, 2001 at 12:56:40PM -0500, Greg A. Woods wrote:
> [ On Sunday, November 4, 2001 at 00:20:59 (-0500), Mike Pelley wrote: ]
> > There is often more than one file to edit or rename.  On my machine, for
> > instance, there would be three, and it is just a home machine.  In many
> > circumstances it would be advantageous to avoid editing any files
> > (say, in a remote 3rd party data centre).
> 
> Same here.  On my home router, with three physical interfaces and at
> least one virtual interface, the three files to edit are rc.conf,
> ipf.conf, and ipnat.conf
> 
> I'd really like it if I could use some form of indirection in ipf.conf
> to avoid having to muck in it....  Perhaps something along the lines of
> "use the interface with this address".....

Another and maybe more useful addition to ipf assuming it hasn't been added
since 3.4.9, would be variables and an include directive. This could probably
be hacked with cpp, mostly. If the syntax is ?sh compatible then rc.conf
should be easy too.

eg:
interfaces.conf:
    ext=ne0
    int=ne1
    int_nets="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"

ipf.conf:
    include "/etc/interfaces.conf"
    block in on $ext from $int_nets ...

ipnat.conf:
    include "/etc/interfaces.conf"
    map $ext $int_nets -> 0/32

rc.conf:
    . /etc/interfaces.conf
    rtadvd=YES      rtadvd_flags="$int"

The include could also be generated at boot time, if you wanted. This is
messy.
I believe pf has variables/arrays.