This section covers a couple tidbits of PF configuration that don’t quite fit anywhere else: include files and the
Sometimes splitting a configuration file into multiple pieces simplifies your work. Do this with an
include statement in pf.conf.
I do this when I need to manage several PF machines with unique configurations, but certain pieces are identical. The management-addresses file defines a table listing all hosts and networks that can connect via SSH, make SNMP queries, as so on. When one of those addresses change, I copy this file to all of my PF hosts and reload the packet-filtering rules.
PF processes packet-filtering ...