ipfmeta is used to simplify the maintenance of your IPfilter
ruleset. It does this through the use of objects. A matching
object gets replaced by its values at runtime. This is similar to
what a macro processor like m4 does.
ipfmeta is specifically geared towards IPfilter. It is line
oriented: if an object has multiple values, the line with the object
is duplicated and substituted for each value. It is also recursive:
an object may have another object as a value.
Metarules to be processed are read from stdin, output rules go to
Definition of the objects and their values is done in a separate
file; the filename defaults to ipf.objs. An object is delimited
by square brackets. A value is delimited by whitespace, except when
it is enclosed by double-quotes. Comments start with # and end
with a newline. Empty lines and extraneous whitespace are allowed.
A value belongs to the object that precedes it.
ipfmeta has a command mode. Metarules starting with % are
passed to the command processor. The commands are listed below.
It is recommended that you use all caps or another distinguishing
feature for object names. You can use ipfmeta for NAT rules also,
for instance to keep them in sync with filter rules. Combine
ipfmeta with a Makefile to save typing.