I am trying to find a more efficient way then creating a long list of
policy in iked.conf that would be in in pf using table, but there isn;'t
any table in iked.conf.
As a simple example if I had this in pf
table <example> { 172.16.0.0/16, !172.16.1.0/24, 172.16.1.100 }
would match all the /16, but not the /24 however allow the /32 from the
/24 anyway.
This is a simple one, but how one would go to do something similar in
iked.conf without tables support other the creating a much longer lists
of policy to achieve the same other then creating a bunch of subnet to
cover the same address space?
Any truck may be?
Not a show stopper, but it sure would make the policy much shorter and
avoid human errors down the road.
I would appreciate any possible truck, so far I can't come up with any.
