(verified on 6.30.4 and 6.32.3)
e.g.
Code: Select all
/interface l2tp-client
add allow=mschap1,mschap2 comment="Some link" connect-to=w.x.y.z disabled=no mrru=1600 name=\
l2tp-link password=some-pass profile=l2tp-profile user=some-user
Code: Select all
/ip firewall filter
add chain=input comment=OSPF in-interface=!l2tp-link protocol=ospf
Code: Select all
# l2tp-link not ready
add chain=input comment=OSPF in-interface=!l2tp-link protocol=ospf
Which is wrong, because negated interface matching should match other interfaces even if the named interface is down.
Of course dropping traffic from the specific interface and accepting all traffic in a subsequent rule fixes the issue, but results in 2 rules...
Code: Select all
# l2tp-link not ready
add action=drop chain=input comment=OSPF in-interface=l2tp-link protocol=ospf
add chain=input comment=OSPF protocol=ospf