Hello.
Is it possible to set up the l2tp server on the mikrotik so that you can log in within a specified period of time?
I would like to be able to connect to the client, e.g. from 8:00 to 14:00.
Thank you in advance for the hint.
No unless you write a script for that…
…or you can just use “Time” firewall matcher to restrict establishing the l2tp connection outside the needed time interval…
@xvo is right on that…
Yes, but can I set a ban on the firewall only for selected logins (users)?
Only on src-address basis.
Or you can let the user connect, but not allow to reach anything.
Otherwise - couple of scripts in the scheduler, that will disable/enable needed ppp secrets/interfaces.
In general bear in mind that in a stateful firewall, the permissive rules are normally used to control only the process of creation of a new connection. So in order to be able to block already established connections and at the same time let mid-connection packets be still handled by just a single rule, you’d have to have several “accept established,related” rules with additional match conditions (matching on address lists or interface lists) and let the time conditions enable just one of them at any given time. Time conditions have the specialty of removing the rule from the internal chains outside the active time, so the packets are not matched against it at all.
If you use fasttracking, the above won’t work as the fasttracked packets bypass firewall rules completely and most connections can survive a dropped packet now and then.
Plus if you wanted to have more than one time window, things would quickly get complicated.
So all in all I think scheduled scripts are a better way.