I am not sure this is at all within the realm of possible but figured this may be a great place to ask. I have a number of different PPP users. Each of those users have different needs/requirements. While I can apply firewall rules to just there subnet I really don’t want to create a bunch of different subnets for each user.
Is it possible to say open port traffic of 3890 to one destination for user Bob while opening port traffic of 3890 to another destination for Joe within the name subnet based upon their login ID that does not change? That way Joe can access his content but presumably not Bob’s content.
There are plenty of possibilities associated to /ppp profile to which you refer from the /ppp secret, you can create an individual profile for each secret.
In each /ppp profile item, you can set a name of an address-list to which the IP assigned to the user will be added, or an interface-list to which the dynamically assigned interface name will be added as an /interface list member. You can also add names of firewall filter chains, input-filter and output-filter, which are added to a dynamically created chain ppp. The result then looks as follows:
[me@MyTik] > ip firewall filter print chain=ppp
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=ppp action=jump jump-target=quaqua in-interface=
1 D chain=ppp action=jump jump-target=wauwau out-interface=
And you can place a jump to chain ppp where it suits you most to input, output, and forward chains of /ip firewall filter. Just bear in mind that in output chain you cannot use rules referring to in-interface whereas in input chain you cannot use rules referring to out-interface, and that this intolerance is inherited into any user-defined chains jumped to from those two.