Hi , it is possible to use pool (ip/pool) as condition in filter ? I want add rule to all VPN users whats get IP from pool.
Thanks
****I’m afraid you’ll have to manually create an
/ip firewal address-list
with a single member with
address=ip.addr.range.start-ip.addr.range.end
matching the pool’s address range, and use that address list in the rule. Or directly set
src-address
or
dst-address
in the rule to the range if you only refer to it in a single rule.
What type of VPN?
In a PPP based VPN you can create a separate PPP profile for the VPN users that adds their address to an address-list and you can use that in the filter.
Ok. so there is no automated way how remove duplicity in config ( one in pool and one in address list ) so If that IP changes I will have to change it at two places.
As pe1chl noted, you can set your VPN profile to add the user’s assigned IP to a dynamic address-list. You can use that address-list in your firewall filters then.