this is what the ppp-in and ppp-out chains are for. Jump to them in the forward chain. You can also make the server interfaces static so they can be named explicitly in firewall rules, since they won’t disappear when they are disconnected.
How do you make the server interfaces static? I’ve looked but don’t see where…
I’m also unaware of where the ppp-in and out chains are…and a doc/forum/wiki search doesn’t help me any. Do you mean I should create some chains? I’m not sure how I can jump to them if I can’t identify the traffic I want to jump with…which is why I need to have a way to identify traffic from the pptp interface.
Perhaps I’m missing something obvious, but please point me in a clear direction and I’ll work it out. But I’m no-where closer than I was before…
The above 4 rules basically block port 445 and let everything else thru, only for ppp connections. This is only an example.
/ppp profile
set [find] incoming-filter=ppp-in outgoing-filter=ppp-out
This sets all profiles to use those ppp-in and ppp-out chain. When a user using that profile connects you will see dynamic rules created in the ppp-in and -out chains automatically. Once you set it up and see what happens when a user connect you will understand more…