Page 1 of 1

Firewall rule with dynamic interface

Posted: Thu Mar 10, 2016 8:54 am
by marcrisse
hi,

how can i apply firewall rules to sstp-interfaces permanently? Every time after reconnect of sstp-client, my mikrotik says "unknown interface" and i have to reconfigure the rule.


best
marc

Posted: Thu Mar 10, 2016 9:24 am
by jarda
Why not to use static sstp interface binding linked to the user instead dynamic?

Re:

Posted: Thu Mar 10, 2016 11:52 am
by marcrisse
Why not to use static sstp interface binding linked to the user instead dynamic?
the mikrotik with sstp-service dials in via DSL with a disconnect every 24h. the sstp-client is a linux server with permanent internet connection. the devicename <sstp-rootserver> doesn't change but it is lost every night for some seconds. this seems to be enough for the firewall to mark the rule red caused of unknown device. (sorry for my bad english ;-) )

Re: Firewall rule with dynamic interface

Posted: Thu Mar 10, 2016 11:57 am
by Splash
If you are worried about any configuration bound to a dynamic interface you should, as part of best practice, create a service binding. What this does is create an interface which is static, but linked to a dynamic username account. When ever the account connects it will be provided with the same interface. This could be used for routes too.
/interface sstp-server
add name=sstp-in1 user=test
/interface l2tp-server
add name=l2tp-in1 user=test3
/interface sstp-server
add name=sstp-in1 user=test
/interface pptp-server
add name=pptp-in1 user=test2
/interface ovpn-server
add name=ovpn-in1 user=test4