(verified on 6.30.4 and 6.32.3)
And then I have a filer rule, which should accept OSPF except from l2tp-link:
/interface l2tp-client add allow=mschap1,mschap2 comment="Some link" connect-to=w.x.y.z disabled=no mrru=1600 name=\ l2tp-link password=some-pass profile=l2tp-profile user=some-user
If interface is down, I will get:
/ip firewall filter add chain=input comment=OSPF in-interface=!l2tp-link protocol=ospf
In this case, the traffic will not be accepted, even if it comes from another interface.
# l2tp-link not ready add chain=input comment=OSPF in-interface=!l2tp-link protocol=ospf
Which is wrong, because negated interface matching should match other interfaces even if the named interface is down.
Of course dropping traffic from the specific interface and accepting all traffic in a subsequent rule fixes the issue, but results in 2 rules...
# l2tp-link not ready add action=drop chain=input comment=OSPF in-interface=l2tp-link protocol=ospf add chain=input comment=OSPF protocol=ospf