Just a small note on ppp firewalling topic for everyone who tried to find how it works:
1) start with adding this rule (which at the beginning does not make much sense):
(place after your established, related, etc)
/ip firewall filter
add chain=forward action=jump jump-target=ppp comment="PPP chains - in and \
out" disabled=no
Yes, place right after establisher, related, invalid etc. All the forwarded traffic will go through "ppp" chain, that is empty (for now). The important thing is that this chain name has to be "ppp" - otherwise the PPP filtering won't work.
2) Define "Incoming filter" and/or "Outgoing filter" in PPP profile (let's call them here "ppp-in" and/or "ppp-out" here, but these names can be anything). At this point, nothing new happened to firewall filter (for now).
3) Define rules in "ppp-in" and "ppp-out" chains (anything you need). Note that at this point these chains are not reachable for any traffic going through firewall as there are no jump rules to "ppp-in" and/or "ppp-out".
Then, when someone connects using PPP, the dynamic firewall jump rules are added at the end of the rules list (see below). These rules use dynamic interfaces created by the PPP connection to sort all the PPP traffic from the rest of the forward and target the chains defined "Incoming filter" and/or "Outgoing filter" in PPP profile, that were unreachable until the PPP connection was created.
All the forward traffic still goes through the "ppp" chain, just only the PPP traffic with defined "Incoming filter" and/or "Outgoing filter" is redirected to the respective filter chains.
Hope this helps in understanding how the PPP filtering packet flow works, because there are no explanation on wiki (just an example saying "add the chain named ppp and that's it").
and then anytime someone connects using PPP I get these dynamic rules:
[xxx@pip] ip firewall filter> print dynamic
Flags: X - disabled, I - invalid, D - dynamic
0 D chain=ppp in-interface=l2tp-abc action=jump jump-target=ppp-in
1 D chain=ppp out-interface=l2tp-abc action=jump jump-target=ppp-out
2 D chain=ppp in-interface=l2tp-def action=jump jump-target=ppp-in
3 D chain=ppp out-interface=l2tp-def action=jump jump-target=ppp-out
4 D chain=ppp in-interface=l2tp-ghi action=jump jump-target=ppp-in
5 D chain=ppp out-interface=l2tp-ghi action=jump jump-target=ppp-out
And then I have a hardcoded ppp-in and ppp-out chain with rules that block 445, 137-139, etc.
I'm guessing your problem is that you have static rules in the 'ppp' chain... it should be empty, it's only used for dynamically created rules. If you have a rule in that chain it will hit and the traffic will die. It should fall out the end of the ppp chain if it doesnt match any of the ppp interfaces. (return)
Sam