I have a typical "drop everything that is not explicitly allowed" kind of firewall setup on a RouterOS system and have just added a PPTP server to allow remote access into the local network.

My problem now is, how do I add a filter rule to allow traffic from ANY pptp interface into the local network?

With IPtables I was used to use -I ppp+ to specify any dynamically generated ppp interface but I don't seem to be able to do that on RouterOS, so what's the solution to this problem on this platform?

I've currently worked around the problem with a rule like:
Which allows traffic from any interface but the internet interface. That's good enough for this setup, but in larger environments you might not want to allow traffic from multiple interface and then it's not good enough to use a in-interface=NOT-xxx rule.

Any solution? Hmm, perhaps I could create a bridge device and have it dynamically add the PPTP interfaces to the bridge and use that bridge interface in the filter rules...

the ppp profile has a in and out chain you can specify. Once you add that you will get a dynamic ppp chain that automatically jumps to your chains for each interface. Its in the manual. ppp-in and ppp-out I believe. Then from your forward chain just jump to the ppp chain.