I just bought one more router dedicated as edge router… It was crappy idea anyways because RB2011 was really overloaded with tons of functionality it couldn’t handle all at once. It’s old and really obsolete router. I hope MikroTik makes refresh of RB2011 soon. With more recent CPU and perhaps two gigabit switches instead of 1000+100. Tough that 10/100 switch was pretty useful for not demanding hardware like printers, logs servers etc…
Also like you suggested this issue doesn’t occur when use-ip-firewall is not used but I actively use it. It also doesn’t occur when hardware offloaded bridging is used (because it implies that use-ip-firewall is not used on particular bridge)