The current ability to configure ACL rules is very restrictive, e.g. there is no ability to specify a '!' NOT operator on fields, making rules such as "drop all packets from MAC 'x' NOT destined for MAC 'y'" a lot more difficult.

There is also no way to make a specific 'accept' rule, it is either a 'drop' or 'redirect' one etc. - and it is unclear if there is any ordering between different ACL rules - so e.g. an "accept MAC 'x' from VLAN 10 on port 1" ACL rule (for a trunk port) followed by a "drop all VLAN 10 from Port 1" ACL rule, to restrict allowed MAC addresses for a VLAN from a trunk (e.g. to get quasi-'Port Isolation' for specific MAC's on the trunk port), is a lot more difficult as well.

Is it possible for MikroTik to implement these feature?
- '!' NOT operator for ACL rules
- 'Accept' ACL rule
- ACL Rule ordering

If it isn't possible, is there documentation or a good description of the switch chipset limitations that prevent this? These feature would be very useful/important for additional security within a VLAN.

Additional ACL Feature request:
- Ability to put a name and/or comment on ACL rules, describing what they are for.