Hi,
I though this was working before. I have 3 wireless cards bridged for my hotspot. All wlans have default-forwarding disabled. I just realized that windows filesharing is still normal and clients can still see eachother 
I tried to add this too but nothing changes:
/ip firewall filter
add chain=forward protocol=udp dst-port=135-139 action=drop comment=“NetBIOS” disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment=“NetBIOS” disabled=no
Any suggestion???
They can see, but have you checked either they can exchange IP data ?
You have to ensure that there is ‘interface bridge settings set use-ip-firewall=yes’
for firewall rules over bridge.
Yes, they can exchange IP data.
Wait, I just tried this as you suggested /interface bridge settings set use-ip-firewall=yes and now the workgroups are still visible but access seems denied.
It seems working.
Many thanks!
Default forwarding is something else. It is to disable communications between clients connected to one specific wireless card. You have a bridge, that’s another story
Correct, default-forwarding is used to deny communication between clients connected to the same AP.
So, you have to use either ‘ip firewall filter’ or ‘interface bridge firewall’ to deny communications in the bridge.
It would be helpful if you could post some examples or a link to some tutorials, thanks.