While address-lists are great, sometimes it would useful to match on routing tables instead. There are multiple mechanisms (routing protocols) in place for synchronizing information between routers, and it would be nice to use those for things like distributed firewalls.
While it is certainly possible to build a bridge between address-lists and routing tables with scripting, there are complications and significant overhead.
It would be really nice to have a distributed firewall, implemented with something like this:
/ip firewall filter add chain=forward src-address-in-routing-table=firewall-table action=drop
The mechanism could be used for distributed control of many things, the possibilities are endless.
Just a thought,
–Eric