Hi,
is it possible to restrict pings to the router, so that only the the interface respondes to which the clients belongs?
Example:
Router:
VLAN1: 192.168.1.1/24
VLAN2: 192.168.2.1/24
A client from VLAN1 should not be able to ping 192.168.2.1 (VLAN2-Interface).
How can I achieve this in a setup with multiple VLANs (without a static Firewall-Filter-Input-rule for every VLAN)?
Something like the following should work. I’m not testing myself (because I find such rules unnecessary cosmetics).
/ip firewall filter
add chain=input action=drop dst-address=192.168.2.1 in-interface=!VLAN-2
I too prefer configs without makeup 
I agree with you! Unfortunately we use other routing-vendors too and they behave this way (and they cant changed).
So we prefer a consistent behaviour throughout all vendor-hardware.