Hi
Don’t seem possible to restrain the client (ip) to only allowing UpnP (forwarding) to the client (ip) who requested this
i.e. block for ability to change forwarding to other or all on the router than the one “requesting”
Some routers have this facility, which would in some degree increase security when using UpnP
Asked Mikrotik, they say if other request such function they might consider