I’m looking to create a user that can only login via the serial interface. (console port) I thought about setting its allowed address to 0.0.0.0/32. That should at least prohibit any IP connection attemps, right? Would this still allow MAC connections? We’ll probably disable that, so that’s fine.
Is there a better way to do this? I looked at the special login feature, but I couldn’t see that it could be used for this purpose.
Create a restricted local user-group and assign that user to that user-group. Ie. a “local” group, without web, ssh, telnet, winbox, api, etc.,
See System / User in GUI.