I have a guest vlan on a different subnet from my main LAN. I have firewall rules to drop all traffic from guest to main, and any ip traffic destined for the router. Guest traffic to the Internet is allowed. This works fine.
I can still access the router using Winbox from the guest vlan using the Mac address. How do I stop this?