I have 2 unmanaged switches between which I would like to limit traffic, but I'm completely new to routerOS and am a bit overwhelmed by the options. I can get into the nitty gritty specifics of my site, but I believe my question can be answered if we approach it more generally and it may be applicable to others if we don't focus on the specifics.
So there are devices connected to both switches that need to talk to each other, and there are devices that shouldn't talk to each other, all on the same LAN So I'm not sure what is better setting up a whitelist or a blacklist, and then having a blanket deny or blanket accept rule, respectively. And next, I'm not sure if I should be blocking based on mac or IP addressing. It would be easier to blacklist the 3 interfaces that I don't want to cross the bridge, since there are only 3 (1 on one side, 2 on the other). But I assume it would be more secure to just deny all traffic and specify what I want to cross. But this is more complex because there are anywhere from 37-73 devices on one side, and 3 or so on the other (coming from multiple subnets). It seems like more work and more complex to set up the whitelist, but may be easier if I could specify ranges (like .52-.89). And is there anything else I need to know about this sort of configuration? Like default settings I need to override, or do I need to set 2 ports to 'bridge' mode or anything like that?