Due to recent security failures, we'd urgently need the ability to bind IP services to a specific IP / Interface, like can be done in allmost all linux servers.

Filter by src-address isn't enough, cause if service daemon itself gets compromised...

We need to set-up a non-publicly accessible network, and be sure winbox service can only be reachable by these interfaces.

Regards

+1 for this request.
It should be possible to bind IP services to a specific IP and/or a specific interface.
We do so on our linux servers allways !

Good request. Seems obvious in hindsight. Defense in Depth.

YES! Binding SNMP to a single IP so it always replies from that same IP would be super nice.

Due to recent security failures, we'd urgently need the ability to bind IP services to a specific IP / Interface, like can be done in allmost all linux servers.
Filter by src-address isn't enough, cause if service daemon itself gets compromised...

YES, we need this!
And it is NOT related to filtering.
I need to run www service on LAN bridge interface ONLY. And i need it to bind to port 80 on that specific interface!
Because i need port 80 to be FREE elsewhere to be forwarded from internet to my web server. So, i need to NAT port 80 from internet to a server on my LAN which is behind mikrotik's NAT. And at the same time have the ability for inexperienced administrators to reach webfig from LAN by only typing the IP address, which goes by default to port 80.
We need different services which use the same port number be accessible at different interfaces.
Thanks

I need to run www service on LAN bridge interface ONLY. And i need it to bind to port 80 on that specific interface!
Because i need port 80 to be FREE elsewhere to be forwarded from internet to my web server.

That's perfectly doable with NAT: DST-NAT is executed first and if the rule contains also property in-interface-list=WAN (or something similar), then only connections coming in via those interfaces will get DST-NATed. Other connections will still be handled by router's own services (if firewall permits).

I have no clue what the op wants.

But it would appear its.

a. SOME WHACKO local port 80 only available for bridge users (local WWW service, so nothing to do with reaching the internet, I have no idea what this local thing is ????????????????)
b. separately to be able to come in external to the router and hit port 80 on a server for external users I presume.........???????????????