can you please post guide how to add that rule ?Implement CPE firewall rules that block customers from acting as DHCP servers on your network.
DHCP servers reply sourced from udp/67 to udp/68. Block that traffic on the customer facing port.
/ip firewall filter add chain=forward out-interface=WAN protocol=udp dst-port=68
any example to isolate users on local area network using hotspot?Don't fight the caused problems.
Avoid the root of the cause.
DonÄt do weird firewalling
Instead apply proper user isolation.
VLANs, EoIP/VPLS Tunnels and Horizon Bridging/Private VLAN Edge(PVE) are your friends.
A proper Port/User Isolation only allows the clients to communicate with your Hotspot.
A communication between the clients is NOT possible. Thus meaning a fraud DHCP-Server won't affect the other users.
This way you also will be able to supress MAC-Spoofing, which a user can abuse the steal another user's Hotspot session.
There is absolutely no need to do weird firewalling at the users site.