Couple options I'd really like to see in winbox:

- Ability to "add" new rules while your in the firewall/nat rule boxes. So that you can add, instead of apply. By adding, it would add a second rule or third rule, etc. This way, if we want to add 100 rules, we don't have to keep closing the box and clicking on the + sign to add a new rule. This would save us a lot of time if we're adding lots of rules to limit a lot of ports in a similar fasion, but changing ports or other parameters (comments, etc), without having to close and add a new setting each time.

- Ability to "ADMIN LOCK" certain settings, especially under wireless or firewall settings. This way, we can lock down settings so that they can't be changed "accidently". Under an admin section in the menu, there could be a lock/unlock, that allows the admin to lock/unlock those settings (possibly by also adding another password, so other admin's can't break something important, but they can still change "unlocked" settings).

- Ability to LOCK interface configurations. This way, if we swap out an ethernet card with a new MAC address, or a radio with a new MAC address, we can lock those settings and restore those settings to the new radio or ethernet card. We've had issues where we removed the wireless-legacy package, then re-added the regular wireless package, only to find that ALL of our wireless settings were gone and had to be re-setup again. We've also swapped out an occational bad CM9 and it would be nice if all of the wireless, hotspot and firewall rules could be pointed quickly to the new device, without having to go into each and every sub-menu to re-configure those settings. I suspect SAFE mode might be like this, but I've not seen any documentation on SAFE mode, I only ran into it when I typed something wrong on the terminal.

- Ability to proxy winbox sessions through a remote mikrotik box. This way, if we have dozens of AP's on 10.x.x.x networks and want to access those MT boxes on private IP's, from the Internet, we can proxy through the core router (MT). Maybe just a simple proxy could be setup to pass connections through another winbox host on a different port? Maybe this could be done with firewall rules, but it might be nice to have it setup for dynamic proxy (so we use only one inbound port, but can access any winbox device on the inside of the network and even could do a scan of MT boxes through a winbox proxy).

Judd

to the firewall request, you can do this by clicking tools/copy and it will create a new rule window with the same features you already configed in the window you're working on, so if you wanted to add a lot of TCP rules you could do it more efficiently using that copy feature..

and for the proxy deal, just create a VPN to the private network and then you can manage every device on that subnet.

SAFE mode is used by hitting CTRL + X from a terminal (in winbox or not either way) and allows you to make changes remotely and if you somehow get disconnected or lose your connection to the router (when say editing input firewall rules) it will reverse those changes and set it back to the working condition so you're not locked out and climbing a tower the next morning.

Ability to LOCK/UNLOCK certain features access by selected Admin is necessary. So, master administrator could always disable others function beside those only needed.